From patchwork Thu May 18 20:58:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9735253 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 20C91601A1 for ; Thu, 18 May 2017 20:54:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D11D288A7 for ; Thu, 18 May 2017 20:54:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 016BD288CF; Thu, 18 May 2017 20:54:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1EF6D288A7 for ; Thu, 18 May 2017 20:54:44 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.38,360,1491264000"; d="scan'208";a="5921862" IronPort-PHdr: =?us-ascii?q?9a23=3AisZTah+v0hbZZ/9uRHKM819IXTAuvvDOBiVQ1KB5?= =?us-ascii?q?0ukTIJqq85mqBkHD//Il1AaPBtSErasVwLOL6ejJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMhjexe65+IRG5oQnMtsQan5ZpJ7osxBfOvnZGYf?= =?us-ascii?q?ldy3lyJVKUkRb858Ow84Bm/i9Npf8v9NNOXLvjcaggQrNWEDopM2Yu5M32rhbD?= =?us-ascii?q?VheA5mEdUmoNjBVFBRXO4QzgUZfwtiv6sfd92DWfMMbrQ704RSiu4qF2QxDmki?= =?us-ascii?q?cHMyMy/n/RhMJ+kalXpAutqwFjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfWSJCDI27?= =?us-ascii?q?d4sCDfcNMOhGoInmvFYCsQeyCBOwCO711jNEmnn71rA63eQ7FgHG2RQtEc8SsH?= =?us-ascii?q?vKtNX1NLkdUeaox6fVyDXMdfdW2TPj54nIbxsspuqMUq9rccfK1UkuFx/KjlWX?= =?us-ascii?q?qYD/OTOVzf4Cv3KU7+pnS+KikmgqoBx/rDiow8cjkIjJhoQNx1DL9CV53IY1Jc?= =?us-ascii?q?CjR0JhfdGkF55QuieHPIV1WsMvW3xktSk1x7EcuZO3YTIGxIooyhLBcfCLbo6F?= =?us-ascii?q?6Q/5WumLOzd3nndldaq6hxa17Eev1PXxVtKx0FZWtipFlcTMtmwV2xzT9MeHTv?= =?us-ascii?q?x981+92TmVzQDT6/xEIVsumarHK58u3r4wlp0JvUTFAiD2g1n5gLWTdkUl/uik?= =?us-ascii?q?8+XnYrP4qZ+AL4J4lw7zP6s0lsG/HOg0KBYCUmeF9eimybHv5Uj5T69Ljv0ynK?= =?us-ascii?q?nZqpfaJcEDq66iHQBV1ocj6xCiDzapydgXhn4HLE9DeB2bkYfpIErDIOz4DPij?= =?us-ascii?q?g1Ssly1nx/bdPrL7GJnNIX/DkKn5cbZn90Fc0BYzzcxY559MCLEBJ/TzVVXttN?= =?us-ascii?q?zYFBA5NRe5w+TgCNV704MRQ3mPArOHP6PIql+E/OUvI/ODZIUNojbyN+Al5+Ly?= =?us-ascii?q?jX8+gVIdf6up0oELZ3C7BfRmJEOZYXvygtoaH2cKuhc+TePxh12fVz5Te2uyU7?= =?us-ascii?q?g75jEhB4KsFZ3DSZy1gLydwCe7GYVbZ25HClCIFHfnaZ+EVuwCaC2MP8BhlSYE?= =?us-ascii?q?WqK5S4870hGuthH1xKZ7LubO/S0Yr53j3sBv5+LPjREy6SB0D8OF3m6QU250m2?= =?us-ascii?q?QIRzkq3KxiukF91EmM0bJ5g/1ZEtxT4elFUgEkOp7A1+Z6Ecz9WhrdfteVT1ar?= =?us-ascii?q?WsipAS0rQdIr2NIBf0F9G9C+gR/ZxCqqH6UZl7qVC5wo6qjcxWT+J95hy3ba06?= =?us-ascii?q?ksl1knQ8pINW2gnaN/8gzTC5fIk0Wfjaqqc74T3DTO9GeC02qBoltUUAhuXqXZ?= =?us-ascii?q?RXoffFfZrczl5kPeSL+jEa8oPRBGxc6GK6tKccHpjU5cSPf4JtvRf3i9m3yuCh?= =?us-ascii?q?aMx7OMapfqemoG0SrBCEkEiR0T/W2cOQkwHCihv3neDDtoFV71ZEPs6+Z+omuh?= =?us-ascii?q?TkAo1wGKc1Fh172t9xELnfyTUekT3rMfuCo6szV7Bky939PNC9qYowpuZrlTbs?= =?us-ascii?q?0n7FdAz2LZuBR3Poa8IKB6ml4ebwN3slvg1xVtEIpAl9QlrHIxzAdpLKKYyFJB?= =?us-ascii?q?eyqD3ZH+Ib3bMG7y/Aqga6TOwFHRzM6W+rsT6PQ/s1jjvxumFkkl83V6yNRV0G?= =?us-ascii?q?GT5pbNDAoPS57xVVw39xdirbHAfiY9/5/U1WFrMaSsqDDNxsgpBOo7xRa6ZNpQ?= =?us-ascii?q?Kr+LFAroH80dHciuJ/Qgm0K1YRIcIOBS6Kk0Mtu9d/uIwq6rO/1gnC69gGRc5o?= =?us-ascii?q?B91UyN9y9mRe7OxZoFxe+X3hefXTfmkFihqtz3mZxDZTwKEGuw0yzkBJJPaa1o?= =?us-ascii?q?ZoYGEnmuLNOtxtplmp7tXmRU9Fm5B1MJwMWpYwadb0Th3Q1M0kQauWCnljalwD?= =?us-ascii?q?x1iT4pqrGS0zDJw+TnaBUIIHVLRHV4gVfqP4e0k8gQXFK0YAgxiBul+UH6yrBd?= =?us-ascii?q?pKR+K2nTRVlHfzPtIm54TKSwrL2Cb9RI6JMyviVdSP68bkyCSr7hvxsa1DvuH3?= =?us-ascii?q?VfxD8nazGqvY/5kwZmh2KdK3ZzqnXZdNp0xRfe4tzTX+RR3j0cSCl/kznXCUC2?= =?us-ascii?q?P8O18tWMi5fDrue+WnqlVp1Sainr0ZqMtDCl6m1uAB2/me2zm9L8HAghyS/71t?= =?us-ascii?q?9qVSTUoxbneIXr0bq1Mf5/dElyGFD889Z6Gp15koYonpEQ3nwahpGL8nodjWjz?= =?us-ascii?q?Ntta1LnlbHoQWTEL2MTZ4A//2E1sNniJ3Z72Vm2Bwst9YNm3ensW1Tgg78BOEq?= =?us-ascii?q?ub9qZIkjByolq8sQLRZv59kywYyfcy7n4ahP0GtBArziqDHrAYBVNYMjD0lxSU?= =?us-ascii?q?89C+q71aZGWxfri2z0pzhtOhA6+EogFHXnb2ZIsiETV37sVlP1LGyGfz5Z38eN?= =?us-ascii?q?nMcdITsQWZkwnGj+dIM58xiPwKijdnOW7nu30q1fI7hwR03Z6mpIiHN3lt/KWh?= =?us-ascii?q?Dx5ALDL1escT9yrxgqZfgsaX35mjHpt7FTUNRpfoSuioED0Kv/T9KwmOCCE8qm?= =?us-ascii?q?ucGbfHBQ+Q8lpmr3bRHJCzLX6XImUZwst4RBSGOUxfmx4bXC8hnpIjDQCqw9Hh?= =?us-ascii?q?cF1l6T8P6F74rQFMyu12OBXlVGfQuhuoYC8uSJeDNBpW8h1C50DNPMyQ9O1zGT?= =?us-ascii?q?1Y/pqkrAGWJGyUeRlHDWYTWkOeH1DjJL6u5dve/OeEGuqyNfzOYa+BqeZGTfeH?= =?us-ascii?q?2Yqv0pd6/zaLLsiPO2NtD/k/2kVdQXB5B97WlC8URiwRiS3Nc9Wbqwum9S1vsM?= =?us-ascii?q?+z6vLrVxzz5YGXEbtdLc1v+wyqgaeEL+OQnjx1KDhC2pMJ33DIzL8f3V4Jhi50?= =?us-ascii?q?azatFK4MtSnXTKLfgqVXFQIUaztvNMtU6KIxxgdNOdTFhdzozb53lPg1C0tCVV?= =?us-ascii?q?z6gcymf9AFI2SnOFPAHkaLO6yMJSfXzMHvfaO8VbpQgf1Stx2qozmbC1fjMy+N?= =?us-ascii?q?lznoTRCvKv1MjC+aPBxYoo69dApiCWn5Q9LicBG7N8V3jTIuy70umnzKLXIcMS?= =?us-ascii?q?R7c05Vtr2f8zhXjet5G2xA8nplKvKJmyeH4ObGNJkaq/xrAj57l+hC+nQ116NV?= =?us-ascii?q?7D1YRPxygCbds8VurE+8nemA0DpoSgROpy1QhI2RvkViJL/Z+YNaVXbA4RIN63?= =?us-ascii?q?+fCw4Tq9t5Dd3vuKBRyt/VmKL1NjhC78re/dEACMjMNMKHLH0hPALyGDHOEgsK?= =?us-ascii?q?VzGrOn/Eh0FGi/Gd7GOVoYI1qpfyg5oCULlbW0IpFvkCEERqAMQCIItrXjMjib?= =?us-ascii?q?OUl88I5XW5rBnXX8hVo47IWemTAfr1LjaVl75EZwEHwbngN4QcKpX721B+all9?= =?us-ascii?q?hInFAUXQUspToiJ/dQI0p11N/2Z4Tm02wU3lawet72QUFf+7hBI2jRF+Yes1/j?= =?us-ascii?q?f2/1g3PkbKpDc3kEQphdXlhjWRfCTrLKe3XIBZFSz0uFMrMpP8XQl1bha/klBj?= =?us-ascii?q?NDfBW71elaBgdXxxhA/ap5RPBeZWTbdYbx8I2fGXe/Io3ExfqiSnwU9I+/DICZ?= =?us-ascii?q?5llAskf56jsW5A2x5jbN4yIKzfOrBFzl5OiaKSpiWozPw+wBcCJ0YR92OfYCgI?= =?us-ascii?q?t1ISObkiPCeo/ets6ReemzRZfmgMTPkqovNw+kM7JeuA0zrq06RfJUCpK+yfM6?= =?us-ascii?q?SZtnDalcGWWVM/yFkHl1NZ8rh2ysosaEuUV1oyw7uWGRQJLdDCJh9VbsZI8njc?= =?us-ascii?q?YzqOu/3XwZ1pJ4W9CvzoTeiWuakJhUKkGgApEJkS4cQFH5mhy1vXItn9LL4C0x?= =?us-ascii?q?kt4x7rJFqdBvRTZB2LiCsHo924zJJvwIZSPC8dAWRgPiWs/bvYvBUqgOCEXNY4?= =?us-ascii?q?eXcVQJcLNm8sWM27hy5Yv25MDD+p3eIF0AKC9SPzpjzMDDngaNpufPOUZRR2CN?= =?us-ascii?q?6o/zU+8q+2hEXY8pXYOmH2L9NiusXA6ekCvZaIF+tUTaVhs0fbg4RYXGKlU2rO?= =?us-ascii?q?Ed6zOpjxZJIhYsDzCna/TlOwkSk1T9vrMNarMKeInRniRZxIv4mDwDAjKci9Gy?= =?us-ascii?q?kdGxdqp+AM/qR8ZREDY5cgbh7osBw+OLClLAeezNquX36nKSFKQPlH0eW6e7tX?= =?us-ascii?q?wjIwbu+7zXsgSY06z+m38EMWWZ4KjxHfyuy4aIVEVyj8BGBdcR3VpSUlj2hhKv?= =?us-ascii?q?oywuAnzRzStVkcMiyEe/JxZ2xBv9A8A1SSIXNsBWcjXFCcjJDM4gi107Ac4itR?= =?us-ascii?q?hdBU3vNZsHLmpJ/QfCqsWLC3qZXSqycvdsYpo6tqPIP5P8SGqo3RnibETJbKqA?= =?us-ascii?q?2EUDS2F/1AmthfOChYWuVHmXk5OcwavopM8UUxVto/J7xLDKkjuLWqZCF5AiEM?= =?us-ascii?q?1iAZVpmP3DoYjue7wbvamQ+acI4+PxwcrJVCntwdXjZsYiMYpa+sS4XWl2iASm?= =?us-ascii?q?gQOAkd9BlC6hgcm4F3Ze3q/I3ITJpQxDFMuPJ0TjHHFp92+FvnUmuWm0T3SO29?= =?us-ascii?q?k+y12gJf1Ojs3cQGVxNkBkhdwulXmlEuKL5pN6kappTKvSOQdUPmoGLtz/OrJE?= =?us-ascii?q?NLxs3OcF33F5HItXbmUiIG530bW4tPyHDZFZQdlwp5aakrpFVQIICoYEn+/Tkk?= =?us-ascii?q?y55vH7amScCh30wlomoeRye2D9pBDPlrsVzNVDJ5Y5CrqZDlO5RITW9T45Cdqk?= =?us-ascii?q?lWn1tzPCKjzppcMc5N6CYWXDdTuTWdoMeySMpb1MBsFZ8MP9F/t23+GK5fOZiR?= =?us-ascii?q?onw2uqD0xXPD/TAzrku6zi2pG6CkV+JZ43EeGgIxKmSfrEkvE/Uj8mPM/VDIrF?= =?us-ascii?q?904/1bB7iUgEV2uDZyAJZOBjNT2nCkK1R8V35GsupAJKTSacxcTOE4ZQWzNBwm?= =?us-ascii?q?Cf4mw0uJ8Fl7nXfjeSNysBda9jvcXwkzWygVhKvtmT0ApcGmPz8aV4xHbS87Yy?= =?us-ascii?q?fDNQ2bhThdvAxDZEFyR5AZHtFF9qkH3YtT+8rPUlqsJT0AXBN5LA441+RQlVJb?= =?us-ascii?q?ukWCZS/dFRaoderIshBvfceettSpI+79/AhakY7orf43970bR3K4nQ2iX8reo5?= =?us-ascii?q?X7tt2QuUuEbL34PPGkYX/dUDjMigi9hbUjD5bU5CXcLRRUK4Jkxno+fZjuF3PE?= =?us-ascii?q?MQ5AJ60FO0pRTbp6ZsleouBGe89kf74E9rRjBh2bWh/iGpGjofddI1nPQjTeKj?= =?us-ascii?q?mO/fakoYLP97DdT/bvZtCUzXbdX613Jot66SX8G7ryy49R5Ff52vd3+UNmUlXG?= =?us-ascii?q?NyeBrMr/KQ8V+MaicVbtsYMzETPQHphwjGLnxltceMoPXy2q7JMYxYtB6HbrVe?= =?us-ascii?q?J3yFX8sPFJ+rl/7ok3/qppxtuqKqfUNfRaq1VoAhyOCgVt7JUtD3B1R3pNbe8J?= =?us-ascii?q?NPfRYaMZgNjyq+DtCaMY9gCa9vdEadvDO0HBgNOwCi+dSRxDmAcOtyIaIhGb1/?= =?us-ascii?q?6flK9+UdylqvTh2kIx/1i+KQYLzLJ36oee/aqIv+vXYAHPzbUfX6jqW8fzrqgt?= =?us-ascii?q?u0yO5P0rjrgOendvbw2gCugdWdYXxn38wqAy0SIsD8TDEqri+PFZUXI5kCjgm5?= =?us-ascii?q?dgEFoIAf4UAaCE/YJFnmc/geDZMMMZcrxakGaVCRGkCqMCyWKs6yaPJmllhgrD?= =?us-ascii?q?0xD2QWO29lP2rCl4QSXWz9j5iUpVSqO3BVpOUCq1JE94qi2AMBDvtNrttqQ/9F?= =?us-ascii?q?s2PXD8tNKRiGuhP6taH8v+JNOAJik0oEgYjIYrStyu3oAbHsG9IMwK/XF7Yfbf?= =?us-ascii?q?5Hmnkyhbo6dIn4De+N2a+u3LHXm8iK2Xs6mCyypcyncmplE/9tChNvbV6t2RX/?= =?us-ascii?q?uo1ngeTyFjuwvARRG5sLrboE4IOUaTykfEhJQKPs1F3Xk/zkzm4PMjQNcz+QhF?= =?us-ascii?q?GIbPee4NpTfpODTu2VafedU3ViuA3DRLAlL5C154GLIz2GjopsLGiW/Q+0E0Ro?= =?us-ascii?q?l3b0Hnhx13D4AjJEIo9lcWwjQMERIMaRCdA7GkH0LlIpUYVUIbcxSIwKC6ersr?= =?us-ascii?q?3U102r6v5e7SYvZmCKURLftdlRCBnERFFZ0Kq6EeR6h8e1BF/q7NugfiE5TnX+?= =?us-ascii?q?ThlXcoLvK1Q9ta8M4DuHsg4wa/WwKg5o1e77Yfk52HaqlEboXSs89m8kdn/zkP?= =?us-ascii?q?djZXjxRliBO5S+8crvj54tfHqJqo9vquVKE1SuUP7Rc0G3hxj5v+gVAku9HX1P?= =?us-ascii?q?5QSpbLhoT78QBNJWOKuYnB3hlkM+UON56kfLZu9nUAPSgeJGgCPdmIZPkm5S9i?= =?us-ascii?q?LjHT60ZFAsMWatMSJNDNlhxMik31RLFT8dLWGkOCC4htc8An9Wz3xy4u/JQhU+?= =?us-ascii?q?bg5z62JYzF4FFWJfxDljhsmMjEpOcL3frYEDIX7mWBaxhp3iOCzIGAC/nq8uWW?= =?us-ascii?q?1t7US1MGEzUyU4dcODqN5wynSfColJXySA+U7NH8gI4mfkKKWnOxhLgFsrpLEe?= =?us-ascii?q?NYhSX0wD5eFpzyh/KStNas83VYtllGEIZ18B3EF75SPpFlNhTilsikXFJwBi3h?= =?us-ascii?q?d8HIbhAuovaZxv8Q4+ViMEvzfZMUIhAexL3m8ndaUgxuSLryvlaYQ+0RfsdmR+?= =?us-ascii?q?3YoXBV845gLLUPPFeFrpzwsjhIsEw2ABMuaLIoqzxacU/OnBFaW6nqo7MAjwoc?= =?us-ascii?q?XsR/uUBSBWKxNmU+5yDEVaROlqWRDuIa8imLRKwUT0poKj9+Qw+y2Jh2dLumge?= =?us-ascii?q?tHsnhfki1gr/Yk1T1mRB2huSzjvK8N1jcg96u+tDofo3BFSf+ekyjQA1VZ0PsK?= =?us-ascii?q?lbscC2rl6VGkYnkDa4vy4L99Kcv89Ykh52k/bggifi0HW+SgECLwj6KTD4yRsd?= =?us-ascii?q?JcmgSCuMHTYr+yNyQSMKoyyQ77TXhnzgfehApo8HcMQji47d8kOp+yOcA+yyqs?= =?us-ascii?q?BGjUaVcM4qRSsMfrsl4LVuQ2Y0t7wGp/ysiHWjENRMvXFmY3kAckZ2tEcJZY5B?= =?us-ascii?q?4UDaYohCiHvrVc8gESfjjUDpyv+pPMksfQxXk9UdBqy3rZpq2BgZMr3mNqm9dw?= =?us-ascii?q?7iOVo3QScOrYU85wDXTp0IdQ1/D+be23su8bUItm1KihUPgaP8mh+Wu32I1qWk?= =?us-ascii?q?ihxrQfA1q2LvQOxrLaUye5U22XR/6Hc2+WnzY2KkTy/wWnLkUraMdWqE8wKvfC?= =?us-ascii?q?hp9ZlwD6TbN0RzmfpVzFw2wnK+8acRw5uJu/cQwQUOERf/ScJfQpwPAmDVsMbn?= =?us-ascii?q?zJHShxC+Kts16ihot7O3Jm4UrkZ+Th6AbmP8WOGhMcC47VsoZx+eCmRmKGIXJv?= =?us-ascii?q?1wN9PE9o9+rEDFQxsuhcc4qNndjOmdt0zPQJd/B3MS0yotQTgJ5s6ZGI0MeWdh?= =?us-ascii?q?Hc1o7yJdbRoveCGf3ewUMqemVUUrcCZAP14II6PsUnVLLPB7tZug8cBbM7QJwn?= =?us-ascii?q?OGf97qZ0LBl8cgTJfrS7ntHqpv6XZptTv3LW4Ew/LCPdux0b1PO5Vg16b5Gvh3?= =?us-ascii?q?X3Pp8wXDZBoMN3BhthBotPFNsKrxC7DJ6MhKG7l9ix9lt0uu8Sq6rwC+zF28qi?= =?us-ascii?q?0oV0Xpha+VaLMyjLCKlsmERlgfy4gu3c3ZnpFcPiZdQEWfB8Qm7BdLDLBZ2/Kj?= =?us-ascii?q?aUNcLnZ05G8qKT0K5jUhqPei/1RayGuzO4NP98+0U01pR4fPbPzDwq97zb3Nry?= =?us-ascii?q?Z2dGpiastHKJMJpf7EfWBezFRB9USOCK8GBiHaENaov07ugOO8Q4wNeA+wlz8C?= =?us-ascii?q?hC0MydLqi6sEDM3kN7dZTGLErm3Co3VpUKIBShPks2n2DZsm7SDG9fLse6M8lt?= =?us-ascii?q?hsiaDhj26ElslmEhfGlBGnDnRd2JI2gUx9q+ZBGW9AJMF9sDmvS4dlI4tq2zT+?= =?us-ascii?q?loPY5ImfurtLUBj9lpLyDPRM5HPyDfNrN2OSBRDurXrlgyfhEEq6Q1WpsyZZWW?= =?us-ascii?q?IkMIKkSAySTpwgbZzE30ccCs1KaOICYL/XVHz67F3SJKpwanpfaTmtfjX6zBbJ?= =?us-ascii?q?HqQP7SNzIoVj6ASjspC0ap+Emru/4fsfqGJWcQuEsUYiOPCAIJoKBgs8TQBHfJ?= =?us-ascii?q?meJ/ZJ0KmOyaWyfoRS16kaoyATxLtVqNQ/oYDgTWaWXugG9CtwyjPPNM+mjlb7?= =?us-ascii?q?KAzKpPR+MWGpdMcuGeQ9bAYvBeKTIomSkYNeu/ZNDcsag20kjJTWoYFKnI8keS?= =?us-ascii?q?TEiITfyAlHrXWtAOsow1vDc40s7BlS9wVaLTNvCQoCD93JS/iXOjpeDGVmQrK3?= =?us-ascii?q?cwieYGDXjJlAJMM0kYGtoVvwfrWafGaEFSgiF6wdly0gMBLVwgGkZl1WdbybPk?= =?us-ascii?q?QsA=3D?= X-IPAS-Result: =?us-ascii?q?A2HlAQBSCR5Z/wHyM5BcGgEBAQECAQEBAQgBAQEBFQEBAQE?= =?us-ascii?q?CAQEBAQgBAQEBgwEpYnoSjnioPTwoC4tqVwEBAQEBAQEBAgECaCiCMyQKBEYpL?= =?us-ascii?q?wEBAQEBAQEBAQEBAQEBARoCDWUCdgMDCQIXMQgDAWwFiAJNgUINDrEtJgKLHgW?= =?us-ascii?q?WLQWJRoZhjWyHHItyDYsbhlEClEZYgQomCQIeCB8PhT0cgX9aiDIBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 18 May 2017 20:54:43 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IKsPcO023162; Thu, 18 May 2017 16:54:31 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v4IKsOMg075480 for ; Thu, 18 May 2017 16:54:24 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v4IKsNqP023156; Thu, 18 May 2017 16:54:23 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH] selinux: log policy capability state when a policy is loaded Date: Thu, 18 May 2017 16:58:31 -0400 Message-Id: <20170518205831.25514-1-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.9.3 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Log the state of SELinux policy capabilities when a policy is loaded. For each policy capability known to the kernel, log the policy capability name and the value set in the policy. For policy capabilities that are set in the loaded policy but unknown to the kernel, log the policy capability index, since this is the only information presently available in the policy. Sample output with a policy created with a new capability defined that is not known to the kernel: SELinux: policy capability network_peer_controls=1 SELinux: policy capability open_perms=1 SELinux: policy capability extended_socket_class=1 SELinux: policy capability always_check_network=0 SELinux: policy capability cgroup_seclabel=0 SELinux: unknown policy capability 5 Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/32 Signed-off-by: Stephen Smalley --- security/selinux/include/security.h | 2 ++ security/selinux/selinuxfs.c | 13 ++----------- security/selinux/ss/services.c | 23 +++++++++++++++++++++++ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index f979c35..c4224bb 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -76,6 +76,8 @@ enum { }; #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) +extern char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX]; + extern int selinux_policycap_netpeer; extern int selinux_policycap_openperm; extern int selinux_policycap_extsockclass; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ce71718..ea2da91 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -41,15 +41,6 @@ #include "objsec.h" #include "conditional.h" -/* Policy capability filenames */ -static char *policycap_names[] = { - "network_peer_controls", - "open_perms", - "extended_socket_class", - "always_check_network", - "cgroup_seclabel" -}; - unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; static int __init checkreqprot_setup(char *str) @@ -1750,9 +1741,9 @@ static int sel_make_policycap(void) sel_remove_entries(policycap_dir); for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { - if (iter < ARRAY_SIZE(policycap_names)) + if (iter < ARRAY_SIZE(selinux_policycap_names)) dentry = d_alloc_name(policycap_dir, - policycap_names[iter]); + selinux_policycap_names[iter]); else dentry = d_alloc_name(policycap_dir, "unknown"); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 60d9b02..2dccba4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -70,6 +70,15 @@ #include "ebitmap.h" #include "audit.h" +/* Policy capability names */ +char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = { + "network_peer_controls", + "open_perms", + "extended_socket_class", + "always_check_network", + "cgroup_seclabel" +}; + int selinux_policycap_netpeer; int selinux_policycap_openperm; int selinux_policycap_extsockclass; @@ -1986,6 +1995,9 @@ static int convert_context(u32 key, static void security_load_policycaps(void) { + unsigned int i; + struct ebitmap_node *node; + selinux_policycap_netpeer = ebitmap_get_bit(&policydb.policycaps, POLICYDB_CAPABILITY_NETPEER); selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps, @@ -1997,6 +2009,17 @@ static void security_load_policycaps(void) selinux_policycap_cgroupseclabel = ebitmap_get_bit(&policydb.policycaps, POLICYDB_CAPABILITY_CGROUPSECLABEL); + + for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++) + pr_info("SELinux: policy capability %s=%d\n", + selinux_policycap_names[i], + ebitmap_get_bit(&policydb.policycaps, i)); + + ebitmap_for_each_positive_bit(&policydb.policycaps, node, i) { + if (i >= ARRAY_SIZE(selinux_policycap_names)) + pr_info("SELinux: unknown policy capability %u\n", + i); + } } static int security_preserve_bools(struct policydb *p);