From patchwork Tue Jul 10 22:42:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 10518317 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1BF2D600CA for ; Tue, 10 Jul 2018 22:43:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0BF4D28F73 for ; Tue, 10 Jul 2018 22:43:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F391B28F9D; Tue, 10 Jul 2018 22:43:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14FEF28F73 for ; Tue, 10 Jul 2018 22:43:29 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,335,1526342400"; d="scan'208";a="596456879" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 10 Jul 2018 22:43:28 +0000 X-IronPort-AV: E=Sophos;i="5.51,335,1526342400"; d="scan'208";a="15564075" IronPort-PHdr: =?us-ascii?q?9a23=3ATriKehMhhahQKCBURvwl6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0L/j4pcbcNUDSrc9gkEXOFd2Cra4c1ayO6+jJYi8p2d65qncMcZhBBV?= =?us-ascii?q?cuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx?= =?us-ascii?q?7xKRR6JvjvGo7Vks+7y/2+94fcbglUhTexe69+IAmrpgjNq8cahpdvJLwswR?= =?us-ascii?q?XTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3?= =?us-ascii?q?sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs7Vy?= =?us-ascii?q?6i76N2QxH2jikJOSMy/GXOhsFxia5Wpg+qqR5izI7OeIyVM/pwcL3Tc90ZR2?= =?us-ascii?q?VBUMheWCNcDIOkbYYDEuQMMvpXoYbjvFsDtge+CAu2Ce/z1jNFnGH60Ksn2O?= =?us-ascii?q?ohCwHG2wkgEsoAvnvOstX1NbodWv23wqnPwzTMcfdW2TPm6IPVdR0uvPGMXb?= =?us-ascii?q?V+cMXPzUkvExjFg06KqYP7IjyV1v4Cs3SB4+V8UuKvjncqpgdsqTas3schkp?= =?us-ascii?q?TFi40ax1ze9Sh13Zw5KcO3RUJle9KoDYNcuiCbOodsX88vQGNltDwkxrAIt5?= =?us-ascii?q?O3ZioHxZohyhXCcfKIaZKI7QjmVOuJJDd4g29qd6ynihap9Eig1vX8Vs6p0F?= =?us-ascii?q?ZWtiZFksfDtnQK1xHL9siIUOF9/ka82TaUzQzT6+dEIU4zlarANZEu3qQ8lo?= =?us-ascii?q?YTsEvfHi/2n1/6jKmKeUU/5uek8eHnYrTippOENo90jB/xMrg2l8CiDuk1PR?= =?us-ascii?q?ICUmiG9eimyrHu8lP1TK9XgvEul6nWqpHaJcAVpq6jBA9V154u6w2hADei0d?= =?us-ascii?q?QYm2QHLV1cdB2ciIjpJlfOL+zmAvekmFmsjDdqyOzGPr3mGJnNKGPDn637cb?= =?us-ascii?q?Zy7E5c1hI/zcpD6JJMFrEBPPXzV1fztNzfCB82KRC0w+b9B9V7zY4eW2WPAq?= =?us-ascii?q?mcMKzIql+I+vwgI/OXZIMPvzb9Mfcl7eb0jXAlgV8dYbWp3ZwPZXC6HPRpOV?= =?us-ascii?q?mWYXn3gtcGF2cKvxQ+QffkiF2GTD5SaG29X7865jEnFYKqF4DDRpqigLaZxi?= =?us-ascii?q?e0AoVWZnxaClCLCXrpd5iEW+0QZyKSJc9hiCcJVaWiS487zx2ushH1y6Z/JO?= =?us-ascii?q?rO5iIYrY7j1MRy5+DLjRE96yd7ANqb02GMU2F0mXgFRz4o069hv0Nx0FCD0b?= =?us-ascii?q?J3g/ZAD9xc++tJUhsmNZ7b1+F1FtfyWgTHftiUVlmmRtSmDCorQd0v2d8OZF?= =?us-ascii?q?xxG9K4jhDMxyCqGaMal6SXBJwo9aLRx2X+J9pnxHbcz6Quk14mQs5TOmK8na?= =?us-ascii?q?5/6xLfB4jXnEWFj6yqb7gT3DbR9GefymqDpEBYUAhsUarbWXAQeE7Wosrl5k?= =?us-ascii?q?PYT76jErMnMhNfxs6EL6tFcNzpjVFdS/fkN9XSeWWxm32/BRyQ3LODcJLqe3?= =?us-ascii?q?kB3CXaEEUFnQET/XKDNQcgHCesuGzeAyJzGlLoeUPj6/F+qGm8Tk820Q6Fc1?= =?us-ascii?q?Fh26Cy+h4PivyWU+kT0a4cuCc9tzV0G06w39zMC9WaoQpuYKRcYcgm7VdCzW?= =?us-ascii?q?LZthVxPoeuLqB5nFIedB53v0z23RVtFopAidQqrG8tzAdqKqKXylBBdzSF3Z?= =?us-ascii?q?3rOb3YMGry/Beya6LM3VHeytmW8L8V6Psks1XjoB2pFk06/np9ztZVyXqc6Y?= =?us-ascii?q?vQDAcJS53+TkM3+wJ9p7HAbSk3/5nU2mF0Mamorj/C3MokC/c/xRakYdhfK7?= =?us-ascii?q?+EFQ/1E8ABHMihNO0qlEavbhIYPeBd7rQ4P8W4ePuawKSrJvpvnCq6jWRb54?= =?us-ascii?q?BwyliM+DdhRePT0JYFxv6Z0hGBVzjikFerqtr3lpxcZTEOAmq/zjDpBJVfZq?= =?us-ascii?q?1oeoYLEnuuLtasxtV4gJ7sVXtY+0SlB18c3s+mZwaSZUTn3QJMzUQXvWCnmS?= =?us-ascii?q?ygwj16iT4pqraf0zLUw+T5bxcHJHBERHN5glfxJIi4ldcaXFKnbwIxjhuq+V?= =?us-ascii?q?76x7RHpKR4N2TTR0ZIfyzyL258Sau9raCNbNBV6JMvqylXV/68YV+CQL7nvx?= =?us-ascii?q?Qayz/jH3dZxD0jaTGqu4n2nwB9iGKHNnp8sHrZecZ2xRfQ/9HcQf9R3jwcSy?= =?us-ascii?q?lijjnbHF+8P8Om/d+MjZfMrvi+V369Vp1UaSTryYKAtDCn5WFzGh2wgfSzmt?= =?us-ascii?q?zhEQgn3i72zMJqVT3JrBb6Y4nky7+6PfhhfkZ2GF/289B6FZ1mkossmJEQ3m?= =?us-ascii?q?AXho+S/XoDlWf8L89b1r75bHsDXjML2MPV7xT+2EF5KXKJ3Y35XG2HwsR9f9?= =?us-ascii?q?m6fn8W2iUl4sBJFqiU6qdEkDB2olWmqwLRev59kSkByfc0734ame4JshI3zi?= =?us-ascii?q?qBGrASAVVYPSv0mhSQ9d++saFXa3i3cbeq0kp+gc6uDKuZrwFBQ3b2ZI0iHT?= =?us-ascii?q?Rq4sVkN1LMzWfz5Z36d9neatITrBKUnAnag+hTNp0xiuIAhTB7NmLloX0l1+?= =?us-ascii?q?k7gARw3ZG8oYeKMHtt/KSkDR5YLDH1Yd0c+i31h6ZEgsmWx5yvHolmGjgTRJ?= =?us-ascii?q?vnV++oEDYJuPv7NgaODD09pm6VGbXFGw+T8kBmr2jAE5qzLXGYOGEZzcl+RB?= =?us-ascii?q?maPEFfgwAVXDEkkZMiEwCqw8LhcEln6TAN+l74qhxMyud2OBXlVGfQuhuoYC?= =?us-ascii?q?8uSJeDNBpW8h1C50DNPMyQ9O1zGT1Y/pqkrAGWJGyUeRlHDWYTWkOeH1DjJL?= =?us-ascii?q?6u5dve/OeEGuqyNfzOYa+BqeZGTfeH2Yqv0pd6/zaLLsiPMGNiAOMm1UpYR3?= =?us-ascii?q?95HdjZmzIUSyEMjS3Cc8ubqA27+i1tocC16O7rVx735YuTF7tSNs1i9Autjq?= =?us-ascii?q?uEM+6QhT15KSpD1p8W3n/H1qQQ0EQJiy5wczmtELIAtTPCTa/LhqBWDwQbaz?= =?us-ascii?q?5oNMdS4aMzxBVNOdXcitPzzLJ4ieQ1C1hdX1z7hs6pfdAKI326NF7fH0mLNb?= =?us-ascii?q?uGJTrNw8zsfKyzV6ZfjOROuB22ozqbFFXjPjubnTnzSx+vKf1MjD2cPBFGoo?= =?us-ascii?q?69fQxiCXb9Q9/9bR27KMF4jTszwbIuh3PKMXUTMT9zck9Xqb2Q9yxYiO1lG2?= =?us-ascii?q?Nd9nplMfWEmyGB4unELZYWtOFnAj5zl+Nb/ns6zaBa7DtDRPNrmyvftcJho1?= =?us-ascii?q?ajkuaT0DVnSwZOpixNhI2VoUVoIb/Z+YVYWXbY4BIN6n2dCxYKp9plEt3vvK?= =?us-ascii?q?RQytnTlK3tMzpC9tPU/dcGB8fKMs6HN2AhMRXxEj7OEAQFVSKrNX3Yh0FFjv?= =?us-ascii?q?6S7mearoI7qpj3g5cOUqVUVEY0FvMBEkRlGMYNL4tpUT8+lr6blsEI72KkrB?= =?us-ascii?q?bNXMVaoozHVvWKDPXpNjmWl71EagALwbP/NoQTKpf020p5all5nYTGAUzQUs?= =?us-ascii?q?5Roid5dA87vF1N8GRiTm00w0/lcB2i4GQNGvGuhB45lgt+bP82+zft+Vc4O1?= =?us-ascii?q?3KpCUokEkrh9rkgSqdcDjvI6esRYtWETb7t1AtMpPnRAZ4dRC9klZ6NDfFWr?= =?us-ascii?q?1RlKBtenpxiA/GvptOF+VcQrNYbx8N3/GXZuko0FRGpiWh20BH+fPPCYF+mw?= =?us-ascii?q?sybZ6ss3VA1hpnbN4yP6zfOqxJz1lXhq+VsS+o0P0xzBUZJ0YX/2OYYDQIt1?= =?us-ascii?q?AQNrk6Oyqo+fRh6ReclDtHeWgMUecqo/1x+0whPOSAyj7v3KRYKkCtLeCfKb?= =?us-ascii?q?2Wu3TYn86SXlwwzl8Il1VC/bVuzMgsb0+UV0cpzLuNChgELtTCJh9Pb8pT9X?= =?us-ascii?q?nTeiCOvf/LwZ1rI4W3DvroQvOWtKYInkKkGx4kH5gN7sQEGZmszEHYLMf8Ib?= =?us-ascii?q?EYyBUs5B7kK06fAPRPZh2LjC8No9ujw59vwYldOjYdDH1nPiWz57bYuhElj+?= =?us-ascii?q?KGXNY2ZHcaWY0EOWgtVcKhmi5WpXJAACC50uIE0gSC6SHzpjjIBjnmc9VjfO?= =?us-ascii?q?uUZQ9rCNyu4jow7a62hEXN/ZrDOWH1K85iusTV5uMAp5eLEfRUTaNys03EgY?= =?us-ascii?q?lXW2SqU3LTEd6yP5XwcY8sbd3oBXa6VVy/jyk1Qd/oMtiwNKaFnQbmSJ1Iv4?= =?us-ascii?q?mc2TAsKdWyFioCGxtqoeEM+r58bxUZY5UneR7oqxg+N6unLQiE0NWhWXqiJC?= =?us-ascii?q?BKQPlYyeW6Y71XwDQ2bu+m1nQvUpE6w/Ow8U4XS5EAlgveyuq7Z4lCTSjzHW?= =?us-ascii?q?RQex/VqiojkGhuLf0/wvslwBzSr1kTLTSLdO1vaGxLu9E8BFySIXVqCmo2XV?= =?us-ascii?q?Ccl4/D7hSq378M4ytXh8xU3vFdsHjiop/fZyqhWaKxpZrJsyogbN0mo6xrPo?= =?us-ascii?q?zgOcaGtY3RkSLBQ5XKtQ2FSiG6HeJAmtdMOCJYXOVImWY9NMwDo4VB80kxWd?= =?us-ascii?q?kiJ7xODqksqaunaDR+Ai4U0SAZU4SA3CEfjeenwbfakAmfcIg6OhwerJpCms?= =?us-ascii?q?cdUzJxYi4GvK+jUIHWmHWeSmkFJwcT6QpM6RkFlo93eeDl+5THQ4NWyz5RuP?= =?us-ascii?q?J0SSrLFp9n91fhTWGWm1f4Qu27k+O1xQJS0O7s0t4DVRFlE0hd2uBWmlErKL?= =?us-ascii?q?xsKqkQv4/KsiOTek/gumLi1vemLkFLycLIb134EJbFtW3kXy0A/n0UQJRCyG?= =?us-ascii?q?3DGZQXiAV1cqArq0tQIIq+YEbx+yQkx5h1H7m/Tc2rxVElomgdSii3DdVBEP?= =?us-ascii?q?9psEjLWDJ7fp+nspPlNItOQmVI4p2St09ZkFlxMy6+0ZdcN9xC7SMNXDdVpT?= =?us-ascii?q?WQp8e9SMpG2cBqFZAMOct/t237GKxaJJibu2c2taD3yn/F5zA8t0+3xC2oG6?= =?us-ascii?q?+kVe1W4nEeFx4yJ2SZt0kvFfcj/XnU8lDRqFB75eNbCqKIjUVrrzZ3BopOCS?= =?us-ascii?q?pR1XC5M1RzS2FLvP5UKKvJb8BRQeQ+aBG0NhMiEv4m2lCG8ltvnXfleSBysB?= =?us-ascii?q?VV+zzFVQkuSSYVmqvtmSEZqsy/Iz8VVY9HbTU7YCfZMA+bnSdXvAhBZE10R5?= =?us-ascii?q?8ZBctK9K8B0YtS4MXCVV6mKTsZUxx6KgI4zf1fmFZfsEWCZy/SExeneO3Ssh?= =?us-ascii?q?1zYceRttSmLOr4/AdAjoPorvw4+78ER328lg2nWcreoJPktt2WqkuOc7/1M+?= =?us-ascii?q?imbn/FSDjDkwywhas+AJbQ5CXTNhRUK4VhyXU4e5fhEXDEMQ5AJ60FO0pRTb?= =?us-ascii?q?p6ZsleouBGe89kf74E+a13CRKdQRPvA4ivo+NYLlvIQDTeMiGB8vC+oY3P7L?= =?us-ascii?q?zSU+7gZteWy3bAWaJ3MY9w6SPnFLfyzY9e5k321+9v9kxgT1jGPTqBrNP8KQ?= =?us-ascii?q?wV/8SialHtvpsyHTPRGptwlmTixl1YfcoNXyKq6IgYyI9e6HvoRuJ4z0nzsO?= =?us-ascii?q?lW97Z67Ik6+K1mxtmvKqfTM/tat1VrAh+OBgVl7p8tGnRwR3hNYu8NL/fcZa?= =?us-ascii?q?YZjcHrq+3sEqwY9h2U9PJDadvGIUHBldOzCjeCRhxYhA0BsyIVLhOA1/6ZnK?= =?us-ascii?q?95UcClpezi10Is5Vi+KwQKzLFr5YeK4KqHvvTXbwfLzbgZRqfqWt7zrq4ytE?= =?us-ascii?q?+I4v0kjrEOcHRvYwK7COgdStIdxmD4wKAvyiIsFd/DH73+9/NYUnI5nyjvm5?= =?us-ascii?q?ZjEFUKFPIUGqCL/YdFnmsinezWKMEWeLhYmmmTDR6kDqMCyXmz5iuTO2llhx?= =?us-ascii?q?HD3gr+QWyt8VD2qjV4TjHUz9f5lUpVVKe4CltOXyazPk94qjyPNhLytNXroa?= =?us-ascii?q?Q18F02Mmv8udKMlWquIqlYENHkKdyHPyY0uEwYg4ErStyow4AbFsK3IM0N/3?= =?us-ascii?q?Fmcvve92SrnjdarKdGnIrf7Nua+vfWHXm8l62VsaiNxDRDx3ckulEw986vOe?= =?us-ascii?q?vT592QRPSozXweQz14uwvbUB6/sqbboEwMOUyXzEfLn5QHPslD0nkkyk7m5O?= =?us-ascii?q?YiQNUp9AVdD4rAfO0NpTTyODvy3FaebMk6VjGE3DtLAl31EVd5GK8m2GLzps?= =?us-ascii?q?7Jlmnf+0cuRoZuc0zrnxt3D583KUg18lgY3jIDERQRaRCcFLyoClrqLY0YVU?= =?us-ascii?q?gEbhSL26O6dbkz3U1yxLOv+eDSYPd4B6UTLPZcjhSBkEJdGp0Ira0UWKh8dE?= =?us-ascii?q?NF9K7LugjiDJDqX/7nlXUsMv21RtpV8dsDu3sj5Qa/QAGg6YxY4rYeh52Jeb?= =?us-ascii?q?RIYZ/WvMBz901n/yIAdjRRgBhjiBO0Se8cq/z44tjAqZam9+mgWqAsR+UR6h?= =?us-ascii?q?g1CH9zj5T1gF85p9HYyf1QSorPiYTw6ApNOWKFuJ7G0xlgLuoDM4CrfLFg93?= =?us-ascii?q?UBPSQRO3IOPd6La/Yh4i5tMTPT50dBAsMNft4YIsvNmR5OhU3tRb5T99DXGl?= =?us-ascii?q?mGBIdvb8oo9Xb4yCgp8ZsgVebt8D62JY7F4FFLJP5DiDhsm8/DpOgS2vreEi?= =?us-ascii?q?8X4WOWaxJt2CON14GNC+rs/eWL0NzUVU0JHiA4U4dZPzeD9xaoRuyrm5X1SA?= =?us-ascii?q?+U7NH8gI4mfkKKWnOxhLgFsrpLEeNYhSX72j9eF47riPKRt9qh83BXtlpBEI?= =?us-ascii?q?Zy8RLJAqNfMYtnOR7gjMmkWlB8BjfjeMHTbhcuveuWxuQP4+V5LEb+Z5UUIh?= =?us-ascii?q?EDy7L893VVSBFiSLjosVaFRegRfsdpSOvYrnBJ7oJtM7QAM0abpJz2tTpIs1?= =?us-ascii?q?Q2AAg1aL8ssDxVaFTBkBdSW6but74KkhEcXsJhuU9QBWKwP3oz5zTZWqRRja?= =?us-ascii?q?mREOIa/y6ST6wPVkVoNz1xQwmx2JpwYbepmupHsmxelCNnvPcqyyBmRAe7uS?= =?us-ascii?q?D0qaMNwSgg+LCkuzofonFFS+SekzvSCVpd1vgKir0cC3n641ymfHYDdJfy4K?= =?us-ascii?q?VgJcn48okh52owbA47fy0CR+ugED3wj6KUDYyTqtJTmgCCtN/IbbCtMSgYLq?= =?us-ascii?q?49xg77R3hhzgjemw5l8G8KQjWm8d8lK5yxOcIkxiqzBWjbb00B4qJTv8v3sl?= =?us-ascii?q?4HVuw2aUluwG97yMiIWjUNRNDTG2YylgUkbH9Lf45D6R8bEakohS2FvrdH/g?= =?us-ascii?q?ESfjjUFoWl+o/NncbHw3U9Ss1qxm3OrK2fmpwqyGFlm89z7iOWunQdbe/YU8?= =?us-ascii?q?h3DXXoy4dfz/D+Z/WqsuAaR4tmyKihXOUEMsa95Wu8wI9qVVO9xrQCA1q5N/?= =?us-ascii?q?cOxrXeUyeiU22YQ+WLc3OXkjY/KEHy4AenLlwtZMdNtU89PfPIhoRAmA35Tb?= =?us-ascii?q?N0WiKQqEfAzGwtNOMVawM7tYS8dgwUUuERfemcJOkpwP04ElcMaWHGHTclQ9?= =?us-ascii?q?Ox5ECsho9TKXhm4Fu8ZeXr7xCgN8GdXAQHQqDAqZsk1fWkR27JGXh/wRl2Jw?= =?us-ascii?q?Eg++fYCFk1svR0aZudndHMwd981LhWJL9WLSQht4tLycpY4o6O3ZLPL0uLnJ?= =?us-ascii?q?/vOdHYpOSZCPTDzkMsP3tXSacdfRivv9VoI944X+SCBbIB41IRCLM/T9okPm?= =?us-ascii?q?b1sqR1KFAWEEbdZ7Wx18/toO/DJp5ZvGTf4V94KiDA8wYCxfq5QU0zb52ji3?= =?us-ascii?q?joZpFlQDVHoo4IaFN9BIUaPcQGokK8BoKM3rmhgoq9+0RltusOqoLqB/zK3c?= =?us-ascii?q?j/1IJ0DP04rVeTMmPpDbJwyl9gkvz0h/7B1pfrDsa3ddMDS+V/RnXtcLLKHo?= =?us-ascii?q?yjbDmJP5GZGQZd67DJ6LtiSV2KYTzhGaqLsCrxLPJ//UAy0ZB1ZsLW3GVr9b?= =?us-ascii?q?zX2NLuIWpcoyo=3D?= X-IPAS-Result: =?us-ascii?q?A2AsAQBZNUVb/wHyM5BcGwEBAQEDAQEBCQEBAYMfJ4EJS?= =?us-ascii?q?hIoi35foxUUgWIPGBSHDTQYAQIBAQEBAQECAWwogjUkgl4DAwECJBMUIAsDA?= =?us-ascii?q?wkBAUAICAMBLRURDgsFGASCNIJLA6wMM4hPgTiKUD+BEIJjhHYBEgEHhW4Ch?= =?us-ascii?q?1qEeT1ui1QJly+FV5ISgUE4YXEzGggbFTuCaYIlF44YbgxwFIl5DRcHghsBA?= =?us-ascii?q?Q?= Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 10 Jul 2018 22:43:26 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6AMgQXA016917; Tue, 10 Jul 2018 18:42:38 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w6AMgF2t026956 for ; Tue, 10 Jul 2018 18:42:15 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6AMgKcx016908; Tue, 10 Jul 2018 18:42:22 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1C4AAAxNUVbly0VGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YMfJ4FTEiiDeogEX4tZlzwUgWYLLIRAAoIqITQYAQIBAQEBAQECFAEBAQEBBhg?= =?us-ascii?q?Ghg8DAyMEUhAlAiYCAkcQGYJVS4IAA6sRezOIT4E4gQuHboFXP4EQgmOFEYMZg?= =?us-ascii?q?lUCh1qEeT1ui1QJly+FV5ISgUGCCjMaCBsVgySCJQ4JEY4HbgyBBIl5K4IbAQE?= X-IPAS-Result: =?us-ascii?q?A1C4AAAxNUVbly0VGNZcHAEBAQQBAQoBAYMfJ4FTEiiDeog?= =?us-ascii?q?EX4tZlzwUgWYLLIRAAoIqITQYAQIBAQEBAQECFAEBAQEBBhgGhg8DAyMEUhAlA?= =?us-ascii?q?iYCAkcQGYJVS4IAA6sRezOIT4E4gQuHboFXP4EQgmOFEYMZglUCh1qEeT1ui1Q?= =?us-ascii?q?Jly+FV5ISgUGCCjMaCBsVgySCJQ4JEY4HbgyBBIl5K4IbAQE?= X-IronPort-AV: E=Sophos;i="5.51,335,1526356800"; d="scan'208";a="320581" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 10 Jul 2018 18:42:22 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A/F5p7x/V6TIMw/9uRHKM819IXTAuvvDOBiVQ1K?= =?us-ascii?q?B30uIcTK2v8tzYMVDF4r011RmVBduds6oMotGVmpioYXYH75eFvSJKW713fD?= =?us-ascii?q?hBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFR?= =?us-ascii?q?XjLwp1Ifn+FpLPg8it2O2+55zebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyh?= =?us-ascii?q?zHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKW?= =?us-ascii?q?E169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMNboRr4oRz?= =?us-ascii?q?ut86ZrSAfpiCgZMT457HrXgdF0gK5CvR6tuwBzz4vSbYqINvRxY7ndcMsHS2?= =?us-ascii?q?pGXshfSSJPDIC+YIsBAeUOMvpXoYbmqlsSrxazHxWgCP/1xzJKgHL9wK000/?= =?us-ascii?q?4mEQHDxAEuEcgBsGrVrNroKawcU+e1zafWwjXHa/NWwir25Y/VfRAhpvGNU6?= =?us-ascii?q?x/cc7VyUk0DA7FlEufppHlPzyPyuQBqXSU7+1lVe+2jWMstgJ/oiC3y8syl4?= =?us-ascii?q?XEiZgZxk7L+Clj3oo5OMe0RUF7bNK8EZZdtjuWO5Z1T84gWW1kpig3x7MctZ?= =?us-ascii?q?O5ciUHzoksyQTFZPydaYeI5wruVOaPLjd8g3JoYLywiRSx/0amxODxSNO63U?= =?us-ascii?q?pWoidEiNXDqG4C1xnI6siIUPd9+12u2TeL1wzJ7+FEIEQ0mbLaK54n3LEwio?= =?us-ascii?q?IevVreEiL5gkn6kqCbel869uS18ejqbbXrqoeZN4BuiwH+Nqoumta4AeQ9Kg?= =?us-ascii?q?UBQmib+eOy1bL9+U35RK5Kg+YskqbHrZ/aJd4UprKjDwBJ1YYj7g6zDy2639?= =?us-ascii?q?QAgXkHMFVFdQqcj4f0IFHDO+z4DPejjFSslzdn3fbGPqb7DZnXIXjDl6nhd6?= =?us-ascii?q?5n60FA0Aoz0cxf55VMB7EaPv3zXk7xtNrFDh42KAG03+bmB8l91oMZQ26PBL?= =?us-ascii?q?SZP7nIvV+H4eIvPbrEWIhApjfnLNA36vjvkzk9mFkAbe+ux5RRdXPrMO5hJh?= =?us-ascii?q?C1aGTtjp8hFngHug4lBLjmiFqdXDpXfF6oUq487y19A4WjW9SQDruxiaCMiX?= =?us-ascii?q?/oVqZdYXpLXxXVSS+yLdeNRusMZSSOI8Rojj0DU/27RpQ80Q217leimadnL+?= =?us-ascii?q?6NqzUR7cyl2dVu4uKVkBgz8XpxDsDOm22OTmQhmGQOSnd22a1kukVyxx+F1r?= =?us-ascii?q?QwmP1XE9FfprtJXw42OISazrl8DNb/CUraZtncblGgT529BC0pCMoryooCY0?= =?us-ascii?q?FiFtGmlTjZ0iaqCqNTnLuOV9Qv6qyJ53HqPI5mzmrekqwojl0oWMxKYGGmgb?= =?us-ascii?q?Fy8wzIL5TEn0WQi+ChcqFPlDXV+jK7xHGV9FpdTBY2UajBWiUHYVDKqN3i+k?= =?us-ascii?q?7YZ7q+UPI9PwdBwNLEIaxPZw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CRAABZNUVbly0VGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYMfJ4FTEiiDeogEX4tZlzwUgWYLLIRAAoIqITQYAQIBAQEBAQECARMBAQE?= =?us-ascii?q?BAQYYBliCNSQBgl0DAyMEUhAlAiYCAkcQGYJVS4IAA6sRezOIT4E4gQuHboF?= =?us-ascii?q?XP4EQgmOFEYMZglUCh1qEeT1ui1QJly+FV5ISgUGCCjMaCBsVgySCJQ4JEY4?= =?us-ascii?q?HbgyBBIl5K4IbAQE?= X-IPAS-Result: =?us-ascii?q?A0CRAABZNUVbly0VGNZcHAEBAQQBAQoBAYMfJ4FTEiiDe?= =?us-ascii?q?ogEX4tZlzwUgWYLLIRAAoIqITQYAQIBAQEBAQECARMBAQEBAQYYBliCNSQBg?= =?us-ascii?q?l0DAyMEUhAlAiYCAkcQGYJVS4IAA6sRezOIT4E4gQuHboFXP4EQgmOFEYMZg?= =?us-ascii?q?lUCh1qEeT1ui1QJly+FV5ISgUGCCjMaCBsVgySCJQ4JEY4HbgyBBIl5K4IbA?= =?us-ascii?q?QE?= X-IronPort-AV: E=Sophos;i="5.51,335,1526342400"; d="scan'208";a="15564061" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa06.eemsg.mail.mil ([214.24.21.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 10 Jul 2018 22:42:21 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;de71e998-585c-4a2b-943d-c786c29ce224 Authentication-Results: uhil19pa06.eesmg.mail.mil; dkim=none (message not signed) header.i=none; spf=None smtp.pra=dhowells@redhat.com; spf=Pass smtp.mailfrom=dhowells@redhat.com; spf=Pass smtp.helo=postmaster@mx1.redhat.com X-EEMSG-check-008: 292918347|UHIL19PA06_EEMSG_MP4.csd.disa.mil X-EEMSG-SBRS: 5.2 X-EEMSG-ORIG-IP: 66.187.233.73 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3A5NkPfhBXreOqKtYNxhj2UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP3zoMbcNUDSrc9gkEXOFd2Crakb26yL6Ou5BCQp2tWojjMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpRZbIBj0NBJ0?= =?us-ascii?q?K+LpAcaSyp3vj6Hhs6HUNhtJnj2Vc750LQvwqQTXq9lQhpFtbLsymTXTpX4dV+?= =?us-ascii?q?1IxG8gBVWMkhL4/Y/k8J5k7ClUv+kJ7cNMUazmOa8/SOoLX3wdL2kp6Ziz5lH4?= =?us-ascii?q?RgyV6y5ZCz1Oy0saM03+9Bj/G6zJnG7/v+t51jOdOJSsH6o5VTSr8+FgTxq60X?= =?us-ascii?q?5bZQ58y3nej4lLtIweuAio/kYt2YPYYIiJcvF5e/GFJI5IdS96Rs9UEhd5LMa8?= =?us-ascii?q?Yo8IVrRTOPYB6ZPwq1sHsV21Agz+Xe4=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BlAgDRNUVbmEnpu0JcHQEBBQELAYMfg?= =?us-ascii?q?XoSKIN6iARfkRuRehSBZgsrAYRAAoJEBgEEMBgBAgEBAQEBAQEBARMBAQEBAQg?= =?us-ascii?q?LCwYpL4I1BQEeAQWCWAMDIwRSECUCJgICRxAZglVLggCrEnsziE+BOIELiUU/g?= =?us-ascii?q?RCCY4URgxmCVQKHWoR5PW6LVAmXL4VXkhKBQYIKMxoIGxWDJIIlDgmOGD4wDIE?= =?us-ascii?q?CAQGJeStBgVoBAQ?= X-IPAS-Result: =?us-ascii?q?A0BlAgDRNUVbmEnpu0JcHQEBBQELAYMfgXoSKIN6iARfkRu?= =?us-ascii?q?RehSBZgsrAYRAAoJEBgEEMBgBAgEBAQEBAQEBARMBAQEBAQgLCwYpL4I1BQEeA?= =?us-ascii?q?QWCWAMDIwRSECUCJgICRxAZglVLggCrEnsziE+BOIELiUU/gRCCY4URgxmCVQK?= =?us-ascii?q?HWoR5PW6LVAmXL4VXkhKBQYIKMxoIGxWDJIIlDgmOGD4wDIECAQGJeStBgVoBA?= =?us-ascii?q?Q?= Received: from mx3-rdu2.redhat.com (HELO mx1.redhat.com) ([66.187.233.73]) by uhil19pa06.eesmg.mail.mil with ESMTP; 10 Jul 2018 22:42:19 +0000 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 514464059FE3; Tue, 10 Jul 2018 22:42:18 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-149.rdu2.redhat.com [10.10.120.149]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3382E2026D6B; Tue, 10 Jul 2018 22:42:15 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 X-EEMSG-check-009: 444-444 From: David Howells To: viro@zeniv.linux.org.uk Date: Tue, 10 Jul 2018 23:42:15 +0100 Message-ID: <153126253554.14533.643647579195359736.stgit@warthog.procyon.org.uk> In-Reply-To: <153126248868.14533.9751473662727327569.stgit@warthog.procyon.org.uk> References: <153126248868.14533.9751473662727327569.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 10 Jul 2018 22:42:18 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 10 Jul 2018 22:42:18 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Subject: [PATCH 07/32] selinux: Implement the new mount API LSM hooks [ver #9] X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: torvalds@linux-foundation.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Implement the new mount API LSM hooks for SELinux. At some point the old hooks will need to be removed. Question: Should the ->fs_context_parse_source() hook be implemented to check the labels on any source devices specified? Signed-off-by: David Howells cc: Paul Moore cc: Stephen Smalley cc: selinux@tycho.nsa.gov cc: linux-security-module@vger.kernel.org --- security/selinux/hooks.c | 264 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 264 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5bb53edd74cc..bdecae4b7306 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -2973,6 +2974,261 @@ static int selinux_umount(struct vfsmount *mnt, int flags) FILESYSTEM__UNMOUNT, NULL); } +/* fsopen mount context operations */ + +static int selinux_fs_context_alloc(struct fs_context *fc, + struct dentry *reference) +{ + struct security_mnt_opts *opts; + + opts = kzalloc(sizeof(*opts), GFP_KERNEL); + if (!opts) + return -ENOMEM; + + fc->security = opts; + return 0; +} + +static int selinux_fs_context_dup(struct fs_context *fc, + struct fs_context *src_fc) +{ + const struct security_mnt_opts *src = src_fc->security; + struct security_mnt_opts *opts; + int i, n; + + opts = kzalloc(sizeof(*opts), GFP_KERNEL); + if (!opts) + return -ENOMEM; + fc->security = opts; + + if (!src || !src->num_mnt_opts) + return 0; + n = opts->num_mnt_opts = src->num_mnt_opts; + + if (src->mnt_opts) { + opts->mnt_opts = kcalloc(n, sizeof(char *), GFP_KERNEL); + if (!opts->mnt_opts) + return -ENOMEM; + + for (i = 0; i < n; i++) { + if (src->mnt_opts[i]) { + opts->mnt_opts[i] = kstrdup(src->mnt_opts[i], + GFP_KERNEL); + if (!opts->mnt_opts[i]) + return -ENOMEM; + } + } + } + + if (src->mnt_opts_flags) { + opts->mnt_opts_flags = kmemdup(src->mnt_opts_flags, + n * sizeof(int), GFP_KERNEL); + if (!opts->mnt_opts_flags) + return -ENOMEM; + } + + return 0; +} + +static void selinux_fs_context_free(struct fs_context *fc) +{ + struct security_mnt_opts *opts = fc->security; + + if (opts) { + security_free_mnt_opts(opts); + fc->security = NULL; + } +} + +static int selinux_fs_context_parse_option(struct fs_context *fc, char *opt, size_t len) +{ + struct security_mnt_opts *opts = fc->security; + substring_t args[MAX_OPT_ARGS]; + unsigned int have; + char *c, **oo; + int token, ctx, i, *of; + + token = match_token(opt, tokens, args); + if (token == Opt_error) + return 0; /* Doesn't belong to us. */ + + have = 0; + for (i = 0; i < opts->num_mnt_opts; i++) + have |= 1 << opts->mnt_opts_flags[i]; + if (have & (1 << token)) + return -EINVAL; + + switch (token) { + case Opt_context: + if (have & (1 << Opt_defcontext)) + goto incompatible; + ctx = CONTEXT_MNT; + goto copy_context_string; + + case Opt_fscontext: + ctx = FSCONTEXT_MNT; + goto copy_context_string; + + case Opt_rootcontext: + ctx = ROOTCONTEXT_MNT; + goto copy_context_string; + + case Opt_defcontext: + if (have & (1 << Opt_context)) + goto incompatible; + ctx = DEFCONTEXT_MNT; + goto copy_context_string; + + case Opt_labelsupport: + return 1; + + default: + return -EINVAL; + } + +copy_context_string: + if (opts->num_mnt_opts > 3) + return -EINVAL; + + of = krealloc(opts->mnt_opts_flags, + (opts->num_mnt_opts + 1) * sizeof(int), GFP_KERNEL); + if (!of) + return -ENOMEM; + of[opts->num_mnt_opts] = 0; + opts->mnt_opts_flags = of; + + oo = krealloc(opts->mnt_opts, + (opts->num_mnt_opts + 1) * sizeof(char *), GFP_KERNEL); + if (!oo) + return -ENOMEM; + oo[opts->num_mnt_opts] = NULL; + opts->mnt_opts = oo; + + c = match_strdup(&args[0]); + if (!c) + return -ENOMEM; + opts->mnt_opts[opts->num_mnt_opts] = c; + opts->mnt_opts_flags[opts->num_mnt_opts] = ctx; + opts->num_mnt_opts++; + return 1; + +incompatible: + return -EINVAL; +} + +/* + * Validate the security parameters supplied for a reconfiguration/remount + * event. + */ +static int selinux_validate_for_sb_reconfigure(struct fs_context *fc) +{ + struct super_block *sb = fc->root->d_sb; + struct superblock_security_struct *sbsec = sb->s_security; + struct security_mnt_opts *opts = fc->security; + int rc, i, *flags; + char **mount_options; + + if (!(sbsec->flags & SE_SBINITIALIZED)) + return 0; + + mount_options = opts->mnt_opts; + flags = opts->mnt_opts_flags; + + for (i = 0; i < opts->num_mnt_opts; i++) { + u32 sid; + + if (flags[i] == SBLABEL_MNT) + continue; + + rc = security_context_str_to_sid(&selinux_state, mount_options[i], + &sid, GFP_KERNEL); + if (rc) { + pr_warn("SELinux: security_context_str_to_sid" + "(%s) failed for (dev %s, type %s) errno=%d\n", + mount_options[i], sb->s_id, sb->s_type->name, rc); + goto inval; + } + + switch (flags[i]) { + case FSCONTEXT_MNT: + if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) + goto bad_option; + break; + case CONTEXT_MNT: + if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) + goto bad_option; + break; + case ROOTCONTEXT_MNT: { + struct inode_security_struct *root_isec; + root_isec = backing_inode_security(sb->s_root); + + if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) + goto bad_option; + break; + } + case DEFCONTEXT_MNT: + if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) + goto bad_option; + break; + default: + goto inval; + } + } + + rc = 0; +out: + return rc; + +bad_option: + pr_warn("SELinux: unable to change security options " + "during remount (dev %s, type=%s)\n", + sb->s_id, sb->s_type->name); +inval: + rc = -EINVAL; + goto out; +} + +/* + * Validate the security context assembled from the option data supplied to + * mount. + */ +static int selinux_fs_context_validate(struct fs_context *fc) +{ + if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE) + return selinux_validate_for_sb_reconfigure(fc); + return 0; +} + +/* + * Set the security context on a superblock. + */ +static int selinux_sb_get_tree(struct fs_context *fc) +{ + const struct cred *cred = current_cred(); + struct common_audit_data ad; + int rc; + + rc = selinux_set_mnt_opts(fc->root->d_sb, fc->security, 0, NULL); + if (rc) + return rc; + + /* Allow all mounts performed by the kernel */ + if (fc->purpose == FS_CONTEXT_FOR_KERNEL_MOUNT) + return 0; + + ad.type = LSM_AUDIT_DATA_DENTRY; + ad.u.dentry = fc->root; + return superblock_has_perm(cred, fc->root->d_sb, FILESYSTEM__MOUNT, &ad); +} + +static int selinux_sb_mountpoint(struct fs_context *fc, struct path *mountpoint, + unsigned int mnt_flags) +{ + const struct cred *cred = current_cred(); + + return path_has_perm(cred, mountpoint, FILE__MOUNTON); +} + /* inode security operations */ static int selinux_inode_alloc_security(struct inode *inode) @@ -6905,6 +7161,14 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), + LSM_HOOK_INIT(fs_context_alloc, selinux_fs_context_alloc), + LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup), + LSM_HOOK_INIT(fs_context_free, selinux_fs_context_free), + LSM_HOOK_INIT(fs_context_parse_option, selinux_fs_context_parse_option), + LSM_HOOK_INIT(fs_context_validate, selinux_fs_context_validate), + LSM_HOOK_INIT(sb_get_tree, selinux_sb_get_tree), + LSM_HOOK_INIT(sb_mountpoint, selinux_sb_mountpoint), + LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),