From patchwork Wed Dec 7 17:16:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9464927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CDBFB6022E for ; Wed, 7 Dec 2016 17:13:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B758B28543 for ; Wed, 7 Dec 2016 17:13:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ABBB428545; Wed, 7 Dec 2016 17:13:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CB48F28543 for ; Wed, 7 Dec 2016 17:13:52 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,310,1477958400"; d="scan'208";a="1698095" IronPort-PHdr: =?us-ascii?q?9a23=3A178dbRQPYK4agW1vMrHECROrg9psv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa68ZxeFt8tkgFKBZ4jH8fUM07OQ6PG7HzFaqsrb+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG4oAnLtsQan4RuJ6kvxhDUvnZGZu?= =?us-ascii?q?NayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnD?= =?us-ascii?q?VhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0ji?= =?us-ascii?q?oMKjA28HvTisdtkqxVphyvrAF7z4LNfo2ZKP9yc6XAdt0YWGVBRN5cWSxfDI2h?= =?us-ascii?q?YYUBDO0PPf5aooXgqVYBogexCwayC+P00TJImn370Lcm3+k7DQ3KwgotFM8Ovn?= =?us-ascii?q?TOq9X1Mb8fX/2pzKbW1TXDb+1Z2THg44bVdxAuu/WMXbZufsvR1EIiEBjFgUiL?= =?us-ascii?q?qYH+IzOU1vgCs2ic7+Z6U+KvkHQopxt+ojio2Mchk4/EjZ8WxFDc7Sh13Yk4KN?= =?us-ascii?q?KiREN7fNKoCoVcui6EO4dsX88vRXxjtjwgxb0co5G7eTAHyJEgxxHCdfOKa5OI?= =?us-ascii?q?4hf/VOaJJjd4mW5ldKq/hxms9UigzfXxVtWu31ZQrypFj8LMumoR1x3T9seHSv?= =?us-ascii?q?x98l2n2TmTzADc9vtIIUU1larfM5Ihw7gwmYQPsUnbAyP7l0r7gLWWe0k54OSk?= =?us-ascii?q?9evqbqv8qpOBL4N0jxvxMqUqmsyxG+Q4NQ0OUnCA+eui0L3j/Ev5QKhFj/Evia?= =?us-ascii?q?bZt43aJcIHqaGnGA9YyZoj6hajADem19QUh38HLElfdx6dgIjpPE/OLOjiDfij?= =?us-ascii?q?m1SsjCtrx/feM7L6GZrBKXzDkLb6fbZh8E5Q0hEzws5D6J5OEbEOPvbzWk73tN?= =?us-ascii?q?zFAR40KBC7wub9CNVgzYMSQ2yODbWFMKPJtl+I4PgjI+6WZI8aoDz9MeQq5+by?= =?us-ascii?q?jX8lnl8QZbem3YMNZ3CiH/RmOF6UYWL2jdcbEGcKpRI+TOjwh1KeTzFffXGyX7?= =?us-ascii?q?gz5jsjEoKpEZ/DRpyxgLyGxCq7EIdWaXpACl+QEHfobJ6JW/IUaCKTO8NhiTIF?= =?us-ascii?q?VaO7R48mzxGuuxfwy6B7IerM5i0YqZXj2cB25+LJlhEy8iF0At+e026XTGF0mX?= =?us-ascii?q?4ISyUx3KBlrkx30k2D3rRgg/xECdxT4OtEXR0nOp7Gzux1FcryVxnbcdiVTVaq?= =?us-ascii?q?WNKmASs+Ttgp2d8Bf159G8m+jhDExyeqA6Eal7iPBJwz6a/c22XxJ9p6y3bDzq?= =?us-ascii?q?YtlV4mQtFANWe+nK5w6xDTB5LVk0Wej6uqbqoc3DTK9GeY0WqDp1pYUAh3UaTL?= =?us-ascii?q?WHAQfE3Woc7/5kzcU7+kEa4nPRdZyc6eNqtKbcXkjFtcS/fnJNTRfXixm3yrCB?= =?us-ascii?q?aW2LyMdpHle3gY3CnHD0gEiQ8T926cNQciHiehv37eDDt2GFLzfkzj7Oh+p2m/?= =?us-ascii?q?TkIv0w6KaEhh2Kav9R4OmfyQUfUT0awYuC05sTV7AE69387KC9qHvwdheqRcYd?= =?us-ascii?q?c54FhZzmLUrBZyMYK6L6BlnFIedB53v0z23RVtFopAidQqrG8tzAdqNK2Xyk9B?= =?us-ascii?q?eCmG0pD+NbzaMXX9/BC1ZK7MxlHRzsyW9r0J6Psmt1XppBupGVY683V7z9lV1G?= =?us-ascii?q?OR5ovLDAUOTZLxVVw3+wJmqLHaZSk94YzU2GZoMam1tD/NwcgpBOw/xhanZddf?= =?us-ascii?q?P7uOFBXuHM0CG8iuNOsqlkCtbhIFJ+BS6Lc4P9i4ePuC2a6rOvtgnT29gGRc+I?= =?us-ascii?q?B900SM9ytgRe7TxZoFxe+X3hefXTfmkFihqtz3mZxDZTwKBGq/zizkBIpPaa1o?= =?us-ascii?q?YYkLDmmvLtasxtVjm5HtQGRU9Fm5B1MJwMWpYwadb0Th3Q1M0kQauWSnljGlzz?= =?us-ascii?q?xwiT0mtLCT0zfJw+TmaBoHPWhLSXJnjVvwJ4i0iMwVUFKubwc3iBuv/Vz6yLRD?= =?us-ascii?q?pKRjM2nTRl9Ffy3yL217TKSwsKGPY9BR55MstSVYTv68bUqcSrHjvxsQyznjEH?= =?us-ascii?q?dGxDAnazGqvY30nx9kh2KbN3Z+t3nZdt92xRfE4tzTW+JR0iABRClihjndHkK8?= =?us-ascii?q?MMWx/dWIi5fDtfizV3ynVpJOaiTr04WAuza75WFwBx2wgeyzkMX9EQcmyS/7y8?= =?us-ascii?q?VqVSLQoRbkeIbryqC6PPl7cUlpGF/969N2Go9knYs2np0Q3mIahpqN93odjWjz?= =?us-ascii?q?Kclb2b75bHcVXz4E3sPa7RPq2E1mIXOF3YT5WWuBwsF5fdm1fnsW2j4h78BNEK?= =?us-ascii?q?qU9KZLnTZxolWmtQLee/59nisDxvs083ManvoJtxQ3ziWGGLwSBk5YPTH2lxuU?= =?us-ascii?q?8d++oqJXZHygcbeuzkZ+m86uDK2aqAFGRHn5YosiHTN37shnPlLDynvz6p3jeN?= =?us-ascii?q?nVdt8TuAObnArHj+hPMp0xjuAKhS1lOW3joXIl1/Q3jRt03ZG1pIKHMXli/Lql?= =?us-ascii?q?Ah5EMT34f8wT+jHxgqZEnseWx5yvHpJ6FzUNQpToUemoHy4IuvT/KQmCCjs8pW?= =?us-ascii?q?mHGbDHBw+Q9F9mr27TE5CsL3yXIWMWzdFmRBaDOExfnBobUy8hk54/CA+q2Nfh?= =?us-ascii?q?f1tj6TAJ+FH0sB1Mxfx0NxPnSGfQuB+oaisoSJiYNBdW9BtO5knPPcyb9O1zGy?= =?us-ascii?q?ZY/526oQOXNmObYh5EDWYTWkyLH1rjJKWh5cHc8+iEAeqzN/3OYa+UpuxGT/eF?= =?us-ascii?q?3pyv0op8/zaXKsWPMHhiD/sh1UpFQX95Gt7WmzEVRywQjSLNYNaRpA2g9S1vss?= =?us-ascii?q?C/7PPrVRr35YSRELRdL9Nv+xGqgaeELOOQhTh2JihG2Z8Wwn/I0rcf1kYIiy5y?= =?us-ascii?q?bzmtDagAtSnVQa3Nga9YEQQUayxpNMRS8aIxxRJNNtTYitPozL53lOQ5C1NYVV?= =?us-ascii?q?zngM6pf9UGI326NFPEBEeLM66KJTvVzMHream8U6FfjP1Itx2svjaWC1TjMS6d?= =?us-ascii?q?lzbzWBCgL/pMgTqAPBNEpoGyaBltBnb4TN78bB20LsN3hyUswbIonnPKKXIcMT?= =?us-ascii?q?9kfkxWr72Q4iRYgvNkFmNc8HVqNuiElDyf7+XCLZYWq/RrCDxul+1G+HQ616dV?= =?us-ascii?q?7CZcSfNvlyvdtMBurE+9n+mI0jpoThxOqjNRi4KKuUVtIqLZ95ZaVXbD5hIN4n?= =?us-ascii?q?2aCw4WqNt9Ft3vp6dQx8DTlKL0LTdO6cjU/cwdBsfKLsKIK2AhMR33Fz7XFwYK?= =?us-ascii?q?UTmrNWTDiENHi/GS6meZrp4kpZjwgJAOUKNUVEQpFvMGDURoBN8CIZdzXjw6ir?= =?us-ascii?q?ObickI5XSwrBbPWMVaopDHVvWXAfrxMjqZi6dLZwcQy7PiMYsTLpH721BlalRi?= =?us-ascii?q?nYTKHVbQUs5JoiJ/aw87vllN8GJ+T2Ao3ELlch2i4HkWFfGunx42jhBxYeMi9T?= =?us-ascii?q?v25Fc3PFXKrjMqkEYtgdXlnSyRcDnpIae2Q45ZES70ulMyMpP8WAZ1cRe9nUp/?= =?us-ascii?q?NDfHRrJdlb1gen53iAXEo5tABeZcTbFYYB8X3fyXfesn0U9CpSq9309I+evFBI?= =?us-ascii?q?B5mwsra56jsnVA2wx7bN4vO6PRJLBFzl5OiaKSpiWozPw+wBcCJ0YR92OfYDMH?= =?us-ascii?q?uEsONrkgOiWn4Ohs6Q2ZljRZZmcMTf0qruht9kMnNOSK1zjg3KJbKkCtK+yfKL?= =?us-ascii?q?uUtHXams6WQ1M/y1gImlJf8rhsy8cjdESVV1sxw7SNChQJL8vCKR1VbsZI8njc?= =?us-ascii?q?YzqOu/3XwZ1pJ4W9CvzoTeiWuaYamEKrAhsmH58W4cQHApms11rYINz9I7EZzB?= =?us-ascii?q?Uh/gPrJE+KDP5RYhKEjC8Ho92jzJ9wxYRdIjYdAX9jPiWx57fXoRQngPWFXNcr?= =?us-ascii?q?eHsaWZEENn0uUs2ghyFZp2hADCWw0u8B0wiN8Tv8piXWDDnhYNtuf+ubZRRpCN?= =?us-ascii?q?6q4zo/6LS2hUTR8prAO2HwLc5itcPX6eMGu5aHDOtZTbpns0bcgYZYQWCqU27U?= =?us-ascii?q?HN66IJjwc5UjYcbyCnmkTly1kyg1QNvpPNaxMqiIhhnlRZpVsIme2zAjKc+9Fz?= =?us-ascii?q?EFFhhtpuEC5LhzahYZb5o9fxHoqxw0N7ajLweAztWuX2GtJCNMQPlbzOW1e6JY?= =?us-ascii?q?wDIpbu66znsgSZc6wPOs/EEWRZEFlBfeye+tZ4lDSyTzHGJSexnXryoji2dhLv?= =?us-ascii?q?oywvs4wB7QqlYTLTaLefdzZ2NZodEzG0mSIW5sBWoiR16Ql43D4hSj37oK5StS?= =?us-ascii?q?g85U0fFZsHj5ppLfby+sWK2vqZXRrSUgaMMrrLBvPoP4I8uJrpXekibYTJnKvQ?= =?us-ascii?q?2PSDS6GOZCmthMPCJYR+FFmXsjOcwHpYVB6U0xVsMlJ7JXEaciu6qkZCZjAyMJ?= =?us-ascii?q?0SAZUIaA0yAYjeenx7vWjBGQf4o+MBYcqpVNnsMdUzJqYiMZvKKsS4fWmHWYRW?= =?us-ascii?q?UQPAgT6gBM5AYBloBuZODl/JTHQ4NMyzJMpPJ0SCTLHIFy91TnUmGWnUT4SPK5?= =?us-ascii?q?nuyzxw1S1vXs3cIAVR5jE0hS3fhWmVUsKLF2LakQsYrKsj6HdUP6oGLtxvGpJE?= =?us-ascii?q?NUycHOcV33EpbFv3LmUiIA4X0UWZNPyHbHGJUSiQV5c7wkpFBNIICgYUv+5iAk?= =?us-ascii?q?yJ5yH7akT8+n3VAlomgaRy2yCdpOF/lmsE7LWD1ie52qpo/pNIlSQm9R/Z2dqk?= =?us-ascii?q?1WkEZ2Pi6415VTNd9C7iQLXDhVrjWXpMGyR9Fb2c9qE58MJc9ytG3nGKNZPpid?= =?us-ascii?q?uX42t6fuyn/Y+jA8rEy1yC+1G6CmU+JT53ceFRkxJ2SCtkkvCPMh8mjI8l/XtF?= =?us-ascii?q?B04/xWBrmIjUR/pjZ9ApBOCShI1XCjM1R8UmNGv/9cKKvLb8xWW+MyagO3Oxwi?= =?us-ascii?q?Cf4m2FSE/V1znXf8eCFyqhdW+yXGUAUuUykanKvtkyUEqs67IT8aV45IbTI5Yi?= =?us-ascii?q?fFMQ2bgzpYvBJCZExxRp8WHM5F+6kF0otQ4MXCU1ygKSYfXBxtLgg4y+ZQlVZf?= =?us-ascii?q?sEWEfiDQFQiodfHRvRBsYMiestWpI+rj/AdblIzorfo096MdSH26gQetW8zRr5?= =?us-ascii?q?fgtt2WsUuDbLz3M+OgbnPdTjXAkB69iKw4AJnN+ijcLBBUK4JmyXY+Z5juF3LL?= =?us-ascii?q?NwxcJ60HP0pbSbx6adJer+BAecBrZaYJ9rVxBh+cQhPvH5Kvo+dYIlnPQjTRMj?= =?us-ascii?q?uO/va5oY3N8bzXUfLgadCUx3bbX6J3OY936SHgG7f2y4BR51b21+x29kN9VFjG?= =?us-ascii?q?KTyOo8rnJgMX/smtbE/isocuHTPMD5d6iGDtyV1Yd8oLXy2q94wVyI9D6HnuV+?= =?us-ascii?q?13z1P+sPBW97l484k4+a5pycazJafWN/tarVVrAh+OBgVl7p8tGnRwR3hNYu8N?= =?us-ascii?q?L/fcZbkWjcb0pO3sCqMX7gea9/ZeadvdKEHLgtO/BS2ESRxYgAcBriYXLgmG2P?= =?us-ascii?q?6fnK90UsKlqvLn2k825li+MxoGzKxs5YiY+6qHvunXbwDLwbgDQKjqSdv5rq4w?= =?us-ascii?q?tEOK+f0kiLkOd3R3YwK9FugdWNQdxmD9wq801i8sD9nMH7T7+P5ETX45mCzvm4?= =?us-ascii?q?xlFVUMBvwUBaaL/ZhZnmognezZMsYbcqFEmmaKDxKkE7kCyXCx6ySNO2llngvO?= =?us-ascii?q?0wzsTmOv8V/2tzF3TTHLz9f5nUpfTqO3CltKXyq1JU94tyuCPAzptNXrvqQ16F?= =?us-ascii?q?s5Mnf+uNKMk2uhP6hXH9bkKdyZLiQ1q0gbjJorRtygwYobA8ayIM8N8HFiafvT?= =?us-ascii?q?83+knDVFo6hZnIre/sGU+vLMEHm7k6KaqquCxDZEyng5p14z8NagOe/S59eSWf?= =?us-ascii?q?Sny34RTztjuwvGRxO1rqfbr1UUNEGQ3kfEhpEFPtZD3XYizkHm/u8jQNAt+wpC?= =?us-ascii?q?CobMffQCpSr8ODHs21aQf8o3VjWC0ztQBl/1FF14F7Y52GL3os3JkWzd+1I2SY?= =?us-ascii?q?l3bEznnQZ4D5k5KU037FgXwywDERQTZhCfCLGoBEvlIpUCVUcfdxuLxr66dbkr?= =?us-ascii?q?3Udr2LOg+PfTbfBgB6oKLvtdjA+OnF1AF5ITr6IfQKxze0Vc9K7RqQjuEY7nUO?= =?us-ascii?q?b6lXAoL/26Xtha8dwFt3sl+gu/Rhuh5o1Z4LkHk52IbbBLYYTSs89g9Utn4iQP?= =?us-ascii?q?diNVihhlkxy5SfwcpPzk4tXDq5Wo6/2uVag3SOUV9hg0G3x+gIHtgFAnutzYy+?= =?us-ascii?q?BcRZDLhovl7QBNOXmKuJzA3BVmLuoOMY2rdq5693obPygeO24OPd2OZvkk+SBt?= =?us-ascii?q?LCnc51xMA8MLf9MYP9PBmRtKhU3tWbFT8NfbG1CDBodrbc8o83b4yDA78Js7SO?= =?us-ascii?q?bg6yW6JZPB4FFXOfNMkiFsmMjFpOgPzvrYEDIX7mWBaxhp3iOCzIGAC+rq/eqS?= =?us-ascii?q?zNHbTVUGETAtXohAJTqC9g2nRvavm5XySAyU8NLzjIg4dE2OWny7hL4FvbpUEe?= =?us-ascii?q?5cliX72SBTFo/viPKPrdWs9GtXu0ZDEIZy8R3KBqVfMY9mORTjjMWrQFZzBjfn?= =?us-ascii?q?csHOahUuoPaWxvsL4+hmOEvxe4kbIg4Dy7L97nZVVRVhSLr3vlafQOIQa8BrSP?= =?us-ascii?q?faoXBP6YNvMbUDPF6Dq5z2tj1Iskw5ABc1aL8sqTxXbkzOnApTW6bot74PlBAR?= =?us-ascii?q?Udt4uUBWH2K/Jn4+5jTAVaRPj6mRE+YZ8jONQawSS09oKD9xQwup2JVyfLukhf?= =?us-ascii?q?9HvX9dniNmufQkzjNoSh29uS3quqIM1ikt+L69tDobv3xKUP+SkyDSCVVM1P4K?= =?us-ascii?q?l7sTC27+6VygZ3kOdIny4L5nJcTm74Uu/3Q/YRE+fyIbXOWgCifwj7iLAoyOq9?= =?us-ascii?q?9cmh+NuNvUYr+3MCcSN64xyRT9SHhhygLehgpn8HMXQjW8698pPIS9Odg/ySqu?= =?us-ascii?q?AmXbcEsM7b5IsMv2rl4HVuw2aUluwG97yMiIWjUNRNDTG2YylgUka3tLcJxN6R?= =?us-ascii?q?8eDKQpjCyHvq9Y8QEIejvUFJqq+pXIl8fSxXY9Vctqxn7RpqCdiZMq1Hplmt1q?= =?us-ascii?q?4S6KvHQfbPfYU8hqAnjyyohT0+r+aOuxsuofUotp1KyhUOMeMsmk4Wa22pVqW0?= =?us-ascii?q?+9xrQZG1q5MfMDyanAXiegSG2YRf6LfHaWkzY+KE7y6gGiLkcrZ8dSs089LuzC?= =?us-ascii?q?i4ZTlw38ULN7WyKQqETHzGw5L+wacR42t52jewMQSu4ee+mcKvI0zP04FlQMc2?= =?us-ascii?q?fDHTFqBO+urV6tgI97Nm184UX7ZOTg6RzmMNqOFRkHD4HaqoR9+fqkSWKdIXVg?= =?us-ascii?q?1gF9PFFo9+fDEFQ8rupcc5eSndjTgNR2yuwFeO1uMS06vN4chIRj5ZOS0MiUbR?= =?us-ascii?q?Hb1ozyKs3NoviEH/3fyFwndXpEXboffQP4/J46Pto+W73PAbtZowoTCrUgTJwm?= =?us-ascii?q?LWfx+7l+LBlvfQ7JeLS0ns7qq/qTZptTo3/Z9EgwLSnbux0HxPy5Vgl7b5eth3?= =?us-ascii?q?XpPp8/WihBr9p2Cht9HYtPHcwAoxCgA56Ol6Gxk8Wx9F9iu+8WrarwDejH1Nqn?= =?us-ascii?q?0IV1Xpha/VKEMS3QBalqh0Rli/q9gu3E0pbvE8/ifskEVOdjSG7fdrDGBpm/Ki?= =?us-ascii?q?6JOs/ke05G776c0LV8UhqLfyD0RK+GtCy4NPV+/0o30It4fPDczDY19bHUxMPy?= =?us-ascii?q?Z31HpiektXOIOoNf7EbLBePCQR1ZUv+F8Gd5Ha0Nc4T47uAOMcYtwNKE+Ql88C?= =?us-ascii?q?xC0NeZI6imtkLM3UZ7eozAIUvx3yY2Q5IKIAi+MUQwnW/ZsGrSDmpGIsiiN8Zt?= =?us-ascii?q?nM6fDgbx6ElphWEtemlBF3LsRdeQP2gbxs2/aBSO9AJKFNYDg/W3dFU5tqKoT+?= =?us-ascii?q?loPY9JmeKwtLUIidxpMT3ARNBGPyHMK797JiFRAfvLpFgpZB4Errc0VoA6a5iS?= =?us-ascii?q?IEMILl2Axj3qzQTYykD0dMKj1LyPICkI9nVI1K/F0TdWqwm+o/aZjdXpUKrFY5?= =?us-ascii?q?HuQP7SLC0lWymeRTQzCkap5UypuvsdvPqeO2gTuFYUbTyOCAQLvKBgscDQDnPP?= =?us-ascii?q?me1kZJAKgeqVVDzwSC15kqoyAT1GtV6NQ/oFCwbWa37hgGxBuA2tPPNM+mjlb7?= =?us-ascii?q?KAzKpPR+MWGpdMcuGeQ9bAe/BRPTQoljICN+unYt3cqao50lLPTWsEHKnI9EGe?= =?us-ascii?q?QFSQQvOC2zLhRZ8VsJQsuio05tLQmTd6E6vSMLmEvT6u85C3jCKDtO3AUmkieV?= =?us-ascii?q?c1gOMfAGWbxhlPNn0EAckPuE7xWq6Ae1pM1HUxhOJs3h8Mfx5zUmdv0n1Nh/u9?= =?us-ascii?q?HNdWSVsKg2OvWvEGa0p3DDwo90+Q/gLyecAAudzUR2JG7bsMR48dI+Up5YTUI6?= =?us-ascii?q?YQ3ugm3ChnoC07tCWdCUlRjgSb/KrMBKh83KFN5XEk//FqWUGCWzHfcm/Byoqi?= =?us-ascii?q?EM9PwDlhrm3q18rTpOBiKKVVq5t/AFgUHSIlbuzaqCtMVWDyxRuaowewHDPYJi?= =?us-ascii?q?kQpjkMO38rbOFwmtRnvQ7Ie9CJ0kaZs6YsuQP/EgqQIqal05xMTMfy3EO3bjcd?= =?us-ascii?q?ImbjLIx/tvsYzIVaWqggf4XrRgqZIw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2FiBwA9QkhY/wHyM5BeHAEBBAEBCgEBFwEBBAEBCgEBgw4?= =?us-ascii?q?BAQEBAR+BUBC7VSeHf1MBAQEBAQEBAQIBAl8oQg4BgWIagiMCJBMUIAsDAwkCF?= =?us-ascii?q?ykICAMBLRUfCwUYBIhOqkI9KgKLFSWPMxEBaIIAC4MKBY5/fYpqkRgCgXGINgy?= =?us-ascii?q?GCAKSEVZhFwIRDiODbYFjVIQZgn+CLgEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 07 Dec 2016 17:13:51 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uB7HD6Ye032394; Wed, 7 Dec 2016 12:13:20 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uB7HD5q8000994 for ; Wed, 7 Dec 2016 12:13:05 -0500 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uB7HD3iW032387; Wed, 7 Dec 2016 12:13:03 -0500 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [RFC][PATCH] selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces Date: Wed, 7 Dec 2016 12:16:07 -0500 Message-Id: <1481130967-24760-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: seth.forshee@canonical.com, Stephen Smalley MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP commit aad82892af261b9903cc11c55be3ecf5f0b0b4f8 ("selinux: Add support for unprivileged mounts from user namespaces") prohibited any use of context mount options within non-init user namespaces. However, this breaks use of context mount options for tmpfs mounts within user namespaces, which are being used by Docker/runc. There is no reason to block such usage for tmpfs, ramfs or devpts. Exempt these filesystem types from this restriction. Before: sh$ userns_child_exec -p -m -U -M '0 1000 1' -G '0 1000 1' bash sh# mount -t tmpfs -o context=system_u:object_r:user_tmp_t:s0:c13 none /tmp mount: tmpfs is write-protected, mounting read-only mount: cannot mount tmpfs read-only After: sh$ userns_child_exec -p -m -U -M '0 1000 1' -G '0 1000 1' bash sh# mount -t tmpfs -o context=system_u:object_r:user_tmp_t:s0:c13 none /tmp sh# ls -Zd /tmp unconfined_u:object_r:user_tmp_t:s0 /tmp Note that this still isn't quite right, and I do not know why yet - the category (:c13) was dropped. This works correctly in the init namespace, and strace of mount shows that it is passing the context correctly to the kernel and returning 0. Signed-off-by: Stephen Smalley --- security/selinux/hooks.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 98a2e92..ef882a3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -839,8 +839,12 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (sb->s_user_ns != &init_user_ns) { if (context_sid || fscontext_sid || rootcontext_sid || defcontext_sid) { - rc = -EACCES; - goto out; + if (strcmp(sb->s_type->name, "tmpfs") && + strcmp(sb->s_type->name, "ramfs") && + strcmp(sb->s_type->name, "devpts")) { + rc = -EACCES; + goto out; + } } if (sbsec->behavior == SECURITY_FS_USE_XATTR) { sbsec->behavior = SECURITY_FS_USE_MNTPOINT;