From patchwork Tue Nov 21 14:19:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Lautrbach X-Patchwork-Id: 10068417 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A8574602B7 for ; Tue, 21 Nov 2017 15:07:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3982D2974A for ; Tue, 21 Nov 2017 15:07:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2E61229751; Tue, 21 Nov 2017 15:07:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81F062974A for ; Tue, 21 Nov 2017 15:07:51 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.44,432,1505779200"; d="scan'208";a="384327151" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA10.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 21 Nov 2017 15:07:51 +0000 X-IronPort-AV: E=Sophos;i="5.44,432,1505779200"; d="scan'208";a="6226696" IronPort-PHdr: =?us-ascii?q?9a23=3A7ifA+RZWFyO1Mq5xesRh5wz/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZosu+bB7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYe?= =?us-ascii?q?RWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZ?= =?us-ascii?q?TAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+t4b1rSBv1gy?= =?us-ascii?q?kZMTA3/nzchshpgK5GvB6tohpyyJPWbo6ILvpzZqPTc80US2RCQ8hRTy5MDp6y?= =?us-ascii?q?YoQRFOoMJvpUo5XnqlcSsReyGRWgCeXywTFInH/22qg63vw7Hw7YwAwgBc8Fvn?= =?us-ascii?q?LOo9XoKKcSS/u6w7PUwjXDcvhb3i/96IzSfRA8vfGMR6l/ftDKxEk1CQzKk1WQ?= =?us-ascii?q?ppb5Pz+PyusNtG2b4vNmWOmyiGAnsxl8riWgy8ojkIXEhp8Zxkra+Sh23oo5P8?= =?us-ascii?q?C0RFZlbdK4FJZcrTyWOoVoTs84Xm1luyg3xqcYtZO4eiUB1Y4pyATFa/OddoiF?= =?us-ascii?q?+hfjVOGMLjhmnH9lY7e/hwqq8Uin1+38StG40FZUoSpBldnBrmwN2AbJ6siGV/?= =?us-ascii?q?t95V2t2SqP1g/P6uFEJlo4lazHJJ463rE8jJ8TsUXHHiPumUX2irGZdlk89+S1?= =?us-ascii?q?5Onqba/qq5+BO4NulA3zPboiltaiDeggNwgBRWmb+eCy1L35+k35Ra1HjuYona?= =?us-ascii?q?ndsZDaI9kbp6GgDwBO1YYj9hC/ACu439QDhnQHMFJEdw6Hj4juIV3OJuv4Au2l?= =?us-ascii?q?j1Sjlzdr2ejKPqf9DZXVMnjDjLDhcK5/605bzgo818xf55JOBbEHO//zWEjxtN?= =?us-ascii?q?rdDhAjKAy03/joCM9m1o8EXmKPGKCZOrvIsVCU/uIvP/WMZIgNtTb/Kfgq/eLh?= =?us-ascii?q?jXwimV8ae6mp3IUXZWu2HvRiPkWYbmHjgsoHEWcWowoyVuvqiEeNUTRLfXa9Q7?= =?us-ascii?q?o85i0nCIKhFYrDXp6ij6ef0ye9H51WemdGB0uNEXj2aYqLRe0AaCWIIs9uijYE?= =?us-ascii?q?T6SuS5c91RGysw/306doLu3S+i0eqJ3sytx15+zImB4o6zN0FcOd33uKT2FukW?= =?us-ascii?q?MCXyU207xnoUxh1leD1rB1jOFEFdNJ/fNESRs1NZnZz+NmEd/yQR7Bcs2PSFm4?= =?us-ascii?q?XtWsGSsxQc4pw98Sf0Z9HM2vjhHF3yq2HbAVk6KEBJkq/aLAxXjwJ91wy3He1K?= =?us-ascii?q?Y/iVkmR9FANWyihqFk8AjSCJTFk0KDl6alba4cxjLC9H+fzWqSu0FVSA5xUKTC?= =?us-ascii?q?XXAZfUbWqND56lrDT7+oE7gnNBFOydSBKqtLdN3mk09KRPH9N9TCe2ixgXu/BQ?= =?us-ascii?q?6UxrOQa4rnY3sS3D3HB0gekgAT5m2LNRAkCSe7omLeFyRuFVb1bEzw7+ZysnS7?= =?us-ascii?q?TlU7zwuSdU1uy6K1+gIJhfybU/4S0LMEuCMkqzpqBlawxNzWBMSdqApmZqVTe8?= =?us-ascii?q?s94E1A1WLbqQNyIoCgI7plhl4EfAR9p1nu2AlvCoVcjcgqq2snzARoKa2C1lNO?= =?us-ascii?q?azKY3YvrN73SMmny/Qmja7XY21HFytqW/b0P6PsgoVX5oA6pDlYi82lg09RN0H?= =?us-ascii?q?uT/JbKDA0PUZ/qUUY47Rt6p7bHYiUn4IPUz3JsO7GusjDew9IpGPclyhG4cthF?= =?us-ascii?q?LayEDg7yHNMAB8W1MuMlh12pYggDPOBI+64+J9mmeOee2K63IOZgmyqrgnhd74?= =?us-ascii?q?B5zE2M7DZ8S+7P35se2PGXwgqHWCn6jFe9s8D4g5pIZTcMEWqj0SLkHpJeZrVu?= =?us-ascii?q?fYYXDmejO9e3ychjiJP2VH5Y8VGiC0kA2MC3ZRqYd0b90hFI1UQLvXynnjO1zy?= =?us-ascii?q?d6kzEzqaqfxzDOzv/5dBoBPW5KSmxigk3qIYSuidAVQlSoZRAzlBS5/Ub627Rb?= =?us-ascii?q?pKNnImjdW0hIezT2IH94UqurrbeCfdBA6IkzviVKVeSwe1eaSqTyoxECySPsA3?= =?us-ascii?q?NexCwndzGtopj5gwF1h3+cLHlpqHrUYt1/xRDa5NPAX/FRxSYGSDN+iTbJGli2?= =?us-ascii?q?J8Op8smMl5ffruC+UHqsVoNScSb30YOAszG76Xd2Dh2/mPCznNLnHBM+0S/60d?= =?us-ascii?q?llTz/IrBHmbonszaS6PvptflN0C1/k98p6BoZ+n5M0hJERwngamoyZ/WEZnmf3?= =?us-ascii?q?MNVb37/+bXUWSD4Q297V4Q7l2Ex/IXKS3Y75UGuSwtd5bdmgfmwWwj4979xNCK?= =?us-ascii?q?qM9rxEmi91ol6mogLLffd9mTkcxOA16H4Hn+4JoxAhziKHArAdBUNYJzDjlwyU?= =?us-ascii?q?79Ciq6VafGWvfqa21Eplht2hD6+NogdHWHb/ZJgiATV87sJlMFLDyHfz8J3reM?= =?us-ascii?q?HMbdIPsR2Ziw/AgPJIKJI1iPUKnTBoOWThvXI70e42lgFu3Yqks4idMGVh5rm5?= =?us-ascii?q?AhlFNj3ve8wc5D/tjaFEnsaZwY+jBJNhFSsXXJHwV/KnDCoStej7NwaJCDA8tH?= =?us-ascii?q?GbFqfEEA+B7kdpsnLPH4qtN36JOHkT1c9iSwWFJExDnAAUWy03noYjGQC3wMzs?= =?us-ascii?q?a1t25jEN5l/4sxdMxPhnNx/lXmfYvgeoZS8+SIKDIxpO8gFC+0DVPNSd7uNzGy?= =?us-ascii?q?FX4IasrAmKKmyVaQRHE30JWlCEB1DkO7mh+8PM8+6GCeqiN/HOe6mBqfRCV/eU?= =?us-ascii?q?wpKiyoVm8CyKNsWTOXliCuY22kRdUn9kHMTZgS8ASzQNlyLKbc6Uuguz+jFtos?= =?us-ascii?q?C46vTrVxrl5ZGTBLtKLdVv5xe2jL+ZN+KKiid1MzNY2YkIxX/PyLkSx0QdhD1r?= =?us-ascii?q?dzW3FrQAryHNRrrKmqBLFx4bdz9zNMxQ4qIyxAlCJ9PUisjv2b5+kv41DExFWE?= =?us-ascii?q?f7lc61YMwGOWa9NEnIBEyTLrSJOSXLw93rYaO7UbBQiv9UuAeouTaDCELjMDWD?= =?us-ascii?q?lyPyVxCzP+FMjSebMwZYuI6hcxZiE2zjQMjhah2hP999lSc2zqEshnPWKW4cNi?= =?us-ascii?q?BxfFhWobGX6SNYg+5/G3Ba7nZ/NumLhTqW4/PDKpkItftrAyJ0l/9V4Xkh17RU?= =?us-ascii?q?7DtEROFumCfIoN9huU2mkvKIyjphShZOrSxLhI2Tt0V4JarZ7oVAWWrD/B8V62?= =?us-ascii?q?WQChAKp997Bd30oK1f0MbAlLj0KDtY9NLU58QcDdDOKM2bKHohLQbpGDnMAQQe?= =?us-ascii?q?TD6rOmbfh0pGnf6P6HKatZk6pYLqmJYUTb9bTlM1HOsACkt5BNwCPIt3XjQ8nL?= =?us-ascii?q?GBg84H/2S+owfKScVdppDISPSSAfD1JzaYiblLfBwIwLziIYQULI371FRoakNm?= =?us-ascii?q?k4TSB0rQQddNrzV9bg8zpUVB6mJ+Tmoy2k37bAOi+2UTFfmqkR41kQZxfeMt9D?= =?us-ascii?q?Lw7FgtPVrKuDE8kE8vltX5mTqRaiL+LL+sXYFKDCr5r04xPY3hTAZxdgCynktk?= =?us-ascii?q?NCzYR71LibtgbmNriA7GtZtJB/FcUbVOYAUMyvGPe/UozVNcpz29xUBZ/uvKF4?= =?us-ascii?q?FtlBE2fp6stH9PwANjbMQoKqzXKqpJ1kJQibyOvyOy0OA+3hMeLV4X8GyOYC4I?= =?us-ascii?q?pFAINr4+KiW15ONs9w2ClCZYeGUXTfUquOhq9kQzOuSb0S3vz6NDKlqwN+yDL6?= =?us-ascii?q?KVoW7AmtCUQlkozEMHi1FF/aRq0ccka0eUU0cvzKGPGBQPNMvCLhpYb8VU9HjO?= =?us-ascii?q?ZyqOtv/NwZ1tNYWnCu/oVfOOtLoTgk+8BwYmAYAM7sUHHpmx30DVNtvoLLkAyR?= =?us-ascii?q?ox/gvrP0mFAO5PeB2VjDcNu9u/w4Nv3YlBOjEdBn1wPjir6bbSoQ8qhuaDUMot?= =?us-ascii?q?b3cEQIQELHM2Wcy9my5fpXhACie40v4BwgiY8zD8vjjQDCX7b9d7ePeUZBZsCN?= =?us-ascii?q?aq+TU/86m7kkPY8pTeJm7gLttuoNnP5v0Gp5yfEfNbUaF9s1vAm4lfX3GlSWrP?= =?us-ascii?q?Ed+pKJfuc4YsaNz1CnC9Uly5kT04VNz+PNe3IaiOmA3oS5tUvJOd3D89Kc+3Di?= =?us-ascii?q?seFAtop+Ef+KJ8YhUObIElbh7urAkxLbGwIBmG3dW0WGaiMyFWTvlFweW9fbxX?= =?us-ascii?q?wDImbvWmx3s4UpE60+63/FYXRJEMjxHR2fajZ45aUSjoAnJTYhjBqzAlmmZmLe?= =?us-ascii?q?s93uA/wBbUvlYGKDCLaPZlaGpasNEgHVmSO2l5CnIkR1+AiorO+hKj37II8CRB?= =?us-ascii?q?hNtbzepFsHz6vp/efj2sQrCrpovJvCogd9QmpLdxMYP7KMucqJzehiDfTIXXsg?= =?us-ascii?q?CdSi61DeBamt9LLy9DXPlIg3sqOdIYtopF6EoxUMg+J7hOCKkjprCqdTRkAjQI?= =?us-ascii?q?zS8cTY+A2iINgvuk0bvAihiQaIgiMAADsJhajNoRSTJ5YiMfpK+mVoXZjWyER3?= =?us-ascii?q?MKIAgN8wtD+hgMlohqfuDq+IDIVoNDyyZKo/JoVSvGDpxo+EHhSmGVn1f4VPSh?= =?us-ascii?q?k+qm3Q9JwvPjyN8bVwJ7CUha2uZZi1AoJKtxK6YOoo7AqiWIel/ivGLx1OumI0?= =?us-ascii?q?FcydXTd138FoXFr2T9UioY+X0aXoJPzXbfFZMJkwVndKkrvlJMIJu9ekb/4Twk?= =?us-ascii?q?yJ5lH76iVcCk31wlt2oJRz+2E9pdDOFrqEjYWCd4Y5CtspnlOI5fQm5R+J2ct1?= =?us-ascii?q?dWi19hMyinxppAM8tN+CIDXCBToTWBu9u/UNFD2chzD5IXPtdzp3L9F7heNJiX?= =?us-ascii?q?vXI2pqTlymXF9DAkrFe62DKzFre4T+1D5W0RAAEpKHmFp0YyEeQs6n/S/U7Jsl?= =?us-ascii?q?9q5edXHL+PjV9+oDxlBJBBGi5J1Wy5L1R0VHRGseJaJ7rOfsNBXfYyfgGgOwYi?= =?us-ascii?q?FfE4wkOF50d0kmnlYyZqrAtV5zjdXxUoVSkSmrrigjMepd27NTIYVp5FYy4sYD?= =?us-ascii?q?vCKwKehS9Ypg1fa11wV5AfHNlF56kR3ZFI8craVUasNSYFUQR4Ng0mzPVflVRM?= =?us-ascii?q?sFmDdCDZCgqoa+jAvgNrcseWscGmMu71/AFZhYP7qOo47bkMR2W6mQ2xRtDTt5?= =?us-ascii?q?f8tsaWtkSUaaj4L/axYWTGTDjRlxC/makrD5/W/yjJKgVbL4N2yX0+YZjuEWTL?= =?us-ascii?q?JwhJJ7oHJ0pHUqB3cclGovpEaMB6ZakE4rJtBhabRhP1AoOvsvhGLlHXRTvAMy?= =?us-ascii?q?WN6Ou/oZjc7bbFU+jvetSMx2rbQ6JwJpp67CP0G7Pu0YBA5kr2xu1i+VlhRFjA?= =?us-ascii?q?LS+BsM/hKR8R68m6aETupJspEi3KAJ1oinri2llAd9YLQy2t6JkYyolW6Gz3Se?= =?us-ascii?q?Jj1kj8qvNS+qJh6Ykq57Bp1ca0KrvTKftAt09nGQKYBgJw9pUiGGJ/XXxeYvcN?= =?us-ascii?q?KPfNeqQUlcLupPrxF6wZ8h2V/PFWZsXcKkHdgMa/DCqcSRtekAcHtzEaMhOW1+?= =?us-ascii?q?SZlK9sVcalue/511oi41ijLx4GyLRt6pmB+qeTueDYcQDezbkeVajsXM/zqa4s?= =?us-ascii?q?u0yK7/0+iLEOYnB1YxGgEOUFVM4dx2LgwLsvzS0yE8LMAajg+P9FV3I2hD7gnY?= =?us-ascii?q?5yH0kOEPMOAbWL5Zhenns/m+HBMN0WdrtPmmeJFR6hCLMCyHir6yWNIGZ/mRHO?= =?us-ascii?q?zwvwQX6v41/qsC94WzXDw83kkkpPWbm9HV1SUDaxOU9krDOPOxLltN/wuaQz8E?= =?us-ascii?q?E2PXLrucmIlGugIrxXGdPwJMCSICkzvlIXj4YxSsap2Y8FBdq3OM0R/21mbvvC?= =?us-ascii?q?92OrlDdMo6Nch4rb4syY4fvXEme9gK2dsbWC3ihYymI/vVE99N+vKu3O68eNQ/?= =?us-ascii?q?Sy2GYbVz1/tBfZXx6ptrzbqEgZOU2K0UjRgoMFIspU3WIm2UH6+ucsXMg/9AJE?= =?us-ascii?q?FobPf/kCvyz8OCPowVaDZNI6TjKR0zpMHlP7C1Z4Gqk82H7ovM3TiHfQ/0YlSZ?= =?us-ascii?q?V3d0P6mxN4FZg4KVgq6FgN2CUPCw8NaQqUDLuwH0TqMZMEVVQfaRSAxLW6Yr04?= =?us-ascii?q?3VFvzbOv6u7TavZ8B6kUOvZGkAGOmFlbGpQLsawRW798Y0VS9LLLqQjiBYnnWO?= =?us-ascii?q?LmlXkqOf22XM9a68YZuGUm4gqlQBqg85hD5a4BiJ+Ubq5EfYTMvMdk4kd7/z4A?= =?us-ascii?q?aChNjwJ5jxynSu0TueHj4tfasJq08OmuT7wiR/8K9xQuAWRxkYfwikg5od7Lz+?= =?us-ascii?q?dcVpHViYPn/QBCOXGKopjV0wV8KecVL4Krfapg+GsHJycEOnIOJsCaa/8i7C9x?= =?us-ascii?q?KD/T/UBNAtsQZdMEO8rAgQ9UhVPvWLFP8crbHViUC5xteMAs7mr3zi018JQnX+?= =?us-ascii?q?bk9jC2P5De4EtXM/NFkipsiMrIpPIJzvrKFCgX/X6ZZgBzwiOD15aNDPLw8v+X?= =?us-ascii?q?yN3OVlMGGSk2U5xGJDeZ/AyqSeW0mI/uUgOO5c/5mIg+e16IRnytgKQFtb5BEe?= =?us-ascii?q?FchSXgxThSD537if2Tvdqt7mtXq1JGHZ187R3AAqpfOIt0NQ7/lsmxSUh2HjH/?= =?us-ascii?q?d93MdhoypOqWwf8B4+d5N0v+Y48XOA4Ly7L+6XpIUwRvSb/2vlCCXeISZdtrU+?= =?us-ascii?q?3ErnFL6Y16L68AIVmdqIbsrjhWtFA8GBUpZ6MorjxGaknOmxVYW6fquLEajAsR?= =?us-ascii?q?Stp5uVJRFmKxP2I+/CDLVaNPjKmeEPYV6CmcTrQSU0V0NSNzWxG114tge7unmf?= =?us-ascii?q?BKqW1HkTl7oPc0zzxqXh28tjPwp6gVwzIv5Km4tCkduXxCVuienCPICVJNzfsU?= =?us-ascii?q?iaccD23v6Ue7YHkFbYv9/KNrJcL++ok9+34/ewksfzUaXeS8DCH9l6GIAoyPsd?= =?us-ascii?q?JEgx6NvMTObaOtIiUJM7Q9yA7jR2Jj3QTEmxZo6mQLSC267NA4PIW9Jdolxi2w?= =?us-ascii?q?FGjHdVYM57hEsNfwtVEXT+s5d1dhzH9l0seZWi0HXNbPFHotjgg4dWVEd4pO6R?= =?us-ascii?q?obF6krgTaIubJL/gMObzfXFYSl/JffncHS1Xk7U9hq2nrcpreZiZMyzH1lh9R0?= =?us-ascii?q?4zaVt3sMcezYT9RhAmP31odY1ez+e+utvf4aR4d8z7ShSvACONG5+WSqwJVqRl?= =?us-ascii?q?OlxrMGElq3LuADwrbbUz+7RmCDWOWLcm2MnzMnPU7o4RmnMEc7aMBQr08yKuHC?= =?us-ascii?q?nIJTlxX9UbNoQSWdvVHazHQ5MeMbaw05ppyqewkLTO4NfeiTO/IiwPokCFsDd3?= =?us-ascii?q?XJBzd5C/eqsV6xm4h2I3Jg4UHkbun26gDmNMGdGgIYEY7bspFx5ea6SXyfNnN6?= =?us-ascii?q?yh19IlV0/f/FF1stru9cb4qRnd/IitR/0O4FceptMCIktt4Xm4Jj8pWU0NyRfB?= =?us-ascii?q?HQ1JnyI9bVruKfA/3FwEQgYntaXaYBYQPp+4U6OcY0W7jJErRFvRQcBK46QJs6?= =?us-ascii?q?Omfv9aF0Kh18cgrQZLSyn8nrqfiHZpxOp3/Z9lgwNjvTuwUfyvyoSgx2d5KqiG?= =?us-ascii?q?/xIJA3XT1MtMBtCh16HItPHMMAsgWnA56ImK2hjd++5V96sfcQsaXsEvDKyMi5?= =?us-ascii?q?34JpUphY4EyLOyzRBLNqgkR+lemyhO3P0pzvBsPjY98EU/J7QmHdYL/cAoq/Mi?= =?us-ascii?q?6OOt77e0Ne6L6c3rd5XQmQaS36RKeGqjOrNO9l4UQ6zYx4evDfzDoz4LHHi5PO?= =?us-ascii?q?YDRAqyOiq2OZHIdO51zNQ+rFVlRbTuTW3nxiGPgvYJfuvMMHLMA4ytGX40En9D?= =?us-ascii?q?BLzdefKaGJtELA2ktnM5ncKR26iG4CRYAWLUHnYgMXimjDpyGYWCxR?= X-IPAS-Result: =?us-ascii?q?A2CPBABtQBRa/wHyM5BbHQEBBQELAYMQKQOBVCePEo42mF+?= =?us-ascii?q?CChEYii5BFgEBAQEBAQEBAQFqKII4JIJKAiRVAwkCSAgDAWwFiE2BQw0Dqns6i?= =?us-ascii?q?zWDNIIHgVWBaYUIiTYBBKI+lH8Ni3OHWAKTCYMsgTomAy+BdFUlFYMthGB2i24?= =?us-ascii?q?BAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 21 Nov 2017 15:07:50 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vALF7T7O030474; Tue, 21 Nov 2017 10:07:33 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vALF7RuY101967 for ; Tue, 21 Nov 2017 10:07:27 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vALF7QeR030472 for ; Tue, 21 Nov 2017 10:07:26 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1B/BgCqQBRa/yIbGNZbHAEBAQQBAQoBA?= =?us-ascii?q?YMQKQOBVCePEo42hHoBk2SCEQoThSiFC0AXAQEBAQEBAQEBa4V0UoFRiFKBQw0?= =?us-ascii?q?Dqnw6izWDNIIHgVWBaYUIiTYFoj6Ufw2Lc4dakwmDLIE6IQE2gXRVJRWDLYIMg?= =?us-ascii?q?QWBT3aLbgEBAQ?= X-IPAS-Result: =?us-ascii?q?A1B/BgCqQBRa/yIbGNZbHAEBAQQBAQoBAYMQKQOBVCePEo4?= =?us-ascii?q?2hHoBk2SCEQoThSiFC0AXAQEBAQEBAQEBa4V0UoFRiFKBQw0Dqnw6izWDNIIHg?= =?us-ascii?q?VWBaYUIiTYFoj6Ufw2Lc4dakwmDLIE6IQE2gXRVJRWDLYIMgQWBT3aLbgEBAQ?= X-IronPort-AV: E=Sophos;i="5.44,432,1505793600"; d="scan'208";a="123925" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 21 Nov 2017 10:07:26 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AycT4IBGXO+RKRcw6Gawu5p1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78pcmwAkXT6L1XgUPTWs2DsrQY07KQ4/2rBzxIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfa9+IA+1oAjRucUbgIhvIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1ji?= =?us-ascii?q?oMKjw3/3zNisFokaxVoAyvqRJ8zYPPfI2ZKOBzcr/Bcd8GWWZMWNtaWSxbAoO7?= =?us-ascii?q?aosCF/APMvhEr4nnulAAqwGxBRSwBOP10TBHnGP53a0n2OkmCQHG2BYvH88SsH?= =?us-ascii?q?TOt9r6LrwfUfqrw6bVzTXMde9W1S3h54jPdxAsuPeBVq9zf8rJ0UQjCR7Jg1qK?= =?us-ascii?q?pYD7MD6ZzPoBvmqB4+duWu+jk3Arpx11rzS128shhJfFipgIxl3H+yh12pg5KN?= =?us-ascii?q?6+RUVme9CrCoFQuDufN4ZuQsMtXWVouCEix70boZ60ZzUFxIkjyh7HcfOLb5WE?= =?us-ascii?q?7gj9W+mPJDd4n31ldKi6hxmo8EigzvfwVsy10FZOtiZFk9/MuW4R1xHL9MSLV/?= =?us-ascii?q?Rw8l2/1TuAzQzf9ONJLVo6mKfUM5Ihx6Q/lpsXsUTNBC/2n0D2gbeOdkUg4Oeo?= =?us-ascii?q?9vjnYq/9qZCGLIJ0kB/xPbkumsOlHeQ0KBQBX2+e+eikzr3s4VX5QKlWjv0xiq?= =?us-ascii?q?TZq47VJcAapq6/Hg9U3Z0u6wq/Dji60NQYmmMLLFReeB2dlYTpNFbOIO6rRcu4?= =?us-ascii?q?1k+hlDZt2uDuIqzqApKLKGPK1rjmY+VT8UlZnTI+0coXw5tJFqsLKfnzEhvpsN?= =?us-ascii?q?XFEgUzOiSuzurnAck73YQbDzHcSpSFOb/f5AfbrtkkJPOBMdcY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CbBwAwQBRa/yIbGNZbHQEBBQELAYMQK?= =?us-ascii?q?QOBVCePEo42hHoBk2SCEQoThSiFC0AXAQEBAQEBAQEBAWoogjgignJSgVGIUoF?= =?us-ascii?q?DDQOqezqLNYM0ggeBVYFphQiJNgWiPpR/DYtzh1qTCYMsgTohATaBdFUlFYMtg?= =?us-ascii?q?gyBBYFPdotuAQEB?= X-IPAS-Result: =?us-ascii?q?A0CbBwAwQBRa/yIbGNZbHQEBBQELAYMQKQOBVCePEo42hHo?= =?us-ascii?q?Bk2SCEQoThSiFC0AXAQEBAQEBAQEBAWoogjgignJSgVGIUoFDDQOqezqLNYM0g?= =?us-ascii?q?geBVYFphQiJNgWiPpR/DYtzh1qTCYMsgTohATaBdFUlFYMtggyBBYFPdotuAQE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.44,432,1505779200"; d="scan'208";a="6042628" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from upbd19pa01.eemsg.mail.mil ([214.24.27.34]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 21 Nov 2017 15:07:25 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;97da2cb7-1e5f-4fad-9063-1db1bad3ced6 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC14.oob.disa.mil (Postfix) with SMTP id 3yh7dH1VqWzJ3Cb for ; Tue, 21 Nov 2017 14:44:03 +0000 (UTC) Received: from UPDC3CPA04.eemsg.mil (unknown [192.168.18.11]) by UPDCF3IC14.oob.disa.mil (Postfix) with ESMTP id 3yh7dG6rJpzJ3CL for ; Tue, 21 Nov 2017 14:44:02 +0000 (UTC) Authentication-Results: UPDC3CPA04.eemsg.mail.mil; dkim=neutral (message not signed) header.i=none X-EEMSG-check-008: 206525106|UPDC3CPA04_EEMSG_MP20.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.132.183.28 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CjAQDLOhRahxy3hNFbHAEBAQQBAQoBAYMQggAnjxKONoR6k2WCEQoThSiFC0EWAQEBAQEBAQEBEwEBAQoLCQgoL4VMUoFRiFKBQw2qeTqLNYM0ggeBVYFphQiJNgWiPpR/DYtzh1gCkwmDLIE6JgOCI1UlFYMtggxggXRANotuAQEB X-IPAS-Result: A0CjAQDLOhRahxy3hNFbHAEBAQQBAQoBAYMQggAnjxKONoR6k2WCEQoThSiFC0EWAQEBAQEBAQEBEwEBAQoLCQgoL4VMUoFRiFKBQw2qeTqLNYM0ggeBVYFphQiJNgWiPpR/DYtzh1gCkwmDLIE6JgOCI1UlFYMtggxggXRANotuAQEB Received: from mx1.redhat.com ([209.132.183.28]) by UPDC3CPA04.eemsg.mail.mil with ESMTP; 21 Nov 2017 14:20:00 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2C9D381DEB for ; Tue, 21 Nov 2017 14:19:52 +0000 (UTC) Received: from workstation.redhat.com (unknown [10.40.205.37]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6AC5E6C427; Tue, 21 Nov 2017 14:19:51 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Petr Lautrbach To: selinux@tycho.nsa.gov Date: Tue, 21 Nov 2017 15:19:40 +0100 Message-Id: <20171121141940.24371-1-plautrba@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 21 Nov 2017 14:19:52 +0000 (UTC) Subject: [PATCH] libsemanage: Use umask(0077) for fopen() write operations X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When a calling process uses umask(0) some files in the SELinux module store can be created to be world writeable. With this patch, libsemanage sets umask(0077) before fopen() operations and restores the original umask value when it's done. Fixes: drwx------. /var/lib/selinux/targeted/active -rw-rw-rw-. /var/lib/selinux/targeted/active/booleans.local -rw-rw-rw-. /var/lib/selinux/targeted/active/policy.linked -rw-rw-rw-. /var/lib/selinux/targeted/active/seusers.local drwx------. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/cil -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext drwx------. /var/lib/selinux/targeted/active/modules/disabled -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote Signed-off-by: Petr Lautrbach --- libsemanage/src/database_file.c | 3 +++ libsemanage/src/direct_api.c | 15 +++++++++++++++ libsemanage/src/semanage_store.c | 4 ++++ 3 files changed, 22 insertions(+) diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index a21b3eeb..d0172e73 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -119,13 +119,16 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) cache_entry_t *ptr; const char *fname = NULL; FILE *str = NULL; + mode_t mask = 0; if (!dbase_llist_is_modified(&dbase->llist)) return STATUS_SUCCESS; fname = dbase->path[handle->is_in_transaction]; + mask = umask(0077); str = fopen(fname, "w"); + umask(mask); if (!str) { ERR(handle, "could not open %s for writing: %s", fname, strerror(errno)); diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 00ad8201..46072f92 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1176,6 +1176,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) sepol_policydb_t *out = NULL; struct cil_db *cildb = NULL; semanage_module_info_t *modinfos = NULL; + mode_t mask = 0; int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, @@ -1212,6 +1213,8 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Rebuild if explicitly requested or any module changes occurred. */ do_rebuild = sh->do_rebuild | sh->modules_modified; + mask = umask(0077); + /* Create or remove the disable_dontaudit flag file. */ path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT); if (access(path, F_OK) == 0) @@ -1645,6 +1648,10 @@ cleanup: semanage_remove_directory(semanage_final_path (SEMANAGE_FINAL_TMP, SEMANAGE_FINAL_TOPLEVEL)); + if (mask) { + umask(mask); + } + return retval; } @@ -2016,6 +2023,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, const char *path = NULL; FILE *fp = NULL; semanage_module_info_t *modinfo = NULL; + mode_t mask = 0; /* check transaction */ if (!sh->is_in_transaction) { @@ -2076,7 +2084,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, switch (enabled) { case 0: /* disable the module */ + mask = umask(0077); fp = fopen(fn, "w"); + umask(mask); if (fp == NULL) { ERR(sh, @@ -2722,7 +2732,9 @@ static int semanage_direct_install_info(semanage_handle_t *sh, int type; char path[PATH_MAX]; + mode_t mask = 0; + mask = umask(0077); semanage_module_info_t *higher_info = NULL; semanage_module_key_t higher_key; ret = semanage_module_key_init(sh, &higher_key); @@ -2834,6 +2846,9 @@ cleanup: semanage_module_info_destroy(sh, higher_info); free(higher_info); + if (mask) { + umask(mask); + } return status; } diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 63c80b04..74fbb677 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -2099,11 +2099,13 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, const char *kernel_filename = NULL; struct sepol_policy_file *pf = NULL; FILE *outfile = NULL; + mode_t mask = 0; if ((kernel_filename = semanage_path(SEMANAGE_TMP, file)) == NULL) { goto cleanup; } + mask = umask(0077); if ((outfile = fopen(kernel_filename, "wb")) == NULL) { ERR(sh, "Could not open kernel policy %s for writing.", kernel_filename); @@ -2127,6 +2129,8 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, if (outfile != NULL) { fclose(outfile); } + if (mask != 0) + umask(mask); sepol_policy_file_free(pf); return retval; }