From patchwork Sun Dec 11 17:30:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Kralevich X-Patchwork-Id: 9469827 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 70AAE60476 for ; Sun, 11 Dec 2016 17:31:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 50E1C27FB7 for ; Sun, 11 Dec 2016 17:31:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 34647281D2; Sun, 11 Dec 2016 17:31:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7816B27FB7 for ; Sun, 11 Dec 2016 17:31:44 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,332,1477958400"; d="scan'208";a="1475418" IronPort-PHdr: =?us-ascii?q?9a23=3A033ZrhHJrOn69fB67BgsY51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ79pMm8bnLW6fgltlLVR4KTs6sC0LuN9f64EjBRqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLd8IRmsrAjdqsYajIRmJ60s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlS?= =?us-ascii?q?kINyQ98GrKlMJ+iqxVqw+lqxBm3oLYfISZOfxjda3fYNwaX3JMUMZPWSJcDI2y?= =?us-ascii?q?bIwBD/IDMOpFoYTyqEcBoxSgCgm3H+7v1j1Fi2Xq0aAgz+gtDwfL1xEgEdIUt3?= =?us-ascii?q?TUqc34Or8TUe+pz6nD0DDNb+lM1jf59ofIbBEhru2MXbltdsfRz08vFwDeg1Wf?= =?us-ascii?q?rozlODyV1uATvGSB8+VgUuevhnchpgpsoTav3t8hhpTGi48a0FzJ9Th1zJwrKd?= =?us-ascii?q?C3VkJ3e8OoHINNuy2GK4d6WMcvTmJytCon17EKp4S3cSsFxZkh2hXRceaIc5KS?= =?us-ascii?q?7RLmTOuRJDB4i297d7+nnBay9FSgyvX7VsmpzFZGtipFncfItnAKzxHT9tKISu?= =?us-ascii?q?F8/ke8wjaDzRzT6+FYLkA0kqrXMZghzaIrlpUPq0jDGy72mEHugK+XcEUr5PSo?= =?us-ascii?q?5vz6brjpqZKQLY95hhzkPqgwlcGzH/40PhUWU2ie4+u81bnj/UPjQLVNi/07ir?= =?us-ascii?q?LZv47eJcQaoK65HgBU3p845Ba4Ejem1sgXkmccLF9eZBKGj5TmO1HJIPziC/e/?= =?us-ascii?q?mE6jnC1kx/DBIL3tGo/NIWTbkLf9YbZ97FZRyQoyzNBY4ZJZEbQBIPbqVk/wst?= =?us-ascii?q?zUFBk5PBauw+bkCdV9yJ0RVXiJAqCHLKPYqUWI6f43I+mQeI8Vvy7wJOM+6PLp?= =?us-ascii?q?iX85mEQdfbWy3ZcNc3C3AOhpL1+CYXXyhtcBEGEKvhcxTeHxlFKDUSRTZ2upX6?= =?us-ascii?q?4m6DA0Ep6mDZzERoCrmrCB2z27HpJObGBcFl+MCWvod5mDW/oUdi2SOtVukiYF?= =?us-ascii?q?Vbi6UIIhzQuhtBX7y7p8NurU/jcXuo7929Rv4O3Tjx4y/yRuD8uBy2GNU310nm?= =?us-ascii?q?QQSj443aB/pUl9xUmZ0aVjjfxXC8Fc5/RTUgggLZ7c1et6C9LsVQ3dYteFUlGm?= =?us-ascii?q?Qs+pATspVNI+38cOY1phG9Wllh3D0TCqDKUTl7OXBZw06bnR333pJ8Z80nrGz6?= =?us-ascii?q?cgj0I8TstIL22mibZ19xLPCI7Rj0WZi6GqeLwf3CHX92eDyneOsVpbUAFqUqXF?= =?us-ascii?q?Wm0falHRrdTj6UPIV6WuBqg/Mgtd1c6CLbNHZcf0glVcRffsJs7ebnmrlGisAB?= =?us-ascii?q?aE3LSMbJDle28FxiXSFFAEkxwP/XaBLQUxGj2uo2bAAzx1CVLuY0Ts/PJlqHyn?= =?us-ascii?q?T0870QeKb1Fg17Wv4BIVg+KTS+8L1LIepCghsyl0HEq639/OC9qPuQ5hfKFbYd?= =?us-ascii?q?4m5FdHyH7Ztwt4PpO6NaxigUQecwtvtUP0yxp3EplAkdQtrH4y1wpyJ7iY0FRa?= =?us-ascii?q?dzOExp3wIbvXKm78/RCqcaHW3EvS0NCI9acT8P44sUnsvBm1Fko+9HVqy9dU3G?= =?us-ascii?q?GY5pXWEgUSS4nxX10p9xdkvbHVeTQ954bO2X1rK6m0vSfI28g1C+s91hagY9Bf?= =?us-ascii?q?PbuYFADvDsIaBtKhKOgxlle1aRIEOfxd+7QvP8O6bfeG3rCkPPp4ljK8kWtH+J?= =?us-ascii?q?x90l6L9ydkTO7I3pIFw/WG0QucTDrzlkmustrwmYxeYjESBGW/wzD+BIFNfq1y?= =?us-ascii?q?YZoLCWC2LsKq3Np+m4TiVGBW9F+sHF4JxM+pdgCIb1zhwwJQz14boXq5liuk1z?= =?us-ascii?q?Z0iS0mrrKD3CzSxOTvbAQHOm9XS2l+ilfsO5K4gMwaXEivaQgpmwCo5UL7x6hd?= =?us-ascii?q?vqt/NW7TTV1PfyjsIGFoSrGwuaaaY85T9JMotj1aUOC9YVCBVr7xugAa3D3nH2?= =?us-ascii?q?tfwjA7aj6rt47inxxiiWKdKndzo2bCec1qwxfQ+sDcT+ZL3jUaXCl4lSXXBl+k?= =?us-ascii?q?Mtmz+tWUk5PDvf6kV229UZ1SfzLmzZidtCSn/m1mGxq/n+q8mtf/Cwg1zTf718?= =?us-ascii?q?V2VSXPtBv8epPk17m+Me59ZEZkHkTz681+GoFilYswgood2X0GipWT+noIjX3/?= =?us-ascii?q?MdNF1qLidHANXyIEw8bJ4Aj5301uNneJx4bgWnqDxMtsfMe6bX0S2iI58c9KEr?= =?us-ascii?q?2Y7LpakitpulC4tx7eYeBhnjcBzvsj8H0ajP8PuAo21SidAa4dHU9DPSzqiRuI?= =?us-ascii?q?88qyrKJNZGagabKwzlZxnci9DLGepQFRQG75dY0/HS908Mp/KEjD0Hvv6o76Yt?= =?us-ascii?q?ndds8TtgaKnBfalOhZMokxlv0XhSp9JW3yo3Mly+khjRxhw562po6HJHtx/Kih?= =?us-ascii?q?GB5XKiX1Z98P+jHqlategMCW0J20E5V/HDUEQZvoQeiuED0MqfTtLxyOHyEkqn?= =?us-ascii?q?eHBbrfGheS6F98oHLSF5CmLG2YJHgFzdRiXRWdKlZQgAYOUDU9hJ45GRigxNb9?= =?us-ascii?q?f0dh+jAR+ln4pwNPyuNoMxnwTHzSpAKvajc6RpiQMgZW7h1C50fSNMyR8Ph/Hy?= =?us-ascii?q?dG8Z29tAaNMHCUZxxUDWEVXUyJH17jMaOo5dnc9OiYA/GzL/XQbrqTruxeTe2H?= =?us-ascii?q?xYq10oth/TaDKNmAPmV4A/08wEpDUmhzG97FlDUXVywXiyXNYtaUpBe85iJ3tM?= =?us-ascii?q?C+8Oz3WALo/oaPDaVdMcl0+x+qm6iDL/CfiDx/KTlGypMG3WXIx6QH3F4OlyFu?= =?us-ascii?q?cCGgHqkGtSHXV6/fh6lXAAQBZyN0LstI4Lo23hNRNs7DltP1yrl4g+YvC1tfW1?= =?us-ascii?q?3tgMSpatYOI2G6NFLKH1yEO6iDJTHRxMH3e6y8Q6VKjOpIrx2wpSqbE0j7MzSF?= =?us-ascii?q?jTnmTQivMflXgSGVPRxeopq9cgpjCWjiStLpcBu7P8N2jTIsxb04nHTKNXQTMT?= =?us-ascii?q?JkaUNCsqWQ7T9EgvV4A2FO82FlIveelCaW9enXMIgWvOBwAitulOJa/W46xKFP?= =?us-ascii?q?4CFAWfx1njHdrsR3r1G6lemPyTpmUB1UpjZNmo2LoV1oOb/F+ZlYRXbE4BUN4H?= =?us-ascii?q?2LBBQLqNtlDdvvtrtNxdfRj63zKS1N89TO8csbHcjUJ9qNMGA9PhrxBD7UEAwF?= =?us-ascii?q?QCaxOmHQnUNdju+d+2aSrpgitJfsnp8ORaVaVFwxDfwaDUtkEMYFIJdtUTMuia?= =?us-ascii?q?Sbg9IQ5XqisBnRQ91XvozAVvKXG/nvMjGZjLhaaBsO2rz4N4MTOZP420F5dlZ6?= =?us-ascii?q?m4HKFFbKUtBWvi1tdAk0r1tR8HJmVG08x1rlah+x4H8UDfO0ngI2igt5YeQo7j?= =?us-ascii?q?js+Ew6Jl/LpCssikk+h8/pgTeLcD7+NK2wR51ZCzLot0gtNZP2WwB1YhOokkxg?= =?us-ascii?q?LzrERLVRj6B8dW9xjg/cophPGf9GQa1CfhAQ2emdZ+803lREtiWn2UhH6PPfCZ?= =?us-ascii?q?R8jwslb4Sjr2hc1AJjd9M6Pq3QJLBUwVhXiKKOpjWo2f4xwQMEIUYC7n+ScjYS?= =?us-ascii?q?uEMULrkmOzao/ut05AOfgTRDZmkMWOcxov9x7Ew9If6AzyXu0r5YNE++K/GfL7?= =?us-ascii?q?mYu2jclc+EWFUw2V0Ul0Nd57h5zd8jc1aIV0Ao1LaRGQ4JOtTfJgFOdcVS8mTT?= =?us-ascii?q?fSGVsejW2516I4C9GvrvTe+Uu6YemlikExoxH4QQ8sQBGYGh0EXfLcf9MrEFzx?= =?us-ascii?q?Qs5APwKVWKCvRJZQiHkDAdo8Gw1JV3x5VSJikBAWVhNiW6/q3XqREugPqCWtc2?= =?us-ascii?q?f3gbU5AYOXIxXc21hzRWv29cDDWt1OIW1hSC5SfmpivMFDn8c8ZjZPCMaBxxFN?= =?us-ascii?q?62/DI/866qiVLK6ZjeOX/1Nc5jut7O7uMaoYyLC/VKQrlhq03cgZVXR2S2U27T?= =?us-ascii?q?Ft64P5vwa5MsbNPuDHa6Tly/hik6T8f2JNaiMrKEgQf2SoZIqIObxiwsNdehFj?= =?us-ascii?q?ECHBd9v/0D5KN5ZQ0Ef5o7YR7puh8jOKy+IAaXyM6hT3yrKTRIU/lV1f+6aKBP?= =?us-ascii?q?zyowcu+6z2MtTp4gz+at904NWIoHjhDZxfetYYleTSjzFWJcewXJuSo2iXJhOv?= =?us-ascii?q?w0wugh3BPCqUMcPCyTdOx1dGxEuMkxCkmWIXV3FmU3WUeTjY/D4w6q2LAS+TFS?= =?us-ascii?q?ks1P3u1Eqnf+uIbTYDyxWKCxr5XarTYgZ8A8o6JtKYzjPteGtJTGkzPEUpbQtB?= =?us-ascii?q?aIXzSnGPpEhNdQOjlYT+NSmWAlI8AGvpBB6UUpXMckO7NPELUspqytaTd8Fy4S?= =?us-ascii?q?yy4ZWJ+A3DwFhue8wKPUmA6Nfpo4LBEKt45PjccaUy5zfiwRvrSjV5nMm2+CVG?= =?us-ascii?q?cLPB8Z7R5Q6wIYio9wYufl7ZLUQ59O0TFZv+l5XTfMFpls81v7S3+ZgULkSPq/?= =?us-ascii?q?j+Op3RhezPX20tkUQBR/E1RSx/5Klks0L7F6M7MQsZTQsj+Pbkz3p37tyPG8K1?= =?us-ascii?q?lP18LUc1z4DIzKtWr4Uy0c9n0URZNByH7FD5QSlhB1aKA1q1VQOIqmYFrx5yQ4?= =?us-ascii?q?x4R1GLm1TcCqyEw+rXkcQieqEtxBBvpnsFLLQjJleIykp4//N5VUXGBQ5IWXq0?= =?us-ascii?q?1Fn0V1Ly651Z1cJtlD4zIWQDdPoTSdvN6zSMJZ2s97FJ4MLclhtHjjAq9EP4KR?= =?us-ascii?q?o3IusLz11nDZ4yw8sEu9xDirA6+4SOZZ8HcEGgQnIGSerkcvAvAp8mfV9VDNqU?= =?us-ascii?q?578PtBBriIlkVxuzd9HpZBBjpT0nClNVtzRmFcs+pGMKTVb9BcQ/4qaBC1IRw+?= =?us-ascii?q?CPgm01aK/UxvnHf5Yi1ythdB9CzHWQk7SzUViK/3mTICssGnJSMaS5VQYDU9aC?= =?us-ascii?q?fFLhmWmTxLsBZacE5mQZYZDchZ+7sDx4tb4tLCSVqwKSECRBFiNhg30eBFmk5H?= =?us-ascii?q?rUqVYj3SAhSwdfbXrBJ3edmerNSzIPT+5gdHhZvtsPok+KUbW32mhQqtTMjcr4?= =?us-ascii?q?/7qNKHrVaBe7njM+Kie3/BUCbDgg2qibciEZbK4zDZMBBHJJli1XokfZ/hBHbQ?= =?us-ascii?q?MhRIO60XO0hWWb10ZNhdvu9aYMpkd7oT9q92GhKLXBXvF5KzrPNeNFbcWSzeLz?= =?us-ascii?q?md8uy4uY/T96LSRvXgZsOW23bKWKZ3PpBk6TblBbvlzYhe9Vfo1ft38EN1V0TG?= =?us-ascii?q?OTibrNv9PgML+NWidkz6s50xBjPWHI1/n2fxxkxbbMoXRDCq8I4Ex5xH7nbwVf?= =?us-ascii?q?h43VL3sOFI8Llk84Y36ahzycioPafSNehasUh/DxiIHAVl6IsiD3VkSmBMZu8R?= =?us-ascii?q?NO3Rcr4HjcDvrOD3E7IY6AGP9+xec9vHKFnLmtOjBTGEVRxEgAABpCYfLgSG0/?= =?us-ascii?q?6Fn7F7Sdq5pefjwE0g+F6+IQAazLB2+YiL4LKIq/HNYxvX07cERrDgRtnvobQ0?= =?us-ascii?q?p0OS+fokmaYMemNveQ2nF/MdVsoHyWf+1q0qyD8sE8ffH7Lh5PFDVmg2njT7m5?= =?us-ascii?q?xnGFUWAPwUF6KR/YtChmc4h/DZNtoOf6BAgGmPExCkEqUFyXG29SSaO3VljQvI?= =?us-ascii?q?0xHrRmO/9ln2ojFkQSHU1dfsjlJVVqWrBUdVRyepNlJ4sDKLPArsqtX3vL8441?= =?us-ascii?q?woPWP/tdKCjm2hNKlQH83lK9yWOTM0q04PjJ0tWtyv3pgWGdy5INoK8XF+aP7e?= =?us-ascii?q?53mqky9HradHnZDR4tqJ+vXNAHmvk7Gaq6iXxD9G0HQ4uks/6t+4PPHU+9KKW+?= =?us-ascii?q?io13oWTypnvgvBWBi1qqDUr18KIkGL1UbLl5YMPt5HwXk52Ebm5PIgQNIo7gle?= =?us-ascii?q?EJjPZ+8arzDpJDT02UqfY84wViSGyTtYA0/6HEJ3GKg512P8psTJmmnM+1cwXI?= =?us-ascii?q?l/a1TnhQBrD4U/MU8t7EMXwi8DHAUWZxCUEqynBUP/LYQeTUgDcxOH3Lqkdagr?= =?us-ascii?q?wU1/2LSv5PXcbeZkHaoCKu5djhKSnFhcAp8WtKkeT6x5e19a6qHXohPvC4f5UP?= =?us-ascii?q?jhjnowLee6Qtxb8c8Ds3si4wC/Rwa+5pdH67YbiZ+IebBCYZfQos9w9UFn6iAT?= =?us-ascii?q?diZVmhhwkwu5UfwApODk+tXbq4Cn6vi0W6YiWeoX7AM5B39kgJvuml8jrs/Y1/?= =?us-ascii?q?xGRo3Tl4v/7BhHI2SWt4bCzxl8Ne0OJpqpfLZh8nUKPC0eKGwOPNWIcfk84ilt?= =?us-ascii?q?MDrJ61xEHMwMecsSPNDRlgBMlk3pRLZT+9LaGl6ZEYh8bdwn4nHsyD8r7ZszTP?= =?us-ascii?q?rv5CWxJZDF4FFHJ+lDgzl0lNLeuOgVxuLfBzMW4XmCZRl62CGCy5iRC/bo5+qM?= =?us-ascii?q?1dXUWkgaES4xTohSOiCN+RG9RuqyjpXmSBmY6sjpgJIxbEiQXGC+nLwZsqZQFu?= =?us-ascii?q?5Nkj370SJCFo/ph/KUvd2s6HFUtlFeC4Z88xnFGKRZPpVmNhX1jdGrSVJgBiTj?= =?us-ascii?q?eMHVeB0uuPCVxusW4OVxKVH+ZYkFLRIA0b767mBVTgR2Qr7solmZRf4RZMdhSP?= =?us-ascii?q?7csnBV85xvK6sVM1ibupPntSpHqFE5AA8odL8/tCdaeVPUnA1IQar0vqAPihcE?= =?us-ascii?q?W95jpUBMAX6wOH455zffWqRalrORB+IJ8jWTVaEOV0RoMj9gTBO1wppuZqCpke?= =?us-ascii?q?pBsmxYgiN3uOIq3CB+RBugpS3soLoA2T0+97G+qDUBvntFQuKFkyjWDVVDzfIK?= =?us-ascii?q?jboTCnv57VyzfmMDbYvo77V9I8Tv65Uh6WwlYRo/Zy0GQfigCybogqOOA4yArN?= =?us-ascii?q?VchBqXt8XVd7OzLC8SNrMmyRL4XHV91wfTnRly/GsMWDWg48cuJJ+hNsY92iqo?= =?us-ascii?q?BW/beU4D4qxVq8vxrkcHQvY5Z11nwWVj1NWHRyIWSczAHmY6lA4kZntefJJE8x?= =?us-ascii?q?8aGLEigiyUsale4gEUfDDUH5yn+onXncfI32MxQstqxmLSu62Km5Ir0Hxjm9Nv?= =?us-ascii?q?7S6OuW8fd/LZU89yGHfz0ppQye3ka/WrrO8HVJNsyK69X/8aLsmj5Wy21Y1rWk?= =?us-ascii?q?+73LseGUG0MOsexrjGUielTnaYVf6Mc2iWkDYzKlTy6gWwLl0rdMdKqFcwMunc?= =?us-ascii?q?iZ5SmQ3hVah5RyuKql/d0mMjLfkWdwQot4e7YwYKVvIeZ/CAJegyx/0zEFQMb3?= =?us-ascii?q?vOHSp4FeC2tVqtkZNgO3Vn50X6YPji/hrgMNSMBhkOCZTaoYJp+fymWmKBPmdt?= =?us-ascii?q?zB9yPEh07+ffEFAxtu5Ac5mPhtXQgtV70fIfd/hzKyE9vcQTmo1744mOzMiKaQ?= =?us-ascii?q?3Rzor1JdzNrfiYHvzfwFktemxBTroZex3654MmPtEjX73cB71ZsggdBacgWpAh?= =?us-ascii?q?MXn+9L1sJgNpbgHRfKi0gtXtpu+TeptUpnrW40ksLCfdpxIDyeK7TQhhY5CsmX?= =?us-ascii?q?ryPIg6RihdoN11FhtmAIxPFtsFrwqmAJ6Um6a7hsSz+0xguO8KtqzwBe7M1Nij?= =?us-ascii?q?2YV+QYRa71SRPDnNHKlrnlhljuOqj/jbzJbxD9/idMgfVOh/RW7FdqPGHpuhJT?= =?us-ascii?q?2TIM78fFRG87GE2rJjThqRfDz5X7aBtCC8OvVr/0E7yo1gfOXN1zEs7rDb2N73?= =?us-ascii?q?Z25FvCejqWCGOIFY7FzQCuzURwhURuad8GZ5Aa0XapP59ekWMdw4wdiT/xd84S?= =?us-ascii?q?9H0MuEP6ihtFHD1lh8dZLBI0vjwzw5VpUSIBSjLUsshnfUqnPZAXtCNcWkMc1t?= =?us-ascii?q?j8yODhzx5kl+hX0tZnRfFWX2X9uRP3YU296mbg2Q6A1LF8oDn/KweUMgsq2ySO?= =?us-ascii?q?9oOohKmOmzsLUHkM1pKz3URMVBPiHfNrl2Pj1LAuXIvlgobQYOs6IpVYcteZiO?= =?us-ascii?q?PEQHPV+bySzsyQvC0Ev0d8Gj1aqOLygW7nVHwKzf0TdSvwm2o+2Ugs79X7DDap?= =?us-ascii?q?H5QvrSPzE4VjGVXzgyFlyp+Vi8sfoeoPWYOXsfokwTYi+KDA4Tp7tvrcTLA27S?= =?us-ascii?q?gO1jeocFiOqcWy/uVC1yjLAyCTpTtUCQX/oDEhHbb3r7j2VAuAyiJ/lM/XX+Yr?= =?us-ascii?q?2Gx6pVXfIZAo9Ncv2fXtvZdupSJzAyljUWIOy8ZcHTr64l0lLUSmsUC6vI+0ed?= =?us-ascii?q?TE6RWfOR3C/rXYMJv4g0vSoo593Qni9rE6jSObaQuSKu+JaijCmEoe3eSnUtY0?= =?us-ascii?q?stjeINGmaO2wNAKGAaBNERo0ztXKqAaFxX1HIolOJiwRkMdxpvUnd2yH1ZgO69?= =?us-ascii?q?GtFFSV4TlG6uQvgGbFdtDDMq/E+K+Rb/YdoatsDWWWBe96EASY0HLPkn8IPXIr?= =?us-ascii?q?cfwO413DJ6pyw3qz6dD11Yjg2Z8qfdH7lxxqNc6mki/vF3X0aPQzXFfmjB1IWm?= =?us-ascii?q?F9pFxT1yrnD8y8rUoudtOaNYp4F+BlcKBTl7JtXD8j9cX2H03xGysAqlEziEJj?= =?us-ascii?q?IW/ioLdmQ5cbNuwut6tgvYXsrQ4kOX8aQ6oQ2kDhjYJKCz3cltC8rqnSaiYC1G?= =?us-ascii?q?bzSgF9girPBOvNkVZqwjaM61BFWXfVu2NR6Rpy1ZrEuimb+sF8cfhzxGnw=3D?= =?us-ascii?q?=3D?= X-IPAS-Result: =?us-ascii?q?A2GcAQDmjE1Y/wHyM5BeHQEFAQsBGAEFAQsBgwwBAQEBAR+?= =?us-ascii?q?BYKMyAQEBAQEBBQGBGQGWMAQYOCmHa1MBAQEBAQEBAQIBAl8oQg4BgWIaCQQ9C?= =?us-ascii?q?zEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQkCRC4CJBMGAQEMIAw?= =?us-ascii?q?CAwkCFykICAMBLQMBBQELHwsFGASISqA8P4sYglQ9KgKCYAEBBYgrCBKEHYFFi?= =?us-ascii?q?T8RAYV9jwZ9im2EeYwtAooHJoYVAkmQCzKBFFY9JT0kgnk3DxyBflGDKoJagi4?= =?us-ascii?q?BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 11 Dec 2016 17:31:42 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uBBHUlRc031405; Sun, 11 Dec 2016 12:30:57 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uBBHUjgs098192 for ; Sun, 11 Dec 2016 12:30:45 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uBBHUjl3031403 for ; Sun, 11 Dec 2016 12:30:45 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AYAACqjE1YhjFTfUpeHAEBBAEBCgEBgzcBAQEBAYF/ozgGlBKDOARbGYYIgWhTAQIBAQEBAQITAQEBCAsLCR2FRhkBATcBgRQBBQE1iGugPD+LGIJUPYMMAQEFiAEBAQEHAh4ICQEIhB2BRYw5C4MKjwZ9im2EeYwtAooHhjsCSZALMoEUgRNiJIMwDxELgX5RiDIBAQE X-IPAS-Result: A1AYAACqjE1YhjFTfUpeHAEBBAEBCgEBgzcBAQEBAYF/ozgGlBKDOARbGYYIgWhTAQIBAQEBAQITAQEBCAsLCR2FRhkBATcBgRQBBQE1iGugPD+LGIJUPYMMAQEFiAEBAQEHAh4ICQEIhB2BRYw5C4MKjwZ9im2EeYwtAooHhjsCSZALMoEUgRNiJIMwDxELgX5RiDIBAQE X-IronPort-AV: E=Sophos;i="5.33,332,1477972800"; d="scan'208";a="5872212" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 11 Dec 2016 12:30:42 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3ANYDLCxTqQ6zBGLSBQLEyA3Luitpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa68bRKN2/xhgRfzUJnB7Loc0qyN4vumBzRLvcfJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBu7oR/Qu8UKjodvJaI8wQbVr3VVfO?= =?us-ascii?q?hb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnY?= =?us-ascii?q?UAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhS?= =?us-ascii?q?waMTMy7WPZhdFqjK9DoByvuQFxzYDXbo+SL/dyYr/RcMkGSWdbQspdSypMCZ68?= =?us-ascii?q?YYsVCOoBOP5VoZH8p1QSrhu1GAyiBPn1xT9MmHD2w6w63PghEQrb2wEgGdQOsH?= =?us-ascii?q?fPodX6M6cSVu+1zK3WwjnZc/xW3jL95ZHOfxs8ov+MRap9fMjexEU1Cg/JkFWd?= =?us-ascii?q?pZbmMj6bzOgAvGyW4/J9We6zl2IrsQV8rzu1yssxl4XFmJgZx1PL+Ch/3Y07P8?= =?us-ascii?q?e3SFRhbt6hCJZQtz+VN49xQs46RmFnoic6yrkftZ6jcygG1I0rxxDQZvGDaYSI?= =?us-ascii?q?7RXjVOGeITd8mn1pYq6whxG38US4y+38UNe70EpSoydHndTArG0B2wLT58SdSf?= =?us-ascii?q?Zw8F2t1DmL2gzL7+FLO0E0la7VK547xb4wk4IesULFHi/1g0j2g6iWdkIr+uis?= =?us-ascii?q?9evreKnpppiZN4NskAHxLrwumtCjAeQ/KgUORHaU+eC91L3l4E34T65HjuE2k6?= =?us-ascii?q?bFsJDaIt4XpqiiAwBPyIoj5BG/Dyn1mOgfyGIKKFNDZQKvk5niO1aIJuvxS/i4?= =?us-ascii?q?nQeCijBuktbHNb6pIY/EKnXdkbzhNeJ77U10xw00wtRSoZlTD+dSc7rIRkbtuY?= =?us-ascii?q?mAXVcCOAuuzrO/BQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EuAADmjE1YhjFTfUpeHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwwBAQEBAYF/ozYBAQaUEoM4BBhDGYYIgWhTAQEBAQEBAQECAQI?= =?us-ascii?q?QAQEBCAsLCR0wgjMYCwQ9CzEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQkCRFQZAQE3AYEUAQUBNYhroDw/ixiCVD2DDAEBBYgBAQEBBwIeCAkBCIQ?= =?us-ascii?q?dgUWMOQuDCo8GfYpthHmMLQKKB4Y7AkmQCzKBFIETYiSDMA8RC4F+UYgyAQEB?= X-IPAS-Result: =?us-ascii?q?A0EuAADmjE1YhjFTfUpeHAEBBAEBCgEBFwEBBAEBCgEBgww?= =?us-ascii?q?BAQEBAYF/ozYBAQaUEoM4BBhDGYYIgWhTAQEBAQEBAQECAQIQAQEBCAsLCR0wg?= =?us-ascii?q?jMYCwQ9CzEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQkCRFQZAQE?= =?us-ascii?q?3AYEUAQUBNYhroDw/ixiCVD2DDAEBBYgBAQEBBwIeCAkBCIQdgUWMOQuDCo8Gf?= =?us-ascii?q?YpthHmMLQKKB4Y7AkmQCzKBFIETYiSDMA8RC4F+UYgyAQEB?= X-IronPort-AV: E=Sophos;i="5.33,332,1477958400"; d="scan'208";a="1827480" Received: from mail-pg0-f49.google.com ([74.125.83.49]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 11 Dec 2016 17:30:27 +0000 Received: by mail-pg0-f49.google.com with SMTP id p66so26454005pga.2 for ; Sun, 11 Dec 2016 09:30:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=cYo1gzeM62oluJaZkbJZ4gi2LNZPI2pB3osuEhvX2MY=; b=KYUNXmroJFo6XPMYUvZRu/nyPtHnbXRnVqfC+M/6bGEdu6jFIN6B5rEmwq767Ol5UI I+M9YjzoFp0Yv+VUGa5QRmOkTUKs1l8s31zFFhf2BZGrl0We+Btvi3ZpZOBAB9AO/G5D x0LzyLvjCiUniCfRm+8pA2yy+WWQjCQ3pbFERdzzr2dFXJXwgD49xyi8Ql+90UyMilq3 cL9zTAai+pkIqdvTaWKCZYwqbrS5RejAp9DxVjLKtpO5gqign974rl9h5iTjwYbFA+vG beBOj1lFC3qsNIj+S3HgVqefjp6uF943fv3AJM4rzVK6IywzIqfTH4ohWfY/HuWejsPz +Zzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=cYo1gzeM62oluJaZkbJZ4gi2LNZPI2pB3osuEhvX2MY=; b=VCfY0Qc2OmIe5EgL7roTp43tRSjJvjZzszhRZ1W77mtbbDJvdldY8ZbWvKDoLo0wgA NHKB0mBW7q0y5kSFaiuhLHixddbik8rXS4VnN5VVLKzkCISEEx08fZlPQ/F01Bcsr3wF fSXfCmJHpj80o67+FXYVU2c8rI108t+A/FJH6cDNb9B7RNK9KCJFmF1E2GgNC7Lap7a/ syTRS7lNY5lrr7S7cvfLxeh4hct1qHMOGbYh32wwCRvnacg8My30j06rpTcXHSy3zQnU NOUtZJnSHafwEVHxCvdavm5H6fvqoz4VmZr06zDpmEW6oWqmwge9sILuIWrPCSGlhoee lhrw== X-Gm-Message-State: AKaTC01qvPlxad3pZOdPO97hc9RMMtLIZtBtz3YVA/hBIoWVMiabstFP2on8c+LKGHYDUxMd X-Received: by 10.84.213.150 with SMTP id g22mr177944091pli.11.1481477426075; Sun, 11 Dec 2016 09:30:26 -0800 (PST) Received: from nick.mtv.corp.google.com ([100.98.112.84]) by smtp.gmail.com with ESMTPSA id o29sm71368294pgn.28.2016.12.11.09.30.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 11 Dec 2016 09:30:24 -0800 (PST) From: Nick Kralevich To: selinux@tycho.nsa.gov Subject: [PATCH] libselinux: add O_CLOEXEC Date: Sun, 11 Dec 2016 09:30:16 -0800 Message-Id: <1481477416-93493-1-git-send-email-nnk@google.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich --- libselinux/src/audit2why.c | 4 ++-- libselinux/src/booleans.c | 14 +++++++------- libselinux/src/canonicalize_context.c | 2 +- libselinux/src/check_context.c | 2 +- libselinux/src/compute_av.c | 2 +- libselinux/src/compute_create.c | 2 +- libselinux/src/compute_member.c | 2 +- libselinux/src/compute_relabel.c | 2 +- libselinux/src/compute_user.c | 2 +- libselinux/src/deny_unknown.c | 2 +- libselinux/src/disable.c | 2 +- libselinux/src/enabled.c | 2 +- libselinux/src/get_context_list.c | 6 +++--- libselinux/src/get_default_type.c | 2 +- libselinux/src/get_initial_context.c | 2 +- libselinux/src/getenforce.c | 2 +- libselinux/src/init.c | 4 ++-- libselinux/src/is_customizable_type.c | 2 +- libselinux/src/label.c | 2 +- libselinux/src/label_backends_android.c | 2 +- libselinux/src/label_file.c | 2 +- libselinux/src/label_media.c | 2 +- libselinux/src/label_x.c | 2 +- libselinux/src/load_policy.c | 8 ++++---- libselinux/src/matchmediacon.c | 2 +- libselinux/src/policyvers.c | 2 +- libselinux/src/procattr.c | 4 ++-- libselinux/src/selinux_check_securetty_context.c | 2 +- libselinux/src/selinux_config.c | 4 ++-- libselinux/src/selinux_restorecon.c | 2 +- libselinux/src/setenforce.c | 2 +- libselinux/src/seusers.c | 4 ++-- libselinux/src/stringrep.c | 2 +- 33 files changed, 49 insertions(+), 49 deletions(-) diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index 3135eed..857383a 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -201,7 +201,7 @@ static int __policy_init(const char *init_path) path[PATH_MAX-1] = '\0'; if (init_path) { strncpy(path, init_path, PATH_MAX-1); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", @@ -218,7 +218,7 @@ static int __policy_init(const char *init_path) PyErr_SetString( PyExc_ValueError, errormsg); return 1; } - fp = fopen(curpolicy, "r"); + fp = fopen(curpolicy, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index ba9d934..4a38a78 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) if (!name) return NULL; - cfg = fopen(selinux_booleans_subs_path(), "r"); + cfg = fopen(selinux_booleans_subs_path(), "re"); if (!cfg) goto out; @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char **buf) (*buf)[STRBUF_SIZE] = 0; - fd = bool_open(name, O_RDONLY); + fd = bool_open(name, O_RDONLY | O_CLOEXEC); if (fd < 0) goto out_err; @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) return -1; } - fd = bool_open(name, O_WRONLY); + fd = bool_open(name, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -305,7 +305,7 @@ int security_commit_booleans(void) } snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist) snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", bool_file); - boolf = fopen(local_bool_file, "r"); + boolf = fopen(local_bool_file, "re"); if (boolf != NULL) { ssize_t ret; size_t size = 0; @@ -518,7 +518,7 @@ int security_load_booleans(char *path) int val; char name[BUFSIZ]; - boolf = fopen(path ? path : selinux_booleans_path(), "r"); + boolf = fopen(path ? path : selinux_booleans_path(), "re"); if (boolf == NULL) goto localbool; @@ -536,7 +536,7 @@ int security_load_booleans(char *path) localbool: snprintf(localbools, sizeof(localbools), "%s.local", (path ? path : selinux_booleans_path())); - boolf = fopen(localbools, "r"); + boolf = fopen(localbools, "re"); if (boolf != NULL) { int ret; diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c index 7cf3139..ba4c9a2 100644 --- a/libselinux/src/canonicalize_context.c +++ b/libselinux/src/canonicalize_context.c @@ -23,7 +23,7 @@ int security_canonicalize_context_raw(const char * con, } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c index 52063fa..8a7997f 100644 --- a/libselinux/src/check_context.c +++ b/libselinux/src/check_context.c @@ -20,7 +20,7 @@ int security_check_context_raw(const char * con) } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c index 937e5c3..1d05e7b 100644 --- a/libselinux/src/compute_av.c +++ b/libselinux/src/compute_av.c @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const char * scon, } snprintf(path, sizeof path, "%s/access", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c index 9559d42..0975aea 100644 --- a/libselinux/src/compute_create.c +++ b/libselinux/src/compute_create.c @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const char * scon, } snprintf(path, sizeof path, "%s/create", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c index 1fc7e41..4e2d221 100644 --- a/libselinux/src/compute_member.c +++ b/libselinux/src/compute_member.c @@ -26,7 +26,7 @@ int security_compute_member_raw(const char * scon, } snprintf(path, sizeof path, "%s/member", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c index 4615aee..49f77ef 100644 --- a/libselinux/src/compute_relabel.c +++ b/libselinux/src/compute_relabel.c @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon, } snprintf(path, sizeof path, "%s/relabel", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index b37c5d3..7b88121 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * scon, } snprintf(path, sizeof path, "%s/user", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown.c index c93998a..77d04e3 100644 --- a/libselinux/src/deny_unknown.c +++ b/libselinux/src/deny_unknown.c @@ -21,7 +21,7 @@ int security_deny_unknown(void) } snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c index dac0f5b..8d66262 100644 --- a/libselinux/src/disable.c +++ b/libselinux/src/disable.c @@ -21,7 +21,7 @@ int security_disable(void) } snprintf(path, sizeof path, "%s/disable", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c index 2ec6797..dd628fb 100644 --- a/libselinux/src/enabled.c +++ b/libselinux/src/enabled.c @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) return enabled; snprintf(path, sizeof path, "%s/mls", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return enabled; diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c index f3fa4a9..689e465 100644 --- a/libselinux/src/get_context_list.c +++ b/libselinux/src/get_context_list.c @@ -275,7 +275,7 @@ static int get_failsafe_context(const char *user, char ** newcon) size_t plen, nlen; int rc; - fp = fopen(selinux_failsafe_context_path(), "r"); + fp = fopen(selinux_failsafe_context_path(), "re"); if (!fp) return -1; @@ -437,7 +437,7 @@ int get_ordered_context_list(const char *user, if (!fname) goto failsafe; snprintf(fname, fname_len, "%s%s", user_contexts_path, user); - fp = fopen(fname, "r"); + fp = fopen(fname, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, @@ -451,7 +451,7 @@ int get_ordered_context_list(const char *user, } } free(fname); - fp = fopen(selinux_default_context_path(), "r"); + fp = fopen(selinux_default_context_path(), "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c index 27f2ae5..dd7b5d7 100644 --- a/libselinux/src/get_default_type.c +++ b/libselinux/src/get_default_type.c @@ -11,7 +11,7 @@ int get_default_type(const char *role, char **type) { FILE *fp = NULL; - fp = fopen(selinux_default_type_path(), "r"); + fp = fopen(selinux_default_type_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 522ed78..5e919f4 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const char * name, char ** con) snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c index 03d3abc..d909dce 100644 --- a/libselinux/src/getenforce.c +++ b/libselinux/src/getenforce.c @@ -21,7 +21,7 @@ int security_getenforce(void) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/init.c b/libselinux/src/init.c index ddf91f8..2690a72 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -61,7 +61,7 @@ int selinuxfs_exists(void) size_t len; ssize_t num; - fp = fopen("/proc/filesystems", "r"); + fp = fopen("/proc/filesystems", "re"); if (!fp) return 1; /* Fail as if it exists */ __fsetlocking(fp, FSETLOCKING_BYCALLER); @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) /* At this point, the usual spot doesn't have an selinuxfs so * we look around for it */ - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) goto out; diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c index 0b33edc..92876f4 100644 --- a/libselinux/src/is_customizable_type.c +++ b/libselinux/src/is_customizable_type.c @@ -16,7 +16,7 @@ static int get_customizable_type_list(char *** retlist) unsigned int ctr = 0, i; char **list = NULL; - fp = fopen(selinux_customizable_types_path(), "r"); + fp = fopen(selinux_customizable_types_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 60639cf..5c9d8c1 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -96,7 +96,7 @@ struct selabel_sub *selabel_subs_init(const char *path, struct selabel_digest *digest) { char buf[1024]; - FILE *cfg = fopen(path, "r"); + FILE *cfg = fopen(path, "re"); struct selabel_sub *sub = NULL; struct stat sb; diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index 4d6ec86..4ad71f9 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -159,7 +159,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, return -1; /* Open the specification file. */ - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; if (fstat(fileno(fp), &sb) < 0) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index a4dc3cd..0d4029b 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, const char *suffix, } memcpy(sb, &found->sb, sizeof(*sb)); - return fopen(save_path, "r"); + return fopen(save_path, "re"); } static int process_file(const char *path, const char *suffix, diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c index 622741b..d202e5d 100644 --- a/libselinux/src/label_media.c +++ b/libselinux/src/label_media.c @@ -90,7 +90,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_media_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c index 700def1..9674529 100644 --- a/libselinux/src/label_x.c +++ b/libselinux/src/label_x.c @@ -117,7 +117,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_x_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index b7e1a6f..327cc6a 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -34,7 +34,7 @@ int security_load_policy(void *data, size_t len) } snprintf(path, sizeof path, "%s/load", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; @@ -173,13 +173,13 @@ checkbool: search: snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); while (fd < 0 && errno == ENOENT && --vers >= minvers) { /* Check prior versions to see if old policy is available */ snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); } if (fd < 0) { fprintf(stderr, @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) /* Check for an override of the mode via the kernel command line. */ rc = mount("proc", "/proc", "proc", 0, 0); - cfg = fopen("/proc/cmdline", "r"); + cfg = fopen("/proc/cmdline", "re"); if (cfg) { char *tmp; buf = malloc(selinux_page_size); diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c index 46cba46..23d01af 100644 --- a/libselinux/src/matchmediacon.c +++ b/libselinux/src/matchmediacon.c @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char ** con) char *ptr, *ptr2 = NULL; int found = 0; char current_line[PATH_MAX]; - if ((infile = fopen(path, "r")) == NULL) + if ((infile = fopen(path, "re")) == NULL) return -1; while (!feof_unlocked(infile)) { if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c index 284a7f7..c97dd9d 100644 --- a/libselinux/src/policyvers.c +++ b/libselinux/src/policyvers.c @@ -23,7 +23,7 @@ int security_policyvers(void) } snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) { if (errno == ENOENT) return vers; diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c index 8cd59af..ebc0ade 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context, return 0; } - fd = openattr(pid, attr, O_RDONLY); + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context, && !strcmp(context, *prev_context)) return 0; - fd = openattr(pid, attr, O_RDWR); + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; if (context) { diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c index 24e5e2c..55d4e03 100644 --- a/libselinux/src/selinux_check_securetty_context.c +++ b/libselinux/src/selinux_check_securetty_context.c @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const char * tty_context) ssize_t len; int found = -1; FILE *fp; - fp = fopen(selinux_securetty_types_path(), "r"); + fp = fopen(selinux_securetty_types_path(), "re"); if (fp) { context_t con = context_new(tty_context); if (con) { diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index 88bcc85..d8e140c 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -88,7 +88,7 @@ static const uint16_t file_path_suffixes_idx[NEL] = { int selinux_getenforcemode(int *enforce) { int ret = -1; - FILE *cfg = fopen(SELINUXCONFIG, "r"); + FILE *cfg = fopen(SELINUXCONFIG, "re"); if (cfg) { char *buf; int len = sizeof(SELINUXTAG) - 1; @@ -163,7 +163,7 @@ static void init_selinux_config(void) if (selinux_policyroot) return; - fp = fopen(SELINUXCONFIG, "r"); + fp = fopen(SELINUXCONFIG, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); while ((len = getline(&line_buf, &line_len, fp)) > 0) { diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index e38d1d0..7ebfbdc 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) return 0; - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) return 0; diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c index e5e7612..09cad3c 100644 --- a/libselinux/src/setenforce.c +++ b/libselinux/src/setenforce.c @@ -21,7 +21,7 @@ int security_setenforce(int value) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c index 09e704b..572a7b0 100644 --- a/libselinux/src/seusers.c +++ b/libselinux/src/seusers.c @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, char **r_seuser, char **r_level) gid_t gid = get_default_gid(name); - cfg = fopen(selinux_usersconf_path(), "r"); + cfg = fopen(selinux_usersconf_path(), "re"); if (!cfg) goto nomatch; @@ -278,7 +278,7 @@ int getseuser(const char *username, const char *service, FILE *fp = NULL; if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0) goto err; - fp = fopen(path, "r"); + fp = fopen(path, "re"); free(path); if (fp == NULL) goto err; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 2dbec2b..2d83f96 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -80,7 +80,7 @@ static struct discover_class_node * discover_class(const char *s) /* load up class index */ snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) goto err3;