From patchwork Mon Jul 16 18:22:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10527543 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EEA84600D0 for ; Mon, 16 Jul 2018 18:41:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D6EBA28F9F for ; Mon, 16 Jul 2018 18:41:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D4A3028FA9; Mon, 16 Jul 2018 18:41:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, NO_RDNS_DOTCOM_HELO, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from USFB19PA14.eemsg.mail.mil (uphb19pa11.eemsg.mail.mil [214.24.26.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BBFC28F7B for ; Mon, 16 Jul 2018 18:41:09 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by USFB19PA14.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 16 Jul 2018 18:41:06 +0000 X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="15798585" IronPort-PHdr: =?us-ascii?q?9a23=3A6ZhE+R2lvKAcdw6HsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8Zse8eLPrxwZ3uMQTl6Ol3ixeRBMOHs6wC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwRFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3?= =?us-ascii?q?RHUMhfSidNBpqwY5YTA+YEO+tXqIvyqEEOrRu5AgmgHfrjxyNGi3L3wKE2yv?= =?us-ascii?q?gtHRzb1wAkAd4CrHHYodPoP6kQTO+11rHFwyvNb/1W2jnz5obHfR8jrv+RRb?= =?us-ascii?q?J9c9fdxEczGA3KkFqQspfoPy+X2+kXr2SX8+RtWfyphmU6qw9xuD+vxsI0h4?= =?us-ascii?q?TXnI0V0U7L9CVky4goOdK4SFR0YcOqEJtUqS6aLZZ9T8Q+TG5yoyY11L0HtI?= =?us-ascii?q?WgfCcWyJQo3QPfa/KDc4eW+BLvTfqeLi1iiH15f7K/gg+//E69weP/Tsm5yE?= =?us-ascii?q?tGoyVKn9XWtn0Bygbf5taIR/dj5EutxC6D2gHR5+1ePEw5lK7WJ4Qgz7MwjJ?= =?us-ascii?q?Yfr1rPEyDwlU7rlqGZbF8k9fKt6+n/Z7XmoYKTOJFshwHlN6QuhtS/AeMlMg?= =?us-ascii?q?gSR2Sb+fqz1Lnk/UDhXLVFlOc2kqjEsJDBP8gbp6i5AwFS0oY49RmwEy2q0M?= =?us-ascii?q?gYnHYbLFJFfwiLj471NFHVPP/0F/K/g1WokDtzxvDGOKPuAonVI3Ten7rscq?= =?us-ascii?q?xx5k5BxAYp09xS6IxYBqscLP7rX0/+rt3YDhs3MwyuxObnDc1w1pgAVmKLA6?= =?us-ascii?q?+ZNr7SsFCR6u00JOmMeYkVtyrjJPg+/PPukX84lkMdfamux5cXbmu4Ee58L0?= =?us-ascii?q?WWZnrsnM8NEX0WsQomUOzqlFqCXCZRZ3a1WaIz/C07CIK8AofFXY2tgruB3C?= =?us-ascii?q?G+HpJMfWBGFk6DEW3zd4meXPcMci2SKNd7kjMYTbihV5Mh1Ra2uQ/4ybpoNP?= =?us-ascii?q?bb+i4DtZLk0th15vPTmAo89TxwEsSc3HqCT3xynmMUWj86xqd/oVZyyl2by6?= =?us-ascii?q?h3n+RYFcBP5/NOSgo7O5/cz+h/C9/sQALMZdmJR0i7TdWhGzE+VMoxw8UJY0?= =?us-ascii?q?Z/BdqtkgzD0zCtA78PmLyBHIY0/b7E33jtO8Z9zG7L1ak8j1k8XsRPNWqmhr?= =?us-ascii?q?Rk+gjOBI7JiV+Vl6C0eqQAxCTN7nuMzXKSvEFEVw59SbjKUmwaZkvRq9T5+l?= =?us-ascii?q?7OQqSwCbs5KAtByM+DKqxMatHzi1VJWuvjMszEY22tg2ewGQqIxrSUYYX3Z2?= =?us-ascii?q?USxj/dBVMYnAAU+HaJKRIxBjy9o27ECjxhC07vaVv28eZisHO7UlM0zwaSYk?= =?us-ascii?q?J/z7q64AQVhf2HS/4IxrILoj0hqzRvHFal29LZEcaPqBR7cKVbe9M9709N1X?= =?us-ascii?q?jFuAxlIpygM6dii0YdcwttvEPu0Ah3B55Dkccwr3MqyxdyJbif0FNbeDOSxY?= =?us-ascii?q?rwNaHPKmnu4BCvbLbb1UvD39aM+6cA9u44pk75sw61E0ou6XJn08Na03GE/J?= =?us-ascii?q?XFEBISUY7tUkYw7xV6vazVbTQm6oPb0H1tPrO4sjnc1NI1HOEl0Aqvf89DMK?= =?us-ascii?q?OYEw//C9YaB8a0KOwtgFipcgkJPPtU9K4zMcKmcuGJ2KixMOZmgj2mkXxN4J?= =?us-ascii?q?ph3UKU6yp8VunI0o4Lwv6C2guHSynzjE26ss3sh4BLeysSEXGiySjhHoJRYb?= =?us-ascii?q?dyfYkTA2e0P8K33sl+h4LqW3NA8l6jBlcG2Mu3dhqJdFHyxxNf1V4QoXC9ni?= =?us-ascii?q?u41TN0mSkzrqWDxCzO3/jidB0fN25VRWltkUvsIY+uj9wAQEeobw8plB2q5U?= =?us-ascii?q?vhw6hbpaJ/IHPJQUdPZST2KHtiUqSovLqYf8FP8I8osTlQUOmkZVCaS6X9ow?= =?us-ascii?q?cD3yP4AWRewDE7dze3upT2hBF6k3qdLHd1rHrYZc5w3g3T5NrCSv5NxjAGXj?= =?us-ascii?q?V3iSHLBligONmk5c+Ul5DHsuC6SW2hTIFccS7lzI6bryu7+HFlAQalk/C0gN?= =?us-ascii?q?3nHhAw0TXn2NlySSXIsBH8b5Ho16ukN+JnZVJlBFzi5Mp8AYF+lJU/hI0K1X?= =?us-ascii?q?gdnJWV8mINkX3vPtVDxaL+cH0NSCYTw9HP/Qjl3FNsLmqTyIL/SnWS3NFhas?= =?us-ascii?q?KnYmMNxC099dtKBL2P7LxDgCt1uEa3ohzfYfh6hDcdxuUh5GQcg+4XpAon1j?= =?us-ascii?q?+dDawKHUlEISzskAyF7864rKpKf2uvb76w21d+ndy7CrGNvB1cUm7jepg+BS?= =?us-ascii?q?9w8tl/MFXU3X3r8I7kZd3QYMkPuR2VjxfBj/FZKJwrmfoMnyZnPnj9vXI9we?= =?us-ascii?q?4hkRNuxY26vJSAK2h18qK2GBhYNiHyZ8MW4Tztg7hRkduR34C1BJphAi8LXJ?= =?us-ascii?q?zqTf22DD0Sqe7rNwGUED0zsn2bA6bQHReD6Ed6qHLCC5WrOGuTJHkd09piWA?= =?us-ascii?q?WdK1ZFjw0PWjU1gII5Fhu2y8P7aEd2+Cod5ljmpRtQ0uhoLQXwUn/DpAe0bT?= =?us-ascii?q?c5UJafLABI4Q5f/EfaK8qe7v50HyFD5ZCuthCCKmmBawRPF2EJVVSOB0r/Mb?= =?us-ascii?q?m2+dnA7++YC/KmL/TQerqBt+peV/aUxZKoyYZm/iiDOduRMXV4CP07wEVDV2?= =?us-ascii?q?hjG8vFgzUPVzAXlyXVYsGAvxiw/Sl3rsGk8PT3QwLj/5CPBKVOPtl14BC5n6?= =?us-ascii?q?ODN++WhCZkJjdVzY8DxH/SyLgCx14ekS9veCOxEbQbsi7NSrjcmqhNDx4Ucy?= =?us-ascii?q?lzLtdH77og3glRPs7Wksj61r93jv4yDVdITkHuld+yaswLOW69MknLBEGRNL?= =?us-ascii?q?SJPTfL2d34YbugSb1Mi+VZrwe/uTmBHE/9IDuOjD7pVwixPuFKiSGUJh1euI?= =?us-ascii?q?WmfRZqBmnvVtXmage0MNVvlz053aU0hm/WNW4bKTV8b0RNrriK4SNChfV+Gn?= =?us-ascii?q?JO7nx+IumenCaW8erYJ40KvvtsByR7i/hV4G8my7dP6iFLWuB1kjPIrtFyu1?= =?us-ascii?q?GmjvWPyj1/XRpMqjZKhJqLvUJmOaXY6plPR23J/BcM7WWMERQFucFpCtr1u6?= =?us-ascii?q?Bf0tLPjr78KC9e89LI+ssRH8vUKcKDMHU/KhfpHTnUDAULTTG1KWHfm0xdkP?= =?us-ascii?q?aX9nKLtJQ6rIbjmIYWQL9BSFM1Du8aClhiHNEaJpd4QCkrkbqAgc4L4nq+tw?= =?us-ascii?q?XRS99cvpDcVfKSAO/jKDCHgrlYfxEI26/3LZwPNo3n3ExvckN6k5rRG0XOR9?= =?us-ascii?q?9NuDFubg8vrUpW8Xh+VHA820XragO1+n8cC/61kgQwigRgfeQn7C3s7EsvJl?= =?us-ascii?q?rWuCswl1E8lsjigTCXdj7+Mbm/XYVXCyfvrUc+LIn7QwFvYQ21h0xkOy/OR6?= =?us-ascii?q?hNgLt4aWBrlAjctINSFvFGU61EYQIfxeqMavoyy1RcsCKnxEFc5eTbFZRiiR?= =?us-ascii?q?EqcZ+wr3NAwQ5jasA6JbDILqpT0ldQnr6OvjOv1u0pxA8eIFwN/32UeC8Jv0?= =?us-ascii?q?wFLbYmJyy1/uB27gyCgTRDcnAWV/U2uvJq6l89O+OYwiL7zbFDLkGxN+qCL6?= =?us-ascii?q?KWoGXPicmIQlYs2UwSjElF4aJ60cE9fEqIT0ov1qeeFwwVNcreLgFYd9ZS9H?= =?us-ascii?q?nWfSaJreXNwZJ0Mp6gGeDpTe6Brr0bjliiHAk3A4QG9t4BEYW00EHEMcfnK6?= =?us-ascii?q?YIxg8p5ATqOFqKEuxGeBeLkTcBpMG/yoV40JJGKTEcG2p9Nzy75rjKpgMwhv?= =?us-ascii?q?qMQss2aG8AXoQYLnI2RNG6mylBsntbEja31PkUxxKf4D/iuCvQFiL8YMB5ZP?= =?us-ascii?q?aUfx9sD8u2+Ton+aislVHX6oneJ339Ndl6td/P9OIap5KDC/xKSLlwqFrTlJ?= =?us-ascii?q?dDSHyrSWHPF8S5J5/qa4kjddb0EGq1UkSjizIpSMf8JMytLq6JgQ70RYZUt4?= =?us-ascii?q?2b3Cs7O8GkCz8QAQt9qeYY6a1gYg0DZoY0bgTztwQiLaC/JhmX0sm2SWa3NT?= =?us-ascii?q?RWV+Vfzfm9Z7FP1SojdPW6yHw7QZwh0+m361QCRI8UgRHaxPajYYZeUSzyGn?= =?us-ascii?q?xSewXPuSQ5mHJ7NuY32Os/xg3HsUUEOTCRaONpcHBEv807BV6KL3R6EHY3R1?= =?us-ascii?q?+djYrG4w6jxbMS8jBcn9lKz+JKrmLyvpjFYDKjQKars4naszI8bdg6pK18KY?= =?us-ascii?q?njLdGctJPdgDPfUJjQsguKUCOhGftVgN5QLz5cQPlPhGEqJNcGtZBH6UUvSs?= =?us-ascii?q?c0P6ZPB7U0prC2dTpkCjYfwjUDV4Od2jwOmOS81qDblheRcZQiLAcLvI9Egt?= =?us-ascii?q?QDTy58ejkeq7O7V4XKi2+ETXAGIAYV7QRQ+g0AkpF/fuX774rUVp9NyyVbo/?= =?us-ascii?q?VsUiTVEJlo8kH0SmCSgVfjT/WgnPal3QVIzPLjytMbQgJwCVBBx+ZKkUslMK?= =?us-ascii?q?13K64VvoPRrj+EaUb6s3n3xOugOlZR1dXed0fkA4rdqWr8Tioc9GUWRY9I1n?= =?us-ascii?q?7SDokdnBRiaKk1vlVMPJ6pdVvk6zwi2YtpA6GyVdq3yFY9sXYGWyCqHsJPC+?= =?us-ascii?q?F8ql3XXiFqY5GwqJj+PpVSWm5Q9ISGq1ZXi0VhKSm5yYBTK8tV+D4DQCBPoS?= =?us-ascii?q?mBvNu1UMBDxdJ5AIINIthlv3fwA79LOJ+Uo3IqoLPv0WPZ9yo6sFik2DW5A7?= =?us-ascii?q?W4QP5B/20CBgUpIHyTqlE0D+sw6Gjd70zNv0tv/+dcG7iPl1l+ryh7HpBSHD?= =?us-ascii?q?ZGz3SlI050THlcvOVQML7VfNBEQ/kueR+vPAQzGuUo30OV4U15n2r1biJpuw?= =?us-ascii?q?RG/CDdWhU7WjMOgrfxgzEerN+oOSMCQZJScTohdzvFKx6cmS1PphZQdVxlW5?= =?us-ascii?q?ADDdZZ4Lwb2YxU/tTcRkqyNS4FWwFtORwi3fpZi0FDrF2SeTrBAgqwafbPrh?= =?us-ascii?q?p3cN+NrM6zMvv24hpIh5j6sOA866UDXWepmROsQdDZq4/zqMGKulGJdKfiPO?= =?us-ascii?q?22eWXBQyTUjRCsmbckCIHH/yrJPwpBLJl60n4kboL/CWPQOBRGOqYbJ1ZaVa?= =?us-ascii?q?9maNVJuOZaZ9R+dKYO469tCQqNRgnzF4y3sPlGMlHTSCzcLyqb9Oy/r5jT7b?= =?us-ascii?q?vARuf+fcGM22zIQ6RsPpd98zX7Hanl0ZNG8Ersxvht7l96SUTBMy2ZqtThIh?= =?us-ascii?q?gG5MikdkvnpJEpHDXWAJlqkHX33UFAa9AXQzC2/5QE1ZNZ8mj/Rfh/0kjpv+?= =?us-ascii?q?1Y76Nk5pUv47B11ce0Ir/fKfJbsUB7BRiUAh9l9o43DGh+QGBRZfQRKOzKcK?= =?us-ascii?q?Qcgs3vpPr7F6sN6B2a4+ZZc8fIJ1ndmsmjDTGRUQBLkx0FqTEENQucy/6Em6?= =?us-ascii?q?hvRMa+uef521wi416iLh4H1r9h/4GE9bSUpOXPdRve0aAEWrT2RsP0trksv1?= =?us-ascii?q?iS5fgkmbMVdGx6fRCoEO8HVsEH3mfg16cqzSAyHMzfA7Ls4vlDV2g2njj4gZ?= =?us-ascii?q?ByA00WGu8IHbqM5YlenGY4m+nCO90TbK9DmniAFQSlEr8Exn6n8S2XL3d5gh?= =?us-ascii?q?vWyRH/XXuz7EPqrS9/WSbMztbinVBPWbarHkpSRDSmOVNmvzyTJgbos8D3ua?= =?us-ascii?q?st5kEsLmPkrM6NlHemOL5PBML/JcecICcuq1IVjZ0xWsSv1poGGdq5O9oe7H?= =?us-ascii?q?Z+YebA5Gyxji9BuaBHh5DE7c2P/fXXB3aghbWAq7qR3DBY1mQ4vVYn59C4LP?= =?us-ascii?q?7O+8GFQ/Sm1mYWVSd/uBLNXwWrpbzfrlAUP1GL0UjQlYwSJN5ZwWU31kHo5e?= =?us-ascii?q?gkWtIz9x9SFoXeaPMYozD8Jj/0zUyYY9ItWSmUyyFXEU7tEVlkBKg833r9vM?= =?us-ascii?q?3XmnfW510oQY5we0v8hRNpC4U4KEQt6EUYwycYFQgCdwqbDbGyCkj/K4sLS1?= =?us-ascii?q?QDYwyd3LemYqc3wVFzwrS36eDPb+xzHbYCO+1BgQ6JmFhbHpMWvrMEQLJgZV?= =?us-ascii?q?BS6K7XqhLlC4j9UPjsjWAwOuGtQsBG7cAZsGMv4gO4Rxqm9ZdD4KgUhYuNdq?= =?us-ascii?q?5Fe5fMut5z71tp5D4IbCxNgwN/gwm/Ue8CuODp+sLbv4aw6uaySKYtQP0a9x?= =?us-ascii?q?coCGRllJv8mU0tr97R2eddTI3VlIv+/RtCI36Poona1QdzJfAJK4Kxc7Zq72?= =?us-ascii?q?8HKDQGJ3ISIdqWbOEx4y1qMDXT4VxOGN8DZdMcPMrQhA9Vi0zpWLdI9srYG1?= =?us-ascii?q?+VEJlzd8E272XtzDA67Jo8Xvzm6DCoOZDV90tNMO9bjCVwiNLCo/AYwfvMCC?= =?us-ascii?q?cN53mUcBx1wj6fxJmMDPbw5v+AyNbOV1MJBiQ2SZtSJCKe+Qy7Qeq4jJfpXR?= =?us-ascii?q?2a6s/9hJIzb0yRSWa3nKsbrqZAC+hAhTvn3jJGDID6m+qVs8aw6GtQrlBHH4?= =?us-ascii?q?Jz7RrLGapBOpV7PQ/1ltKsRkh6ByvwZNvYdhwwt+qK3u0M+flxN1PiZY8HJR?= =?us-ascii?q?IJ07f66XtWTgttT777pVSZUvgSZNthTvPLsHZV5ZhmK6ARIFiXvIbqoStQqF?= =?us-ascii?q?AqHA8pb6c9oSdEeUnIgA1YQL30uLoHigsATd55p1FDFn+qNGI5/TrHWrxfjL?= =?us-ascii?q?ONB/wN7jWTUqsOXl1wMiN5RxO6wo9uerWunfBDvGNLhSZ9oP8t0zx9WhSzpT?= =?us-ascii?q?fsp6UW2TI7+bG4sjoBtWZCTuWEnCfCEU9Dw+gSjacAF3bi7kSxYHcdY4v24b?= =?us-ascii?q?lnPdrv+JIg4nQ+ZBUjejMJXf6kCy7ula+IBZaPsN1Ejh6XpMrOdaOzLTQVNr?= =?us-ascii?q?klxxPjX2J90gnCkxl262YLRzSg7MM+JIqjI8olwTCoGWfDflYW/qxJqNfxtU?= =?us-ascii?q?IMTOYublNhxHts39OfRi0JXsPPAHo1jgk4ZmVYapJM9wEVG7MugjmWoqlM5h?= =?us-ascii?q?sUbyvMEoS55onQmt/F2X08Tdds22LXqbSJhpcr0H1+h9N09TWDuHUIeOzeVM?= =?us-ascii?q?9gGH/z1p1QyebmffWirvgHSJd6yLSmSPICN9Os9ne22JVrXE+lwa8TH0S4MO?= =?us-ascii?q?8F2LjbVyalSWuFWeWEaWSMmCw5MkHq7xmyMlI3cNtKr1M6MubahJ5TjQ7hUb?= =?us-ascii?q?RvSSiLuF/bynAjMeMddwIrt4enexAKQPQXZ+eCOegk2Oc+B0cUb3/VASt2DP?= =?us-ascii?q?e7sUWjnIh+J3pt4Eb3bP/z8g/4KtuSGxgFEYncrpJr//y1WH6Bajdcy0hWB2?= =?us-ascii?q?w8o+PeEUkh8/RReIuLnMTBwtF83fMBet9zPiAn/N0egIRu7c+TysjcNVn17b?= =?us-ascii?q?LXbYXRo/6FE7jcwl4sd2VyTLUUe0X26p88M9p/XKfcS/8RhR0BAeAfR5s7Oi?= =?us-ascii?q?+l7KhpKCtrexPVIbGzhdPn4OmMY80Q70TK40owISGUgBgKzvi5XEQvdJyxr2?= =?us-ascii?q?njK5A3ADRapptiDQUwWMN0Noskrgy6E9bAg6y/itms62tmquQKtuz2EfmM29?= =?us-ascii?q?OnicE5FaN/zGeoeTrQH6J2mV9NiuWpnuyGisC3DtntM5tQb81SaU2AZr7dFZ?= =?us-ascii?q?ikMRqKO9ngYAgeqvibyr0vFl2zYyD/F4iBtCSiL/hiqRE5zYx+OujUzDUr9L?= =?us-ascii?q?zd8ND7YWZdpyyqqTiCM54JqBTpCOHFFzlTTvnNpGVoELYcaoz33OwOK9snwc?= =?us-ascii?q?WZpQ5p42IGmPeIP7O8qQfs00R3fNqPNEbv1Ds4X8wJLQ65PE8EgCrdrWrQR2?= =?us-ascii?q?9VLdW+II9rjZCXFkqpr2t4nGw2LktGAHDpXp/FO20cwdi/fyWM/QdGDpAEhe?= =?us-ascii?q?HhKmAisajnYuBzN4QNou6qvagJldtzY3XETdNXLgnLJ79/IzRVA/+Kr1FuaR?= =?us-ascii?q?kB5etmErwpbISDdRtUeHyLzjn/mE6TiReuJdWxyKaEJjoX+XxbzrXDlCJBvB?= =?us-ascii?q?S9pe3D3paxbYj1R8rdZNeLaWwoWzSBSnI3GEetv1Klv6lh3rKDOWlKhFcSb2?= =?us-ascii?q?qJDRIL4Lh1pI3bB3TeiMV4d50Dmf6eVjq1QyQ+n603VUMp/VuUTa8lEg/bJ2?= =?us-ascii?q?TknHIavQWjIvFW+newZLSDy7t9QOcWC5ZCdvCDBtDRP/tZImRN9H0CIOjpWd?= =?us-ascii?q?raov4i107QC2sUF66d7FqFUEufWeCR3RrwWoMUtNNs6m9xp5TbmSlsFr6OOr?= =?us-ascii?q?+eo3ih69f+nS+YvuqYXW4oMClXyO4BAWzU2BBbMylEENAavkjxX7SNL1hBzn?= =?us-ascii?q?MniO9imlcMdQ1/X2co0yh+jf+9HcofQlkRgQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2C6BwB25Uxb/wHyM5BcGwEBAgMBAQoBAYNHgQlKEiiMX?= =?us-ascii?q?409CIJ4knmBWDEUhQSCQDcVAQIBAQEBAQECAWwcDII1JIJeAwMBAiQTBgEBD?= =?us-ascii?q?CALAQIDCQEBNwkICAMBLRQBEQYBBwUGAgEBARgEgn+BaAMVA55EihuBaTOCc?= =?us-ascii?q?QEBBYECAQFfgjUDgycIF4dUgy2BEScMgjCEZBIBEgFehReHZ4RyPS6MGgmFW?= =?us-ascii?q?IlJaodVhSyMP4csImFxTSMVO4JpgiUXg0WKHAFVT3yKYII5AQE?= Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 16 Jul 2018 18:41:04 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIeviX023567; Mon, 16 Jul 2018 14:41:03 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w6GIMR5u024325 for ; Mon, 16 Jul 2018 14:22:27 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIMZoM020682 for ; Mon, 16 Jul 2018 14:22:37 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CnBgCx4Uxbly0bGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNGgWUog3yIY4tdgWAIgniSeYFmhHcCQoIfITcVAQIBAQEBAQECFAEBAQEBBhg?= =?us-ascii?q?GTIVDAwMjBBkBATcBDyUCERUCAkUSBgEMBgIBAYMcgWgDFQOePYobbnszgnEBA?= =?us-ascii?q?QWBAgEBX4I0A4MnCBd0hmCBF4IWgREnDIIwhGSBBIJCglWHZ4RyPS6MGgmFWIl?= =?us-ascii?q?JaodVhSyMP4csgXRNIxU7gmmCGQwOCYNFihwBVU+OFQEB?= X-IPAS-Result: =?us-ascii?q?A1CnBgCx4Uxbly0bGNZcHAEBAQQBAQoBAYNGgWUog3yIY4t?= =?us-ascii?q?dgWAIgniSeYFmhHcCQoIfITcVAQIBAQEBAQECFAEBAQEBBhgGTIVDAwMjBBkBA?= =?us-ascii?q?TcBDyUCERUCAkUSBgEMBgIBAYMcgWgDFQOePYobbnszgnEBAQWBAgEBX4I0A4M?= =?us-ascii?q?nCBd0hmCBF4IWgREnDIIwhGSBBIJCglWHZ4RyPS6MGgmFWIlJaodVhSyMP4csg?= =?us-ascii?q?XRNIxU7gmmCGQwOCYNFihwBVU+OFQEB?= X-IronPort-AV: E=Sophos;i="5.51,362,1526356800"; d="scan'208";a="324693" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 16 Jul 2018 14:22:34 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ApQ4SCBPvs+QW9QMivvIl6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0K/76o8bcNUDSrc9gkEXOFd2Cra4c1ayO6+jJYi8p2d65qncMcZhBBV?= =?us-ascii?q?cuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx?= =?us-ascii?q?7xKRR6JvjvGo7Vks+7y/2+94fcbglUhTexe69+IAmrpgjNq8cahpdvJLwswR?= =?us-ascii?q?XTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3?= =?us-ascii?q?sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qi?= =?us-ascii?q?qp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzcaTfctwARW?= =?us-ascii?q?pBWcFRWzVYDo6gYYYCDvcNMf9Eo4XgulACqQWyCRWpCO7p1zRGhGL53bci3u?= =?us-ascii?q?o8Dw/G0gwuEdEAvnvao9r6NrsdX++uwanUzzjOde9a1Svz5YXKdB0qvPGCXa?= =?us-ascii?q?h3ccrU0UQiCRnKjk6Opo3lIjiby/gCs2iB4Op9W+Kvj3AoqxtsqTWo2sgjkJ?= =?us-ascii?q?LJiZwVy13f7iV23IY1KselSE51Zd6rDoFQuziGOIRsWM8tX2ZouCMjx7AApJ?= =?us-ascii?q?W1fzAKxYw5yxLCZPGLaZaE7x35WOqPIzp0nn1odbKnixuz80Ws0PDwW8iw3V?= =?us-ascii?q?pQrydIksPAum4T2xHc7MWMV+Fz8V272TmV0gDe8uFELl4wlarcM5MuzKQ+mJ?= =?us-ascii?q?QNvEnNACL4gln7gLOXe0k+5Oen9eHnYq7pppOGMo97kAD+MqA0lsy6AOQ4Nh?= =?us-ascii?q?ACX2md+euiyL3u5VP1TKhFg/EsjKXUv4rWKdoZq6KjDAJY0p4v6xOlADen1N?= =?us-ascii?q?QYk2MHLFVAeB+fk4fmIUrOL+74DPqkmFSjjDdryOrbPr3vBpXCMGLDnK79cr?= =?us-ascii?q?ln8UJT1A0zzdVH65JOFr4BOO7zWlP2tNHAFR82LQi0w+fhCNVg2YITQn6PA6?= =?us-ascii?q?+FP6PStl+E/OQvI/KWa4MPtzb9LOYltLbSiiodonpVKa2o24YHLWu1Fel8Il?= =?us-ascii?q?mIJH/rjsoFHE8UsQckCu/nkluPVXhUfXnkG+oYxRUeQNaiDIHeVsWujaaH0S?= =?us-ascii?q?OTAJJbfCZFB0qKHHOucJ+LDbNEUCuPJodElTseWPD1U4Y80Tm2vRL+jr9gKf?= =?us-ascii?q?DZvCYfsMSnnONp6vXTmBd6zjl9C8CQwinZVG1vtn8ZTD8xmqZkqApyzUnVle?= =?us-ascii?q?BDrrR8FNpO97sdSQo+NJjB38RmGtvyXUTHZd7PR1G4FJHuSwoUZ/kShtMPeE?= =?us-ascii?q?1gAM6KihHYwzHsW+ZTkKaETtRgyYf19Fu0K8dmwGvdz4EljkI6WY0XbCuhnK?= =?us-ascii?q?Eps0DxAI7P22eel6+sbqkalHrP82eFi2iJvEheSwN2ea7MW3cZZ0DfqZLy4U?= =?us-ascii?q?aUC/eNBLk8eiBGzs3KfqhHZ8biilJFbPzjItPbYn+03WCqCkDMjo+BcJH3fC?= =?us-ascii?q?091SPRAQBQiw0V8muHM009Cz2nrmb2DXlqEkziJVjl8vRkoTW9Qwk211fOJ2?= =?us-ascii?q?9o0reusjsSn+adULtH3LcDoj0gsB1yFVOw3pTREdXW9CR7e6AJStom7UYP7m?= =?us-ascii?q?nZvhFzOpG6Z/Rpj0UTYixstEPnyhtzB58FmsFsp3QvmlkhYZmE2U9MImvLla?= =?us-ascii?q?v7PafafyyipEr1OafLxlHT1sqX8a4T6fM+7k/upxytClF4qCg17uF5+CC33r?= =?us-ascii?q?yTVUwfXJfqXQAy/hl+4bTbZnp1/JvagFtrN6T8qTrew5QxHuJwwR+7csZ3K6?= =?us-ascii?q?iEHRL8F8AAQsOnbuctngvhdQoKacZV8qN8JMa6b72D0a+vMvxnmWethH9K8a?= =?us-ascii?q?hm2UKF6iR4R/SN1J9DyPadjUOcTzmpqlCnv4jsnJxcIzEfGm3q0S//GItYfb?= =?us-ascii?q?F/Z64QDmGvKJbvlpAn2tjmXHhD8UTlAloH3ImmYEPUflX92goW3kMS8jSrmi?= =?us-ascii?q?q9miR9iCph7rGe0yrH3/n4eVIZN3RKSmhvgRakIYW9g90AGkn9RxkglByio0?= =?us-ascii?q?39wqU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AoBgBz4Uxbly0bGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNGgWUog3yIY4tdgWAIgniSeYFmhHcCQoIfITcVAQIBAQEBAQECARMBAQE?= =?us-ascii?q?BAQYYBkwMgjUkgl4DAyMEGQEBNwEPJQIRFQICRRIGAQwGAgEBgxyBaAMVA54?= =?us-ascii?q?9ihtuezOCcQEBBYECAQFfgjQDgycIF3SGYIEXghaBEScMgjCEZIEEgkKCVYd?= =?us-ascii?q?nhHI9LowaCYVYiUlqh1WFLIw/hyyBdE0jFTuCaYIZDA4Jg0WKHAFVT44VAQE?= X-IPAS-Result: =?us-ascii?q?A0AoBgBz4Uxbly0bGNZcHAEBAQQBAQoBAYNGgWUog3yIY?= =?us-ascii?q?4tdgWAIgniSeYFmhHcCQoIfITcVAQIBAQEBAQECARMBAQEBAQYYBkwMgjUkg?= =?us-ascii?q?l4DAyMEGQEBNwEPJQIRFQICRRIGAQwGAgEBgxyBaAMVA549ihtuezOCcQEBB?= =?us-ascii?q?YECAQFfgjQDgycIF3SGYIEXghaBEScMgjCEZIEEgkKCVYdnhHI9LowaCYVYi?= =?us-ascii?q?Ulqh1WFLIw/hyyBdE0jFTuCaYIZDA4Jg0WKHAFVT44VAQE?= X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="13850824" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 16 Jul 2018 18:22:32 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;235481c5-be08-40ec-b623-1f712ee3fc5a Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC05.oob.disa.mil (Postfix) with SMTP id 41TsFz2LZqzrKY3 for ; Mon, 16 Jul 2018 18:22:31 +0000 (UTC) Received: from UPDC3CPA11_EEMSG_MP27.eemsg.mil (unknown [192.168.18.22]) by UPDCF3IC05.oob.disa.mil (Postfix) with ESMTP id 41TsFy29ppzrKYS for ; Mon, 16 Jul 2018 18:22:30 +0000 (UTC) Authentication-Results: UPDC3CPA11.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic308-15.consmr.mail.gq1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 28844789|UPDC3CPA11_EEMSG_MP27.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 98.137.68.39 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3AzOS/6xYq+bnmdyUcfDjvfCf/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZps65bB7h7PlgxGXEQZ/co6odzbaO7ea4ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9HiTahYL5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYe?= =?us-ascii?q?RWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZ?= =?us-ascii?q?TAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hy?= =?us-ascii?q?gbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQctQYSmVbXsZRUCtBDpql?= =?us-ascii?q?Y4YTAecMPPtUo5Dhq1cTsBCyARegCP/qxjJOm3T437A10/45HA/bwgIgEdIAvn?= =?us-ascii?q?faotr7O6gdU/y6wqbTwDXfbf5bwyvx5JTGfx0jp/yHQLJ+cdDWyUkqDw7IkE+f?= =?us-ascii?q?qZf7MDKVy+8DrnSU7+p6WuKyhW4nrx9+oiKyzcorlobGnJkVxU7E9Chi24Y6Od?= =?us-ascii?q?24R1RmYd6qFJtfqTuaO5JqTcw4WW1npCE6yrgftJO9YSMEy4wnygbbZvGEaYSE?= =?us-ascii?q?/xzuWeSLLTp5h39pYryyihKq/UWhyODwTNS43VdOoyZfk9TBtmoB2wLN5sWITP?= =?us-ascii?q?Z2412v1iyV1w/J7+FJOUA0mrTfK54m2rMwjZ0TsULCHiDqlkj6kKybelw59uWo?= =?us-ascii?q?8ejofrLmppmHN49xkAHyKKEulda+AeQ8KAQOUHGb9fmm2Lzj50L5QLJKjvosnq?= =?us-ascii?q?bFt5DaINwXpq+/AwBLzoYu8xKyAjS83NgFk3QKLkhJdROEgoTzNVzDJOj0DfKl?= =?us-ascii?q?jFStlDdryerGPrrkApjVMnfMiqzhcqh96kNH0wo80dBf6IhJCrEPJPL8RFXxuM?= =?us-ascii?q?XEARAjKQC73+HnCNBl2oMERW2PGrOZML/VsVKQ/eIgPe2MZI4TuDbgJPko/OLu?= =?us-ascii?q?jH8lll8deqmlx50XaGuiEfh8LEWZZmTs0Z89FjIuhS92GOjrjkCSFCVebGuoXr?= =?us-ascii?q?4tozQ8BJ+iAK/dSY23xr+MxiG2GttRfG8QThioMlPNP9GAWvEReGeRL9Vnnzgs?= =?us-ascii?q?S7esUcki2AuouQu8zKBoeK6cwiQFsdrG099v6qWHjRgv8RRsBtmZlmSKSHt52G?= =?us-ascii?q?gPQmlylJtjrFR9x1HL6q1xh/hVBJQH/P9SehsrPp7biephApb9XRyXOp+yZR6C?= =?us-ascii?q?Q9O7EXllVd81wtkTc25hCt6iiVbFxCPsDLgLwfjDTqcR24n/mnTwPM1g0G3u0K?= =?us-ascii?q?g6k0JgGpIJMnepzOYrzC36LK2Mn0SCnLuxbowY3TXR7yHblCyJpk4OFEZSVqXD?= =?us-ascii?q?FVIYZkLQttn/rhfASL+oT7YgMgJH0sOEAqBDbNrvjF5PQLHoP9GIJyqSlmqrTT?= =?us-ascii?q?2PwbDEOInndn4W2yLeIEMEiQcW/GuDcw8kCXHl617TECdzEhrPakXg+KEqsH69?= =?us-ascii?q?QVI1yUSJYldn2r6d+1sRguKRDega3a8esWEnpnN2BAD5l/DfDteb7y9mZr9dep?= =?us-ascii?q?tp4lJAz3jYrCR7N5mtLuZlnFFIICptuEa7/BxsB5QIqsMqpW4kyAdoYfaT2UhM?= =?us-ascii?q?ZhuD1pD5J7PTJ3O39xnpYKnTjAKNmO2K87sCvaxr427ouxukQw9yqyw2gekQ6G?= =?us-ascii?q?OV49DxNCRXVJvwVkgt8B0j9+PBaSk0+o3Q2GcpOqDyuTjHiYpwWLkVjy24dtIa?= =?us-ascii?q?C5uqURfoGpRKVdOlKOU3lVykdFcPNaZZ86tmZ5r7JcvD47aiOaNbpBzjjWlD59?= =?us-ascii?q?ssgFmL8St3EbaYms9Yhfqf2BCCTXH5hVal9M/uwMZVbDEVGSy0zi22XIM=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C+BABz4UxbhidEiWJcHAEBAQQBAQoBA?= =?us-ascii?q?YUrKIN8iGONPQiCeJJ5gWaEdwJCgh8ZBgYzFQECAQEBAQEBAQEBEwEBAQgLCwg?= =?us-ascii?q?pIwyCNSSCXgMDIwQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHIFoAxWeQIobbnszg?= =?us-ascii?q?nEBAQWBAgEBX4I0A4MnCBd0hmCDLYERJwyCMIRkgQSCQoJVh2eEcj0ujBoJjyF?= =?us-ascii?q?qh1WFLIw/hyyBdE0jFTuCaYIZDA4Jg0WKHAFVHzCOFQEB?= X-IPAS-Result: =?us-ascii?q?A0C+BABz4UxbhidEiWJcHAEBAQQBAQoBAYUrKIN8iGONPQi?= =?us-ascii?q?CeJJ5gWaEdwJCgh8ZBgYzFQECAQEBAQEBAQEBEwEBAQgLCwgpIwyCNSSCXgMDI?= =?us-ascii?q?wQZAQE3AQ8lAhEVAgJFEgYBDAYCAQGDHIFoAxWeQIobbnszgnEBAQWBAgEBX4I?= =?us-ascii?q?0A4MnCBd0hmCDLYERJwyCMIRkgQSCQoJVh2eEcj0ujBoJjyFqh1WFLIw/hyyBd?= =?us-ascii?q?E0jFTuCaYIZDA4Jg0WKHAFVHzCOFQEB?= Received: from sonic308-15.consmr.mail.gq1.yahoo.com ([98.137.68.39]) by UPDC3CPA11.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:22:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1531765345; bh=wGokX5KXLrF+kfzQVbFBh8RaGGv6bDKzhSpBEAgIXc4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=VXBTs9OXm3Dbx6EUhV5js+GpKMY3aHPHrixrwW71eGbVnHrQZvRlNNxfgpGiIJ+kqwF1qK3MRX6asuxwPEg2fnH2To9p0GxoC5iNhqxREWoJ5lNfh6c3w//MmAP8UufQI8c7OjAOIT0Px917hF9HAk709L6LHLiOGWIwcWaK2QfArrSrx7TEqN9ORvHIgrDwDk4WBvxsSkXoCL+QNam9QgV4Ua/B3Yc2rUwAYeyLPdMvAN3PZR6b1wQvpzzdjQx38UzcxwO6FURcQQutbowTVGxx4QTX0Bdn4q6Wa6+Il8q9ZVyOXHLIZy2A9UFh9Bd0KAEtzIpJNANSybCnWJHvLg== X-YMail-OSG: 05XGHqQVM1kv2HUJqdQFZiG2qroHz3QPsMk7tsbddeY5XZ2o33OI6P_GsqNUTv8 3SlXmLLzF62Jxj_T.2nzfaHKtLnM6iWjwyutdLThq9mC5poi5AAkToQnGqHrv5zDm.I21OONQmDg 9eNxQ6vLbm1qLQP0X.SnewSo7XyNa2gaYS17sHk9QHOmmuJkZgCvgSNDkQQk5rBzD4Ku69fcYgio shRQtlpZdNmpdn3bR4jOXTd6HUEWMYQtOetsWnXeSN5j.lUQf_djJCojBsn9.NF2E5tqutfuUmVE emjT.ircrFpmYLMZQmCQxZ6STmJR8ibvo2sBIoerGzPBA0d82Y_jvwARP9lVgAksWlxE747FK_wZ 3TXKsNKm4FRiOBg09w5EQTNlkvjcY3.cvF5i0L4GV7emL0R38EjYKGMmT5jVR29_rg9gQe_yStO3 jEeD5Evdo7Q3TMCRinvkV8YoCgKBs.Ui24CKyMxcM29Xl9UpouXnOnhDlr9sAVhcmLYRBgwlVy0F 7glLSYGVq.CXjCGoCTQnB5me1y8xRZOdJeW3GD8Hpw7eA8n8W.R4alPrG3g2V8gIxYguaq2s3GOP FCwASEA512QGKbPibFLkY.rG8V7enYPHoaH5gDJpq0dhydoqlw2ipkSlZ12yjT1g9CBAy7A1_rph D36LrhZQqMg_L0_9hIFkBrOcizcIpQiPW3zovckdS7cVn8sf9QIHhA880m9.uTD_kFHNxZQrl5WZ UWSD65y4KdRClKYf_.fbjhHCxVheRSB53tvWIxoUa1Mc_fKxxyQbuyYwqIW59vjp6FIICOM6xkHv .5r8wZY9QMnCGZ8uq0tva2Fqe9J486f8FSGeClGguEAusyQcghnDIROm19xf65KRXOLuzOcV21ha eqhG7XcfZVcbnlv2rqkdHWCiidFn0rMhc8Rhpy73o1qbAuJqJgIJBIZkoW06vTRYLQPBnnG_Sq11 .vgJ4IOf3BmTG0UbkQPIJrQAKCAfE1K0hTToigjb.Zbt_h_yO.MKH852haxRLS1m54nzyLF5dIhg eZFruB6ZRdbOWKFNVeSGd Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.gq1.yahoo.com with HTTP; Mon, 16 Jul 2018 18:22:25 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.100]) ([67.169.65.224]) by smtp424.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 732a420846080b802b804ac4f998088e; Mon, 16 Jul 2018 18:22:20 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <1a91ee87-7513-e3fd-a40f-e6e6d8aa6518@schaufler-ca.com> Date: Mon, 16 Jul 2018 11:22:17 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Mon, 16 Jul 2018 14:38:37 -0400 Subject: [PATCH v1 02/22] Smack: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Smack: Abstract use of cred security blob Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/smack/smack.h | 14 +++++++-- security/smack/smack_access.c | 4 +-- security/smack/smack_lsm.c | 57 +++++++++++++++++------------------ security/smack/smackfs.c | 18 +++++------ 4 files changed, 50 insertions(+), 43 deletions(-) diff --git a/security/smack/smack.h b/security/smack/smack.h index f7db791fb566..0b55d6a55b26 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; #define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; +static inline struct task_smack *smack_cred(const struct cred *cred) +{ + return cred->security; +} + /* * Is the directory transmuting? */ @@ -382,13 +387,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) return tsp->smk_task; } -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) +static inline struct smack_known *smk_of_task_struct( + const struct task_struct *t) { struct smack_known *skp; + const struct cred *cred; rcu_read_lock(); - skp = smk_of_task(__task_cred(t)->security); + cred = __task_cred(t); rcu_read_unlock(); + skp = smk_of_task(smack_cred(cred)); return skp; } @@ -405,7 +413,7 @@ static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) */ static inline struct smack_known *smk_of_current(void) { - return smk_of_task(current_security()); + return smk_of_task(smack_cred(current_cred())); } /* diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 9a4c0ad46518..489d49a20b47 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -275,7 +275,7 @@ int smk_tskacc(struct task_smack *tsp, struct smack_known *obj_known, int smk_curacc(struct smack_known *obj_known, u32 mode, struct smk_audit_info *a) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_tskacc(tsp, obj_known, mode, a); } @@ -635,7 +635,7 @@ DEFINE_MUTEX(smack_onlycap_lock); */ bool smack_privileged_cred(int cap, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *skp = tsp->smk_task; struct smack_known_list_elem *sklep; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7ad226018f51..ec68fb48eabd 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -121,7 +121,7 @@ static int smk_bu_note(char *note, struct smack_known *sskp, static int smk_bu_current(char *note, struct smack_known *oskp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char acc[SMK_NUM_ACCESS_TYPE + 1]; if (rc <= 0) @@ -142,7 +142,7 @@ static int smk_bu_current(char *note, struct smack_known *oskp, #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_task(struct task_struct *otp, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *smk_task = smk_of_task_struct(otp); char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -164,7 +164,7 @@ static int smk_bu_task(struct task_struct *otp, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_inode(struct inode *inode, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack *isp = inode->i_security; char acc[SMK_NUM_ACCESS_TYPE + 1]; @@ -194,7 +194,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc) #ifdef CONFIG_SECURITY_SMACK_BRINGUP static int smk_bu_file(struct file *file, int mode, int rc) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -224,7 +224,7 @@ static int smk_bu_file(struct file *file, int mode, int rc) static int smk_bu_credfile(const struct cred *cred, struct file *file, int mode, int rc) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_known *sskp = tsp->smk_task; struct inode *inode = file_inode(file); struct inode_smack *isp = inode->i_security; @@ -428,7 +428,7 @@ static int smk_ptrace_rule_check(struct task_struct *tracer, } rcu_read_lock(); - tsp = __task_cred(tracer)->security; + tsp = smack_cred(__task_cred(tracer)); tracer_known = smk_of_task(tsp); if ((mode & PTRACE_MODE_ATTACH) && @@ -495,7 +495,7 @@ static int smack_ptrace_traceme(struct task_struct *ptp) int rc; struct smack_known *skp; - skp = smk_of_task(current_security()); + skp = smk_of_task(smack_cred(current_cred())); rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__); return rc; @@ -912,7 +912,7 @@ static int smack_sb_statfs(struct dentry *dentry) static int smack_bprm_set_creds(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); - struct task_smack *bsp = bprm->cred->security; + struct task_smack *bsp = smack_cred(bprm->cred); struct inode_smack *isp; struct superblock_smack *sbsp; int rc; @@ -1743,7 +1743,7 @@ static int smack_mmap_file(struct file *file, return -EACCES; mkp = isp->smk_mmap; - tsp = current_security(); + tsp = smack_cred(current_cred()); skp = smk_of_current(); rc = 0; @@ -1839,7 +1839,7 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int signum) { struct smack_known *skp; - struct smack_known *tkp = smk_of_task(tsk->cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred)); struct file *file; int rc; struct smk_audit_info ad; @@ -1887,7 +1887,7 @@ static int smack_file_receive(struct file *file) if (inode->i_sb->s_magic == SOCKFS_MAGIC) { sock = SOCKET_I(inode); ssp = sock->sk->sk_security; - tsp = current_security(); + tsp = smack_cred(current_cred()); /* * If the receiving process can't write to the * passed socket or if the passed socket can't @@ -1929,7 +1929,7 @@ static int smack_file_receive(struct file *file) */ static int smack_file_open(struct file *file, const struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct inode *inode = file_inode(file); struct smk_audit_info ad; int rc; @@ -1976,7 +1976,7 @@ static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void smack_cred_free(struct cred *cred) { - struct task_smack *tsp = cred->security; + struct task_smack *tsp = smack_cred(cred); struct smack_rule *rp; struct list_head *l; struct list_head *n; @@ -2006,7 +2006,7 @@ static void smack_cred_free(struct cred *cred) static int smack_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - struct task_smack *old_tsp = old->security; + struct task_smack *old_tsp = smack_cred(old); struct task_smack *new_tsp; int rc; @@ -2037,15 +2037,14 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, */ static void smack_cred_transfer(struct cred *new, const struct cred *old) { - struct task_smack *old_tsp = old->security; - struct task_smack *new_tsp = new->security; + struct task_smack *old_tsp = smack_cred(old); + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = old_tsp->smk_task; new_tsp->smk_forked = old_tsp->smk_task; mutex_init(&new_tsp->smk_rules_lock); INIT_LIST_HEAD(&new_tsp->smk_rules); - /* cbs copy rule list */ } @@ -2056,12 +2055,12 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) * * Sets the secid to contain a u32 version of the smack label. */ -static void smack_cred_getsecid(const struct cred *c, u32 *secid) +static void smack_cred_getsecid(const struct cred *cred, u32 *secid) { struct smack_known *skp; rcu_read_lock(); - skp = smk_of_task(c->security); + skp = smk_of_task(smack_cred(cred)); *secid = skp->smk_secid; rcu_read_unlock(); } @@ -2075,7 +2074,7 @@ static void smack_cred_getsecid(const struct cred *c, u32 *secid) */ static int smack_kernel_act_as(struct cred *new, u32 secid) { - struct task_smack *new_tsp = new->security; + struct task_smack *new_tsp = smack_cred(new); new_tsp->smk_task = smack_from_secid(secid); return 0; @@ -2093,7 +2092,7 @@ static int smack_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_smack *isp = inode->i_security; - struct task_smack *tsp = new->security; + struct task_smack *tsp = smack_cred(new); tsp->smk_forked = isp->smk_inode; tsp->smk_task = tsp->smk_forked; @@ -2277,7 +2276,7 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, * specific behavior. This is not clean. For one thing * we can't take privilege into account. */ - skp = smk_of_task(cred->security); + skp = smk_of_task(smack_cred(cred)); rc = smk_access(skp, tkp, MAY_DELIVER, &ad); rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc); return rc; @@ -3603,7 +3602,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value) */ static int smack_setprocattr(const char *name, void *value, size_t size) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); struct cred *new; struct smack_known *skp; struct smack_known_list_elem *sklep; @@ -3644,7 +3643,7 @@ static int smack_setprocattr(const char *name, void *value, size_t size) if (new == NULL) return -ENOMEM; - tsp = new->security; + tsp = smack_cred(new); tsp->smk_task = skp; /* * process can change its label only once @@ -4280,7 +4279,7 @@ static void smack_inet_csk_clone(struct sock *sk, static int smack_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) { - struct smack_known *skp = smk_of_task(cred->security); + struct smack_known *skp = smk_of_task(smack_cred(cred)); key->security = skp; return 0; @@ -4311,7 +4310,7 @@ static int smack_key_permission(key_ref_t key_ref, { struct key *keyp; struct smk_audit_info ad; - struct smack_known *tkp = smk_of_task(cred->security); + struct smack_known *tkp = smk_of_task(smack_cred(cred)); int request = 0; int rc; @@ -4580,7 +4579,7 @@ static int smack_inode_copy_up(struct dentry *dentry, struct cred **new) return -ENOMEM; } - tsp = new_creds->security; + tsp = smack_cred(new_creds); /* * Get label from overlay inode and set it in create_sid @@ -4608,8 +4607,8 @@ static int smack_dentry_create_files_as(struct dentry *dentry, int mode, const struct cred *old, struct cred *new) { - struct task_smack *otsp = old->security; - struct task_smack *ntsp = new->security; + struct task_smack *otsp = smack_cred(old); + struct task_smack *ntsp = smack_cred(new); struct inode_smack *isp; int may; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index f6482e53d55a..9d2dde608298 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2208,14 +2208,14 @@ static const struct file_operations smk_logging_ops = { static void *load_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2262,7 +2262,7 @@ static int smk_open_load_self(struct inode *inode, struct file *file) static ssize_t smk_write_load_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_FIXED24_FMT); @@ -2414,14 +2414,14 @@ static const struct file_operations smk_load2_ops = { static void *load_self2_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_rules); } static void *load_self2_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_rules); } @@ -2467,7 +2467,7 @@ static int smk_open_load_self2(struct inode *inode, struct file *file) static ssize_t smk_write_load_self2(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_write_rules_list(file, buf, count, ppos, &tsp->smk_rules, &tsp->smk_rules_lock, SMK_LONG_FMT); @@ -2681,14 +2681,14 @@ static const struct file_operations smk_syslog_ops = { static void *relabel_self_seq_start(struct seq_file *s, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_start(s, pos, &tsp->smk_relabel); } static void *relabel_self_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); return smk_seq_next(s, v, pos, &tsp->smk_relabel); } @@ -2736,7 +2736,7 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file) static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - struct task_smack *tsp = current_security(); + struct task_smack *tsp = smack_cred(current_cred()); char *data; int rc; LIST_HEAD(list_tmp);