From patchwork Thu Oct 19 23:14:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10020165 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6816D60211 for ; Fri, 20 Oct 2017 12:30:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6143728E7F for ; Fri, 20 Oct 2017 12:30:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5446628EA8; Fri, 20 Oct 2017 12:30:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4882A28E7F for ; Fri, 20 Oct 2017 12:30:00 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.43,405,1503360000"; d="scan'208";a="415125737" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 20 Oct 2017 12:30:00 +0000 X-IronPort-AV: E=Sophos;i="5.43,405,1503360000"; d="scan'208";a="4953182" IronPort-PHdr: =?us-ascii?q?9a23=3AfcFaahXRuB1VEQR0i8F/8KoZuerV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYR2GvKdThVPEFb/W9+hDw7KP9fuxCSpYud6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCzbL52Lxi6txndutULioZ+N6g9zQfErGFVcO?= =?us-ascii?q?pM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLf?= =?us-ascii?q?QguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmUwHjhj?= =?us-ascii?q?sZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXSmRbXsZVSidPHIWy?= =?us-ascii?q?YYUSBOYFJOpUspXxq14IoBCjBwejGfnvxydHiXH43qM01PovHh3b0gw4Hd8CrX?= =?us-ascii?q?rZotXvNKgMSuC417XIwSnZYv9Kwzrx9IrFfxY8qv+MR7Jwds/RxFEoGQzfklWQ?= =?us-ascii?q?tYzlMC2b1+8QsmaU9fBgVfixhG47twF6vyavxsY2hYLUm4wa1FTE9SR/wIYoKt?= =?us-ascii?q?yzVUl2YcW6H5tUtiGaMZZ2Q8w5TmF0uCc11r0GuZmhcCgM05Qo3QTTa/OAc4iW?= =?us-ascii?q?+x/uUvuaLzRghH99Zb6yiBm//VKgx+HhTMW4zllHojRfntXRrnwByQDf58ydRv?= =?us-ascii?q?Z+/kqtwyuD2gHO5u1eP0w4ibfXJpg8ybAqjJUTq17MHirulUXzi6+Za1sr9/Cz?= =?us-ascii?q?6+TifrXmvpicN5Joig3mMqQhhMi/AeMgPwgSRWeb4+W81KD4/UHjXLVLjuE5kq?= =?us-ascii?q?nesJzAI8QUurW5DBNP3oYm6ha/Cy+q0NUenXYZMFJIYA+LgofmNl3UIP30EO2z?= =?us-ascii?q?j0qjnTt13fzKI6XtApDXIXjClLfhc6x960lZyAcr1tBQ+ZZUCrAHIPLuVU79rc?= =?us-ascii?q?fXDhgkMwyy3+noFs5925gCWWOPHqCZMKTSvUWO5uI0OeaAfoAVuDHjK/Q9/f7h?= =?us-ascii?q?kWc5mUMBfamuxZYXane4HvJ8LEWFYXrjmNEBHHwIvgo5SuzqjUeNUSVPZ3msRa?= =?us-ascii?q?I8/Ss3CIW8DYfMXoqtmqCO3D+nHp1KYWBLElKMEXXyeIqYWPcMcyWSIslgkjwa?= =?us-ascii?q?TrWhRYsh1QyhtQDh1rpnKPbU+jACuZLkzth16PXZlQsu+jxsE8Sdz2aNQnl6n2?= =?us-ascii?q?MJQz822b5woVZmx1eNz6d3nvtYFcZJ6PNRSAc6MpzcwPJmBNDuQA7Bec2JSFm+?= =?us-ascii?q?SNW8HT4xVs4xw8MJY0tlBtqtkhXD3y2sA78JirCGH4I0/bzG33jwJsd9zHDG2L?= =?us-ascii?q?Mnj1Y4XstFLXemibJn9wjPG47JlF2UmLu2dasGxi7A73uMzW2LvE5ESgFwSrnF?= =?us-ascii?q?UWoZZkTIsdTz/lnCQKO2CbQ7LgtBztaPK6tLa93ui1VLX/LjONDHb2KwnWe8Hx?= =?us-ascii?q?CIyamWbIrpemUdwjvSBFICkw8N4XaMLRI+CTu5o2LCEDxuEkriY0328eZkrnO0?= =?us-ascii?q?Uk40zxqRYk1kz7q1+wcZheeSSvMIxL4Evz0hqzpsFlanw93WE8aApxZmfKhEYt?= =?us-ascii?q?My+lRH1WXEtwFmPZyvNaNihlkDcwhtuEPuzRp3AJ1akcc2tHMq0BZyKaWA3Vxb?= =?us-ascii?q?ajyYx5HwNaPNKmTp5h+gd6vW1kvZ0NaM9acF8O44pEn7vAG1Ckoi9G1q08NI3H?= =?us-ascii?q?SB/ZjKAw8SUJ3rXkYx6Rd6u6nQYjMh6IPMyX1sLa60vyfZ29InHuslzQ2gf8tE?= =?us-ascii?q?PaOfEg/yFMMbB820J+wsgVSpaAwLPPxK/q4uI8ymb+eG2LKsPOt4kjOpl2BH4J?= =?us-ascii?q?xj3UKW7CpxUfDI0Igfw/6DwwuHUi3wjFC7ssD4gYpEfy0dHnKjySj4A45cfrFy?= =?us-ascii?q?cpsWBmevOcK3ws5ziILqW35d6FGsHUgG2NOzdRqUcVP9wRVa1V4Lrny/hSu40z?= =?us-ascii?q?t0nikvrqqe2CzOx/rtdAEcN2FRWmZil1DsLZKzj9AAU0iidxIpmwe95Ubm26hb?= =?us-ascii?q?o7xyL3fSQUhUYyj2KHtiXrGsubqCZM5P7pwovD5TUOS9Z1CVUKT9oxwA3yPkBW?= =?us-ascii?q?teyygxdyu2tZXhgxx6lGWdIW53rHrYYsFw2Q7T5MfCSv5V3zoGQjR4iDbMC1in?= =?us-ascii?q?J9mp/NOUl5bfveClTW6hUINccTXzx4OaqCS7/XFqAQG4n/2rgN3nFgw60Svl2N?= =?us-ascii?q?lwSSrIqxj9b5Lw16SnLe1nZVNkBFjm68p1Aot+iJc/hIkM2XgGgZWY5XkHnnn1?= =?us-ascii?q?MdVAwq/+b2QCRTgQw97T/gflxFdvLnWTx4L2Tn+d2NduZ8GmYmMK3SIw99hKB7?= =?us-ascii?q?2J7LxAgyR1ukC3rQTNYfdjhDcQ0uYu6GUEjOETowoh1D6dArcPHUlCISPjiRqI?= =?us-ascii?q?79ekrKVYemmja76w21Rindq5FrGNvhlcWGrlepclBSJw8MN/P0/X3X3t7IHrZd?= =?us-ascii?q?nQYcgVthKKjxfKl/JVJ44plvoWmSpnPnrwvWU/xO4miRxjxo21vImbK2Rt5a65?= =?us-ascii?q?DARXNjvva8MU4DHtgr5UntyK0IC3ApVhBjILUYPmTf2yFjISqfPnNwOVHT0ytH?= =?us-ascii?q?iUBL3fHRWF50d+tXLPFJKrOG+LK3kF19liQwOdJENHigAOQDo6hoI5FhytxMH5?= =?us-ascii?q?dUd2/DQR5lrmpRtQ1uJnLQPwX3zZpAi2djc0U4SQIwBO7g5c/UvVN9KR7v5rFS?= =?us-ascii?q?FC4pKhtBCNKnCcZwlQF2EFQEKFC0rmPra04dnA9OiZC/GkIPTSZLWCs+teV+2H?= =?us-ascii?q?xZi3yItp4y6MNtmTPnllF/A71FBDUm5kFMTCgToPTTAXlyXWb8OAvhiz5ih3ot?= =?us-ascii?q?q48PTxVwLl/ZGPBKdKMdVz5xC2hr+ON+iKhCljMTZYzogBxXHJyLgFx14Sly9u?= =?us-ascii?q?dzirEbsasy7CUKPQlbVTDxIBbCNzLsRI5bom3gZRIc7bls/11rlgg/4tFVhKTk?= =?us-ascii?q?LumseoZcwWJGGwL1LHC1iVO7uYPzHLxNv3YaykQ71KkOpUrwGwuSqcE0L7JTuM?= =?us-ascii?q?jD7lVxSuMeFXkCGbJwZSuJqjfRlxE2TjV8zpahm6MN9xkD03zqY5iW/KNG4GLD?= =?us-ascii?q?h8aFlBr7OK4iNEmfV/HGpB4mBiLemelCaT9/PYJYoOsft3HiR0kPpX7287y7ta?= =?us-ascii?q?6yFEQud4lzbModF1olGpiO+PxiBgUBpUpTZBnJiLsll6OaXF6plAXm7J8wgC7W?= =?us-ascii?q?qKFRQFucBoCtr3u69OzNjPkbj8KDZG893P+ssdCNLYKMWdMHouKRDpAiLbDBMZ?= =?us-ascii?q?TT63MmHSn1BdkPaX9nGPtJg6rZntl4QISrBATlw1Ee0VCkd+EdMeJ5d3Wy8rnq?= =?us-ascii?q?SAjM4U/3a+qgfeRNlCtJDdSv2SGenvKCqejbRcZBsJwbf4IpoIO43+3ExiZFd6?= =?us-ascii?q?k5rWG0rMXdBNpShhYREurEVL7nd+UnU521j5ZQO1/H8TCfm0kwYwigRge+st8C?= =?us-ascii?q?zh41QwJlrRuCs/ik8xmc7mgTCQajLxKrm/XZ1OASruq0cxKo/7QxpybQCqh0xr?= =?us-ascii?q?KizESKxLgLt6aW9riBTRtoBOGf5GUKJEZxEQxemNZ/o20VVQsCOnylFb5eHdE5?= =?us-ascii?q?ttiBMqcYKwr3JHww9scdk1JarWJKVU0FdQgqOOszSy2e8v2g8eIFwB8GSIeC4H?= =?us-ascii?q?oEYILKUpJzK0/uxw7gyPgyZMd3ISV/orv/1q7VgwNP6azyL61L5CJFuxOPKDIK?= =?us-ascii?q?OEoWjAlNKIQ1Mq2kMOiUZF4aB80d0/fEqMS0Av0LyRGgwNNcrFMwFaccxS9XnU?= =?us-ascii?q?fSuVvuXNx491M5+6FuDyQu+ErLwUjV68HAY1A4QM6dwMHoKy30HcLMfnKqMFyB?= =?us-ascii?q?o26Qv3I1WFCehGdwiQkDcbuc2/yoF43ZVFLDEHHWp9KTm35qrQpgIynPqDXdI2?= =?us-ascii?q?YnAGXosENnM7Q9C1my9ZvntaFza7yOQZxxae7zXkvCTfECH8b8Z/ZPeTfR5jEt?= =?us-ascii?q?W2+TQj/KeokVHX95XfJ2f9NdRkoNDC8vgVp5edBPNSVLV9vVrcl5NeR3O0T27F?= =?us-ascii?q?CcS1KIToa4kwcdz0DW63XUehhDIzVMr+JsuiLraWjgHyXoZbqpOb3TA5Oc+6DD?= =?us-ascii?q?EeFA96p/sf66JkeQ0Df507bAbntwQjNqy/JAOY3curQ2u2NDRZUeJQzeSgaLxR?= =?us-ascii?q?1SYsafW6yHQ4RJEg0+a36VINRI0NjhzG3/ajYYheXjTzGnxafwXPvjI3mXF8OO?= =?us-ascii?q?go3uoxxwjFvkUbMzCOaONmcndEv80mCVOUP3p2FnIyR0WAgorb/g6sw7cS8jNH?= =?us-ascii?q?n9lOy+1Ft2Pxs4TDYDK2QqOrt4vasy4hbdggrK1xNY3jIsSGtJPCkDzQVoPQsg?= =?us-ascii?q?ifXC68CfVahsBaIDhET/lQhWElJcsGtJJP6EYrSsg+J71PCKwtpr+wajppFi8S?= =?us-ascii?q?wjEHWIyexjAChf2827TCnBeKbJsiKAAEsIlFgtYFSSF2eD4epKm5W4XVjGKES2?= =?us-ascii?q?kLIAYP7QtX/g4AkJF/fvz96orSUJBM0yJWo+5zUibTF5lo8Uf7RX+SgVfmTfWu?= =?us-ascii?q?jfCp3RhSzf/31dkbQABwCU5Yx+lMl0soLKp4K64fv4LQtT+Ib0z6tnr3yOS6PF?= =?us-ascii?q?lR1dHUd1rgAYrKr2rzSCsc+WEPSI9Oz3HeG5ISkxZ5aKk1pVVMJpymdVjk5zA+?= =?us-ascii?q?wYRmAaW4X9ixx1k5tXYGWzuqE91ZBuF6t1LXXSZoY4y3pJXgIJpeWGlQ94OBq1?= =?us-ascii?q?1BikViLza5yYZAK8FK+jMMXCJAoS+Hs9u2VcJOwtJ5AIEUItdnpXj9HL1LOIKL?= =?us-ascii?q?r30xoLzvxWfT+yogv1ei2DWzB6i4Qvpb/20ZBAokPHmRpVc0D+Qy6GfS7k7CvU?= =?us-ascii?q?1u8+ddGLePkV17oCxhEZBWGjZJyXelIkxoQ3lIr+pWNKbYf9FSTvQpeRCvPBk+?= =?us-ascii?q?GuI80EyS4UF4h3H5bDJutgFC4SDSQxE0VTUJgrfqgTAesN+oNiIaS51ScTUsdC?= =?us-ascii?q?PFKwWFmS9JohpQd0ZqVI0HDdpf/bEUw5dU9NLYSUmwMSEFQABiNgUg3PpHjk5D?= =?us-ascii?q?rF+Xdj3BDQezbvbPtQB3fd2No8G3KvT54B1HhZnjsOwi8KUDXXKmkxW3Qd/Ct4?= =?us-ascii?q?/8qsGKtkyWeafkKe2zf2HOQyXXgBCtgbckE4PK8DLNMApaLJl6zWQrYYT7BW7M?= =?us-ascii?q?JxRGKLoRJ1BHWqBiddVGvudaatdmeKkT469tAQmHRhf1F4yxt/RGK0vTRTDCLy?= =?us-ascii?q?WA7uO/oJjc7brGSeT6YcyM3XnHSbptPphm8Tn7B6vq0YhG90r0wPht8E16SULB?= =?us-ascii?q?My+cstvsPR8L69Okdkv5uZ0lBzXWD4lskHD13EFPa9IXQzG28JQf0J5Z7nLwRP?= =?us-ascii?q?l50kj1te1e7bhk6Y8547Bz08i0PrvSKe5HsUB7HhiUGx9q+Ys3DGh4XWBRbfcb?= =?us-ascii?q?KO3NcqQBkcDut+f3GrQR6B2U5+NZbt/HKFvamsWlCzGcThtEnBwaqTMBKwuR2P?= =?us-ascii?q?GEl7VzSca/qujzwlgt7ESmLh4a0LBt4p+J9baSq+/TcRTR1qQEW6jtRs7otbQj?= =?us-ascii?q?p0KS6uMilL4Se2x6eRerEO4DWc4B3m3g17wlzTowE8PfGLLt4PpDV2k8nj/ggJ?= =?us-ascii?q?19EUsZFe4THbqR54tehn04m+vbNtIIbq9ChnyDFRm+Er8N0XSr8TeYIHF5ghHS?= =?us-ascii?q?1BH9WWGz7F7zrSJjRCvD0dfinVRPVrm2A0dSUDClOUlmvzOTJADorsb4ubwp7E?= =?us-ascii?q?EqNWzprNONlWq7N7xNA8LyP8ecLjcopF0JkJI9XNuv2ZoUGdClOtce7Gl+bufC?= =?us-ascii?q?62OsiyJOuKZHh5HQ486P+PXXHGWgj7WApLWQwDBV0WQ3vVYi5d++LP7O+seKQ/?= =?us-ascii?q?Oy12kLVSt/vBHBXxGtoLzBs18UIVCL0FvMmIESJtFWx2U42V3m5OktR9Iz7gZe?= =?us-ascii?q?Gp/bZ/wcoTDzOT30wUuQYt8sTimRySdXEU71EVh2H6g8wmHwsNjKlXjO4V0oQJ?= =?us-ascii?q?d/d0j9iRxwFYU4Jlon6EILzSobDQgNdRebAam0BUT/M4QEUVIMaRKZ07WhZ6g3?= =?us-ascii?q?3EJzwrKz5ODJduxzHbANNutHgg6IgldbBoocsbcCT7JkZ19d6KnXqxDtC4f9Rf?= =?us-ascii?q?jpi2YwNf2uT8Be8MAZq2Ut4galSBq98pdP9bAbh46UdqRce5jDoNh871t75T4I?= =?us-ascii?q?biFNjwZwjxWlUeAbo+Dv5cPbv4Ss6uavUqYtWuoW+gMwB2tglZvxgEosrcvR1+?= =?us-ascii?q?hCVo3fkZ7//xxVI36WpIba1AFxJvYMK42xYLlt7GkIJy8aJ3IKPNqZdeM84zNz?= =?us-ascii?q?PzrP51xOGMQMZckXPMDVgwBbllXpWK1P9srcAlKYDoBzd8Y072r41j846p48Uu?= =?us-ascii?q?f65z+wO5/f819MP/RZjCVvj9LOvu4VzuTOCCIP+3mWdwB1wj+ey5mKE/vw8vmD?= =?us-ascii?q?yMrPV18fAyA4XIFTJDuE+Qy6Seu4j5rpUgaO5c/1np0ybkWQRma+nK4dqKZDDf?= =?us-ascii?q?ZAijnn3jhZDo31hfWVs9qq6GdNqlJHEIJz7QDYF6ReP5V7Pw/4lsqqRkVnGCv/?= =?us-ascii?q?ed/UeQAquOWLx+cA+eN+OFXiZYUDOBIL16r66WZJTgtpULP2v0iZUvgXZNZ9TP?= =?us-ascii?q?PEs21a6YNnK68UJlSdo4bqrjhQolAsHAApcKMwriBddkTWng1aRaj0uLAEigYH?= =?us-ascii?q?X992o0lMFnysOG4k4TrIS7hVhrGLCPMJ6jWTUrAOU0JwPyNxRxO135tvdKWtnf?= =?us-ascii?q?BDqW5GhSR9oP4r0zN6Xhe8vzPjp74V0zI65L64rCkBuWBCTuiGkSfICVVCzOwN?= =?us-ascii?q?jacYCnbi9UKzbWIGbIvz/LlnP9rv+ZMm43QlbhUpZzcGUvi4CyHsk6OIBZSCsM?= =?us-ascii?q?5dhB6Io8jOcb6zIjQRNrsjzRLvXX593RbCnBxw6msEXi2g7MM4JIW6Icslwyuo?= =?us-ascii?q?GWvYdFYL+a5JstH+tV0MTOswd1xhxn9v0s6ZSS0RXMbPAXo6jhA4aWVYd5JO8Q?= =?us-ascii?q?QVGLcugjaUpaRG5QUUYDDIEoS55Infg9rH1WM6TddwyWLcvreFiY8y0H15h9N0?= =?us-ascii?q?6TaDuGwVd+zcScBsGHby1oBbyezwfPitt+cHSIx9yLu/TPACKM6j+XCt2JVrXE?= =?us-ascii?q?+lya4SH12jMO8M3r3bSTuqSXWEWeSXdGiBhzg5PVD25RmpNl04dtxHrk48MuvH?= =?us-ascii?q?g55TiRfhUbdqSSmKol/b1mMjO/sAdw0qoIenZxAKTOkJaumSPegu2vw+B0cSYH?= =?us-ascii?q?LSGCt2CvO2sUSzk4RhPHVg+0r6a/z38g/6KNuSBgUEEYnCo552/fy1WHmMOWdk?= =?us-ascii?q?zBJoJ0l06+bfGEgttu9GbZmeg8Lch9Jl3u4Zb/1tKzEyusYPmoJ/7omZyMOKcR?= =?us-ascii?q?DXzpbvKtDZu/yYA/zEz0Q2YWFXSbsZbhnz54U9JNI5XKfTHbRBtxQGGac6WIAh?= =?us-ascii?q?N3v29KxsNwN8bArRZLWygsn3qeOHYZRap2PW7l0uNifTpQUDxeavQAx4cZ+qnX?= =?us-ascii?q?PyL440Rj1ast1tBQFqHIxVG8MPtwCnGYKbmLmni9+t/EN3o+oKvrDsBfDK1dS5?= =?us-ascii?q?2YJxUoNE5UyKOjbeGq1rgkVjjuSvjfbMyJ7xCdntedkcTuh0XnbFaqPaHoW4Mj?= =?us-ascii?q?+OONjze01B87GHy795TxORZDz5X6qBqS2kO/Vk4Vkhxox+YuXT0CQn76vH19vq?= =?us-ascii?q?e2FbuiCjoGaLNJta61zKH/beXxNPSfee9mZqB6gXYpX19OsUNtwi2tec6RFp7D?= =?us-ascii?q?teyMuFP7ShrkjU10Jge5LbKVfm1ic6VIQRPhSwL1EsgW7Yq3TaB3RQNM6kJtdx?= =?us-ascii?q?gIXdMhu440h3hHFoZ2hdF2XyRMuAEXYU1tj4ZwCQ8g9PSdEZkL2NdFY8p5G1HM?= =?us-ascii?q?xhJolFlPrim7wdi9t1N2mbQcpVYnD4I7hxMT5cSO7IoQ57TAQDtu0QU5spZZWR?= =?us-ascii?q?aGwOKl2N1T+60wrLmXb5c92qybbBdD0b9nRB0qLtzSlHpw7/v+2QxMLkTuaKP9?= =?us-ascii?q?nNQPfOPX99BXmhTjMoHBPsoA78tg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2A+AgCZ6+lZ/wHyM5BcGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?BgwgsgVIng3qLE45LikSNaxqBGANVKYleQRYBAQEBAQEBAQEBAWoogjgkAYJIA?= =?us-ascii?q?iAEUgMDCQISEgIiBAICAwEdEwEFASwJBYgBggIDFQOdKkCMDIFtOoRwgkoNg1k?= =?us-ascii?q?yEn2CH4IHEIkxhTuCYQWSX45BPI94hGwNhXGNK0iMQIhaOIEVJg0kT4EMKgoCH?= =?us-ascii?q?wgjD0mBLRqBHYJcHIIHVgGKVwEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 20 Oct 2017 12:29:56 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9KCTt9X022700; Fri, 20 Oct 2017 08:29:55 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v9JNEq4k084502 for ; Thu, 19 Oct 2017 19:14:52 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9JNEml6005397 for ; Thu, 19 Oct 2017 19:14:52 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BhAQBIMelZf3MbGNZcHAEBBAEBCgEBg?= =?us-ascii?q?1yBVSeDeoofjz5CAQEBBol4hTCIOoE1A3mKNT8YAQIBAQEBAQEBEwEBCxaGJAQ?= =?us-ascii?q?ZAQE3ATQCJgIjEwEFASwJiggDCA0Dni1AiyFrgW06gwgBAQWELQ2BH4I6KggSf?= =?us-ascii?q?YIgggeBCYg+hTuCYYEyAQGRLY47MggBAYVwigaEbA2FcI0pSIw+iFo4gRUfgQe?= =?us-ascii?q?BDDQhJV6BEYFTgk0PHIIHVgGLDQEBAQ?= X-IPAS-Result: =?us-ascii?q?A1BhAQBIMelZf3MbGNZcHAEBBAEBCgEBg1yBVSeDeoofjz5?= =?us-ascii?q?CAQEBBol4hTCIOoE1A3mKNT8YAQIBAQEBAQEBEwEBCxaGJAQZAQE3ATQCJgIjE?= =?us-ascii?q?wEFASwJiggDCA0Dni1AiyFrgW06gwgBAQWELQ2BH4I6KggSfYIgggeBCYg+hTu?= =?us-ascii?q?CYYEyAQGRLY47MggBAYVwigaEbA2FcI0pSIw+iFo4gRUfgQeBDDQhJV6BEYFTg?= =?us-ascii?q?k0PHIIHVgGLDQEBAQ?= X-IronPort-AV: E=Sophos;i="5.43,404,1503374400"; d="scan'208";a="90440" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 19 Oct 2017 19:14:51 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Al8C8wx8LFHgFjf9uRHKM819IXTAuvvDOBiVQ1KB2?= =?us-ascii?q?0uwcTK2v8tzYMVDF4r011RmVBd2dsqMP0rSempujcFRI2YyGvnEGfc4EfD4+ou?= =?us-ascii?q?JSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgpp?= =?us-ascii?q?POT1HZPZg9iq2+yo9JDffxlEiCCgbb52Ixm6sATcvdQKjIV/Lao81gHHqWZSde?= =?us-ascii?q?RMwmNoK1OTnxLi6cq14ZVu7Sdete8/+sBZSan1cLg2QrJeDDQ9LmA6/9brugXZ?= =?us-ascii?q?TQuO/XQTTGMbmQdVDgff7RH6WpDxsjbmtud4xSKXM9H6QawyVD+/9KpgVgPmhz?= =?us-ascii?q?kbOD446GHXi9J/jKRHoBK6uhdzx5fYbJyJOPZie6/Qe84RS2hcUcZLTyFPH4yz?= =?us-ascii?q?YYUMAeQGPehWsZXyqkASrReiHwSgGPnixiNKi3LwwKY00/4hEQbD3AE4GNwBqm?= =?us-ascii?q?jUrMn1NKgMX+G+0ajGwi/Zb/NMxzj99JTIeQ0mrPGJX7JwfsrcxE00GgPKiVWQ?= =?us-ascii?q?roPlPzeL2egXr2eb6O9gWPuphmU6qA9xuiCiytkxhoTGnI4Z1F/J+T9nzIs3P9?= =?us-ascii?q?G0VVN3bN68HJdOqy2XM5F6T8AiTm1ypSo3y6AKtYSlcCQW1ZgqwQPUZeadfIiS?= =?us-ascii?q?+B3jUf6cITdmi3Jhf7Kynwuy8VC7xeLhS8W51E5KoTBYntTCrHwCyQLc6s2cSv?= =?us-ascii?q?ty5Euh3CyA1wHX6u1eJEA0lK7bJ4Ygwr42iJUTrVzOEjHrlEj5lqOaaEop9vK2?= =?us-ascii?q?5+nleLnqu4KQOo9shgH7KKsum8i/AeoiMggJWmiW4eqx2bP980P7WLVFjuY4na?= =?us-ascii?q?fcvp3HJ8kbobS5AwhR0os/5Bi/Cyum0MgcnXkeLlJJYhKHj5TzO1DBIvD4FPG/?= =?us-ascii?q?g0+tkTt1x/HLML3hApDRLnTZi7fgcrh951RYyAov0dxS/JxUCrUfL/P8Q0P9rd?= =?us-ascii?q?nYAQUlMwyow+boFtt81owEVmKVGK+WLr/SsUOS6u00JOmMeYkVtyrjJPg+/fLu?= =?us-ascii?q?gng5mVgSfamtw5Qbcmy3HvNjI0mBe3rjns8BEXsWvgo5VOHqk0ONUTpSZ3a0Qq?= =?us-ascii?q?I96So2CJ6mDIjfRoCth6aN3CGgHpJMfGxGBVeMEWm7P7mDDvMNbj+CZ85njjEL?= =?us-ascii?q?T7m9Wqc/2hy08gz30bxqKqzT4CJLm4jk0Y1Q7vHPlRwtvRN9Fd6Qz33FG2R2kT?= =?us-ascii?q?5ZbzAx2697rAp2zVLVgvswuOBRCdEGv6ABaQw9L5OJirUiU90=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AWAQCgMelZf3MbGNZcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgzGBVSeDeoofjz5CAQEBBol4hTCIOoE1A3mKNT8YAQEBAQEBAQE?= =?us-ascii?q?BAQESAQELFl2COCQBgmoEGQEBNwE0AiYCIxMBBQEsCYoIAwgNA54tQIsha4FtO?= =?us-ascii?q?oMIAQEFhC0NgR+COioIEn2CIIIHgQmIPoR+DDGCYYEyAQGRLY47MggBAYVwiga?= =?us-ascii?q?EbA2FcI0pSIw+iFo4gRUfgQeBDDQhJV6BEYFTgk0PHIIHVgGLDQEBAQ?= X-IPAS-Result: =?us-ascii?q?A0AWAQCgMelZf3MbGNZcHAEBBAEBCgEBFwEBBAEBCgEBgzG?= =?us-ascii?q?BVSeDeoofjz5CAQEBBol4hTCIOoE1A3mKNT8YAQEBAQEBAQEBAQESAQELFl2CO?= =?us-ascii?q?CQBgmoEGQEBNwE0AiYCIxMBBQEsCYoIAwgNA54tQIsha4FtOoMIAQEFhC0NgR+?= =?us-ascii?q?COioIEn2CIIIHgQmIPoR+DDGCYYEyAQGRLY47MggBAYVwigaEbA2FcI0pSIw+i?= =?us-ascii?q?Fo4gRUfgQeBDDQhJV6BEYFTgk0PHIIHVgGLDQEBAQ?= X-IronPort-AV: E=Sophos;i="5.43,404,1503360000"; d="scan'208";a="4946138" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from upbd19pa13.eemsg.mail.mil ([214.24.27.115]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 19 Oct 2017 23:14:48 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;e4e11c7f-93a8-4bd6-bda6-114602b05a7d Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC04.oob.disa.mil (Postfix) with SMTP id 3yJ4Wn2qDsz62r0 for ; Thu, 19 Oct 2017 23:14:45 +0000 (UTC) Received: from UPBD19PA03.eemsg.mil (unknown [192.168.18.4]) by UPDCF3IC04.oob.disa.mil (Postfix) with ESMTP id 3yJ4Wn1mjYz62qt for ; Thu, 19 Oct 2017 23:14:44 +0000 (UTC) X-EEMSG-check-008: 256628528|UPBD19PA03_EEMSG_MP3.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.85.161.201 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CYAQDEMOlZh8mhVdFcHAEBBAEBCgEBhTEng3qZXUMBAQaJeIUwiDqBNQN5hSQChQ9AFwECAQEBAQEBARMBAQEKCwkIKC+FRwQZAQE3ATQCJgIjEwEFASwJiggDCA2eMECLIWuBbTqDCAEBBYQtDYEfgjoqCBJ9giCCB4EJiD6EfgwxgmGBMgEBkS2OOzIIAQGFcIoGhGwNhXCNKUiMPohaOIEVIAGBBYEMNCElXoERgVOCTQ8cggcgNgGLDQEBAQ X-IPAS-Result: A0CYAQDEMOlZh8mhVdFcHAEBBAEBCgEBhTEng3qZXUMBAQaJeIUwiDqBNQN5hSQChQ9AFwECAQEBAQEBARMBAQEKCwkIKC+FRwQZAQE3ATQCJgIjEwEFASwJiggDCA2eMECLIWuBbTqDCAEBBYQtDYEfgjoqCBJ9giCCB4EJiD6EfgwxgmGBMgEBkS2OOzIIAQGFcIoGhGwNhXCNKUiMPohaOIEVIAGBBYEMNCElXoERgVOCTQ8cggcgNgGLDQEBAQ Received: from mail-yw0-f201.google.com ([209.85.161.201]) by upbd19pa03.eemsg.mail.mil with ESMTP; 19 Oct 2017 23:14:38 +0000 Received: by mail-yw0-f201.google.com with SMTP id j4so7870004ywb.17 for ; Thu, 19 Oct 2017 16:14:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=eEL9g7fWofR/WdZ3k+VAfQu77MSezqPqsJpicIOQt4w=; b=j1xuqtY+2hzsl7iumd2XdsABvxCjIqwISqN3llO3vLtktdVnLSbHmlSt5Cm/s9Jhu5 QubewVfjo5BQXJz2HfYt5CE9pVbJPN3NeaGn64TPh8h0XQ2vpjELV+LpEYuBzz1ENmn0 Hz7qJolvAIlBumKkDAQ/k6IRBD9l1cCANPjWlihVWH7ajlG1jSajUJm9yYa2IIJWApCD qAO+Fgqj2J44Xl3W25wryCObghqXddBLv6GhLRqr5T7SS6GK5Dc3czZZQ1YEe3EE5nIA yoqFQcA/HT/HcNnj+Ck4rAe4FzuG3NY3kpGUKgIz9IsIHCGYIky3NtIuH3bGd6/TDG2J ke9A== X-Gm-Message-State: AMCzsaV43ctXmSesCYHq8+Rsj14i4hK0xZbgGawREcl+gznnLuAk5lzn ybLyK+xLoj2JY9kq+9F/WTO83QRPj+6dOkHPzL/oBQ== X-Google-Smtp-Source: ABhQp+ST6RAL3MJpaxxF5cvhwG/qqE+I0pcDLnja/g5bzY7hS+oCkntbXOVsR2FEjLuJiLppzs9i+b/s+PZP/oxmhsFsTw== MIME-Version: 1.0 X-Received: by 10.37.9.66 with SMTP id u2mr1810013ybm.83.1508454877513; Thu, 19 Oct 2017 16:14:37 -0700 (PDT) Date: Thu, 19 Oct 2017 16:14:32 -0700 Message-Id: <20171019231433.11723-1-mjg59@google.com> X-Mailer: git-send-email 2.15.0.rc0.271.g36b669edcc-goog X-EEMSG-check-009: 444-444 To: linux-integrity@vger.kernel.org X-Mailman-Approved-At: Fri, 20 Oct 2017 08:29:07 -0400 Subject: [PATCH 1/2] security: Add a cred_getsecid hook X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Matthew Garrett via Selinux Reply-To: Matthew Garrett Cc: Matthew Garrett , linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Dmitry Kasatkin , Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: selinux@tycho.nsa.gov Cc: Casey Schaufler Cc: linux-security-module@vger.kernel.org Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: linux-integrity@vger.kernel.org --- V2: incorporate Casey's requested change include/linux/lsm_hooks.h | 6 ++++++ include/linux/security.h | 1 + security/security.c | 7 +++++++ security/selinux/hooks.c | 8 ++++++++ security/smack/smack_lsm.c | 15 +++++++++++++++ 5 files changed, 37 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c9258124e417..c28c6f8b65dc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -554,6 +554,10 @@ * @new points to the new credentials. * @old points to the original credentials. * Transfer data from original creds to new creds + * @cred_getsecid: + * Retrieve the security identifier of the cred structure @c + * @c contains the credentials, secid will be placed into @secid. + * In case of failure, @secid will be set to zero. * @kernel_act_as: * Set the credentials for a kernel service to act as (subjective context). * @new points to the credentials to be modified. @@ -1507,6 +1511,7 @@ union security_list_options { int (*cred_prepare)(struct cred *new, const struct cred *old, gfp_t gfp); void (*cred_transfer)(struct cred *new, const struct cred *old); + void (*cred_getsecid)(const struct cred *c, u32 *secid); int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); @@ -1779,6 +1784,7 @@ struct security_hook_heads { struct list_head cred_free; struct list_head cred_prepare; struct list_head cred_transfer; + struct list_head cred_getsecid; struct list_head kernel_act_as; struct list_head kernel_create_files_as; struct list_head kernel_read_file; diff --git a/include/linux/security.h b/include/linux/security.h index ce6265960d6c..14848fef8f62 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -324,6 +324,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); +void security_cred_getsecid(const struct cred *c, u32 *secid); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/security/security.c b/security/security.c index 4bf0f571b4ef..02d217597400 100644 --- a/security/security.c +++ b/security/security.c @@ -1004,6 +1004,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } +void security_cred_getsecid(const struct cred *c, u32 *secid) +{ + *secid = 0; + call_void_hook(cred_getsecid, c, secid); +} +EXPORT_SYMBOL(security_cred_getsecid); + int security_kernel_act_as(struct cred *new, u32 secid) { return call_int_hook(kernel_act_as, 0, new, secid); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f5d304736852..1d11679674a6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3836,6 +3836,13 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) *tsec = *old_tsec; } +static void selinux_cred_getsecid(const struct cred *c, u32 *secid) +{ + rcu_read_lock(); + *secid = cred_sid(c); + rcu_read_unlock(); +} + /* * set the security data for a kernel service * - all the creation contexts are set to unlabelled @@ -6338,6 +6345,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, selinux_cred_free), LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 286171a16ed2..ed1bbf201e2f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2049,6 +2049,20 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) /* cbs copy rule list */ } +/** + * smack_cred_getsecid - get the secid corresponding to a creds structure + * @c: the object creds + * @secid: where to put the result + * + * Sets the secid to contain a u32 version of the smack label. + */ +static void smack_cred_getsecid(const struct cred *c, u32 *secid) +{ + rcu_read_lock(); + *secid = smk_of_task(c->security); + rcu_read_unlock(); +} + /** * smack_kernel_act_as - Set the subjective context in a set of credentials * @new: points to the set of credentials to be modified. @@ -4651,6 +4665,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, smack_cred_free), LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),