From patchwork Mon Nov 27 20:33:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Lautrbach X-Patchwork-Id: 10078979 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D9A17602BC for ; Tue, 28 Nov 2017 08:34:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C02C328D11 for ; Tue, 28 Nov 2017 08:34:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B4322291C4; Tue, 28 Nov 2017 08:34:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0929728D11 for ; Tue, 28 Nov 2017 08:34:54 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.44,467,1505779200"; d="scan'208";a="579324786" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 28 Nov 2017 08:34:53 +0000 X-IronPort-AV: E=Sophos;i="5.44,467,1505779200"; d="scan'208";a="6189948" IronPort-PHdr: =?us-ascii?q?9a23=3AiIZZtBKp3MiUZuU/qtmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgTLfr/rarrMEGX3/hxlliBBdydt6oczbuH+Pm6ACQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9HiTahfb9+NhG7oAHeusULn4duN7s6xwfUrHdPZ+?= =?us-ascii?q?lY335jK0iJnxb76Mew/Zpj/DpVtvk86cNOUrj0crohQ7BAAzsoL2465MvwtRne?= =?us-ascii?q?VgSP/WcTUn8XkhVTHQfI6gzxU4rrvSv7sup93zSaPdHzQLspVzmu87tnRRn1gy?= =?us-ascii?q?gJLT459HzchNJ2gqxVvRmtowVzz5PIbI2QMvd1Y6HTcs4ARWdZXshfSSJPDIC+?= =?us-ascii?q?YIsBEuQBJeRVo5TzqlQQthuzHhWgCP/1xzNUmnP6wbE23uI8Gg/GxgwgGNcOvW?= =?us-ascii?q?zOotrrKKcSS/2+wq/SwjXec/NWwyzy55LUfRAhvPqBWqpwcc7LxkkyCwPFlE6f?= =?us-ascii?q?ppb+MjOPyOsCrmib4PB8Ve61l2EnrARxryGpy8wxiYfJnpoYxk3L+Ch22oo4Jc?= =?us-ascii?q?C0RFRlbdOrDpdcrTyWO5NoTs8+R2xkojs2x7MYtZKhYSQHy5oqywTBZ/GEdYWD?= =?us-ascii?q?/wjtW/yLIThigXJoYLe/hxGv/ke+0uD8Tcy00EpSripCj9nMqmgB1xzN5ciDTf?= =?us-ascii?q?tw5luh1iyV1wDS9+FEOlo4lbbbKpE9wr4wkYAfsULfES/thEr6lqqWdkQg+uSw?= =?us-ascii?q?6uTnZKvppoOEOoNphQzzPb4il8yiDegiLAQDUHaX9f6h2LH7+E32WrRKjvk4kq?= =?us-ascii?q?nDt5DaINwWprWnDA9R04Yj7Qu/Dji/3NsDmnkHMVRFdw6ZgIjyIFzOPPD5Auu/?= =?us-ascii?q?g1SrijtrwevGMaf7DpXCKXjDjq/tfaxh5E5E1Aoz0ddf6opWCrEGJvL8QFPxtN?= =?us-ascii?q?zCAR8/KAG0weHnCNN41owEQmKPHrGWMLnJsVOS4eIvOeaMbpcPuDnhM/gl++Lu?= =?us-ascii?q?jXghlF8ff6mmx4cYaHOjHvRhJUWZYGTsj8wPEWcOowo/Q/fliECEUT5Pena+Ra?= =?us-ascii?q?U85is0CIi+F4fMWpitgKCd3Ce8BpBWfn5JBUuSHnfudoWER/AMZTmTIsB/jDML?= =?us-ascii?q?S6KtS4g71RGhrAX60aZoLvLI+i0EspLuzMV65+rVlRE06DN7EcCd02CWQm5ugG?= =?us-ascii?q?wIXTg20Lp4oUxnxVeJybJ4jOBAFdxP+/NJVR83OoPAz+NgEdD/QR7OftCMSFm6?= =?us-ascii?q?WNqmGi0xQsg3w9AQf0Z3A8+igQzb3yq2H78VkKSGBJ0y8qLAwXfxI9hyy3PY26?= =?us-ascii?q?k9lVknQtBCNWq+hqFh8QjTApTGk0Sdl6mxcqQd0zTB9GCZzWqBpEtYShJ/Ub3Z?= =?us-ascii?q?XXADYUvbtdT450LFT7+oErknNw9BxdeDKqtMcNHpi09JRO3gONTffWK+hX28BR?= =?us-ascii?q?CWybOQdIDqYXkS3D3BCEgYlAAe5WiJNRAkCSe7omLeFydjFUr1bEP28Ol+s2u7?= =?us-ascii?q?TksuwA6WcUJtzb21+gQahfaEUfMcwqoEuDs9qzVzBFu80dPWC96FpwV/ZqVRet?= =?us-ascii?q?0970la2mLerQxyJISgL7plhl4cbQt4o1/u2w9wCoVansggtGkqwxZqKaKEzFNB?= =?us-ascii?q?cCuV3Z7qOrLNLGn94BGva7XN11HbyNaW+74D6O82qlX4pg2pEVAi83p/2dlPz3?= =?us-ascii?q?Sc/onKDBYVUZ/pUUY47Rt6p7bHYiQm5IPbz35sMa6psjPY3NIpHuQlwA66f9hD?= =?us-ascii?q?KKOECBPyE8oCCse0NeMqgVmpYQwePO1J7qE7I8ame+GB2K6xM+ZqhCimgnhf4I?= =?us-ascii?q?BhzkKM8DJxRfLS0JYB3f6YxReHVjf7jFq6qcD4hYFEai8UHmqjyCjrHpRdZqts?= =?us-ascii?q?coYXEW2uOdG4xs1ih57xXH5V7ESjCE4b18KydhqSalP80RdW1UsJvXytgTG4wC?= =?us-ascii?q?BskzE1sqqf2zTDw//sdBodPW5LX3VigEz3IYiyiNAbUk2oYBIvlBe/40b12bRb?= =?us-ascii?q?rrxlL2bPWUdIYzT2L2Z6X6q+rLWCZ9JP540ysSVMS+m8f06VSqTmrBsH1iPvBW?= =?us-ascii?q?xexCo0dzuyoJX2gwR6iH6BLHZ0tHfZZdx/ygre5NPGQf5cxSYJRC59iTbLHFe8?= =?us-ascii?q?JMWp8c+Sl5jdruC0T3ihWYFLcSn30YOAszO25XNrARKjg/CzncfnHRIm3i/70N?= =?us-ascii?q?lqUyrIoQ34Yonq0aS1K/hnfk5yCF/78cp6FZl0kpEsi5EIxXgampKV8GIDkWfy?= =?us-ascii?q?KtVbxbvybGETSj4Pwt7V5hXl2UJ4I3KS34L5V3Odwsp9aNmheG8W3Dwy79xSAq?= =?us-ascii?q?eO8LNEhTd1oka/rQ/Je/h9mTMdyf8w534An+4JvwQswz6GArAPAUZYJjbglxOS?= =?us-ascii?q?79CxtK9XfnqgcaCs1EpimtCsFLKCrR9aWHbiYZoiHjF/7sNkMFLKznLz9pvoeN?= =?us-ascii?q?7KbdIcrheUiQvPj/BJKJItkfoHnTJnNnjgvX0h1eE7lQZh3ZemvIeZMWVg57+5?= =?us-ascii?q?AgVGOT3vfMMf4CrtjaFDnsaMw4+gAJthGjIRXJvnU/2kCjQSuur7NwyWCj0ztm?= =?us-ascii?q?+bGabDHQ+Y8EpmsXTPHI2wOnGJInkW0NViSAObJENBnAAeRC86kYIhFgC22Mzh?= =?us-ascii?q?d1905igL6V7lrhtB0f5nNxjjUmbfvQuoZC07SJ6FIBpR9AFC6F/fMdaC4eJrAy?= =?us-ascii?q?FY4pqhoRSOKm2bYwRHE3oEWkmDB1DtMLmh+8XA8/SYBuq5KvvBf6+CqepAWPeU?= =?us-ascii?q?3ZivyJdp/y6QNsWTOXlvF/M71VBFXXBlHMTZni4CSyIJmC3QaM6bvg2z+jVtrs?= =?us-ascii?q?C48vTkRh7g5ZeVB7tVK9Vv9Ai8gb2fOO6ImCZ5NTFY24sWxXPSxrkTxlsShDtq?= =?us-ascii?q?dzmqEbUNrjTCQ77VmqNNCB4bcSxzPtNS760gxglNJdLbitTt2752lP46FUpKVU?= =?us-ascii?q?f7lcGvecwKJHq9OUjdC0mXMbSKPzrLw9v4YamkU71fkP1UtwGsuTacC0LjOC6D?= =?us-ascii?q?mCPxVxC3KuxMgiCbPAZFuIGhfBZtCG7jQ8jgahKnMd94lzk2zaczhnPQOm4WKS?= =?us-ascii?q?J8fF9Vrr2M8SNYhe1yFHda4XZiKemEmj2Z7/XDKpoMqvtkHDh7m/hB4Hskz7tV?= =?us-ascii?q?7SdEROF6mSbJstFvo0umkvSUyjZ9XhtBsCpLhJmMvUVkI6nZ8YNAWXnc9hIX8W?= =?us-ascii?q?qQEwgKp8diCtD3vaBQy9zPlKbtJzdZ6N/b59UTB9LTKM6dN3ohKxXpEibODAQZ?= =?us-ascii?q?VT6rKX3fh0tFnf6J932VoZ86qp73lZUTVLBUT101GekcCkh/G9wCOph3VCs+kb?= =?us-ascii?q?GHlM4I+Wa+rB7JScpAsZDITOySDuv0JTaelblLeR0IwbbiIoQSMo30wEtia1Zg?= =?us-ascii?q?kITNAUrQUshHojd9YQ8svEVN7H9+Q3Uv20LibwOh+mUTFfm1nxEojAtxev4t9D?= =?us-ascii?q?Dy7Fc0PVfFuCwwkEwtltr/mjCRbCT9LKGuUoFKEyD0rVQ+MovnQwZpag2/hUpk?= =?us-ascii?q?OyneSLJVlLZgdmdriBTAuZRVH/5cVq5EYB4KyfGRefoozUxWqj+7yk9f+evFFZ?= =?us-ascii?q?ximRMwcZGytHJPxRhsbMQpKqzQP6dG1VlQhriTsS+v2OAx2BUeKFgN8W+Ifi4H?= =?us-ascii?q?plAIPKE8JyW05uxs9RCCmzxbdWcRTfUqvPNq+V4mO+mb1S3gyaRDKke/NuyEMa?= =?us-ascii?q?yWp3XAldSJQlMs1kIEjU9F8qZq0c07aUqbS1gvzKeNFxQOLcfCLQZVb9BM+3jV?= =?us-ascii?q?fCeOtv7AwZ1zP4WgDOzoSvWOtKkMiEK+AAkpB5gM7tgGHpS0y0HXM8PnLL8DyR?= =?us-ascii?q?Uw6wXmP0mKDPNMeB2XijgHuN2/wIVx3YZDOjEXGX99Pjmv5rbLug8qh+KOU8oq?= =?us-ascii?q?bXcfWYsEMG42VNChli5HoXtAFji30+MeyAiE9TP8oDrfDCXkZdp5ePiUfQ9sCM?= =?us-ascii?q?2x+Tgn76i2iFvX8pLCJ2H6NdVvocLA6eIappmdEPxYV799vFnAm4NAXXylT3bP?= =?us-ascii?q?EcKpJ5j3c4Qjd9j0CnemXVOhkz01SsfwPNCqLqiOmw7lXp1bsIiB0zAlLMO9GC?= =?us-ascii?q?weFw12p+4d+KJ2fRcDbIYjYR70qwQ+MLSyLxyG3dWoWGuiMyZZT+dBwuWgfLxY?= =?us-ascii?q?1TAsb++gxHsnVJE6wPG98VQRS5ESkhHe2fGjapFEUSj1G3xSZwXPpS09l2h6Lu?= =?us-ascii?q?g82/oxzgnUvFcbKD2EaOtpaGlYsN4mHlOSPW96CmwmSF+AlYDD+BKj36gO/ytB?= =?us-ascii?q?mNZZyfFKsHrksZDDez+jRKurqZHRsyohc9cmubFxPpL/LcuGrp/emSbfTJbIuA?= =?us-ascii?q?2fTCG6D+ZamsRXIC9AWvlHg3slOcsdtoda9UoxTN0xJ6JRB6kop7CqbzVkDSoT?= =?us-ascii?q?zS8WV4OAwDICjf2m27vfjBuQdootMAAcupVYntQdSzJ2Yj8ZpKK7WYTajXOLSm?= =?us-ascii?q?gKIAcW7ARD/gEAm5Rxfu/7/oXHUoVAyzlMo/J7SiHLDIVn90PnSmGKhlj1UPCh?= =?us-ascii?q?nPaz3QJR0v3sztgbWBhwCUVGyedZjE0oJ61zK6kXo47FrySIeVn8vG3z1OusPE?= =?us-ascii?q?NRxtHMd13kEIrFsnLxUjUb+X0QX4BP0n/eFZMWkwp3c6sroVJMIIe9ekng+zMk?= =?us-ascii?q?3YNpH6KjVcCqwVYlomwKRyCwE9pOE+tmqk7YWCV5Y5C3r5XoI49dQnVN+J2bsV?= =?us-ascii?q?tZk15gMy+4yZpdN8FC+SQAXD5RrjWBpNGyUtFM2ddqD58QJddyo2v9GKRBOJWK?= =?us-ascii?q?v306prnvxWTD9zA6rli62C25G7WkQOJB420eBgIpKnyeqkY1Fesj6GPS/U3Wv1?= =?us-ascii?q?9p4ehbHqCPglt1oDljBJBCHDFJ1WqqL15rVnlJr/1aKLjJc8xbW/QyZxivNAIl?= =?us-ascii?q?GPE7wUOJ5l97nW3lYyNsqwRW4SbdUBcoVSMNmLfihSUeqt27OT8dU59HdjshYD?= =?us-ascii?q?vZJw+ZhCxasg1SZF1tW5AcHtlK4aob3ZdO8srEV0msNTkPXAZ+OQIgzfpfiUlD?= =?us-ascii?q?vV2CeS/DEAWodezAsgFscMeVq86pMur28BlbhYPgre836b8PR3u4lg2xWdretZ?= =?us-ascii?q?PztsWWtkuSc6f1K/W8YWTdTDfWkB+wmawpD4LN/yjOKgpUN4d1yXw4YZj7E2HL?= =?us-ascii?q?OQ5KJ6UBJ0pUTap6c8lJovhGZ894f6YE4bNtBgiZSRzxBYOit+RGLlLPRTTENS?= =?us-ascii?q?qB7O2/oYXX7bPDVejsfMuMx2zIQ6hvJJd19SH7G6v20Y9Z4kf23+1i9kd+SVfY?= =?us-ascii?q?LyCBsM7uKRkQ6cmkaETiooYpEi/MD5dojnXh3EdAeNQLQyey6pQX1ItZ6GrsSe?= =?us-ascii?q?J/ykXzsvdd96Nj6Yks57Bm09m0KLzXKfRHtU9nHhmUCRlr9po3Bmh/XHpdYugL?= =?us-ascii?q?KPfeZa4Zl9zhq/jrF6wL7x2Y4+5ZZsHBJ0HPgMm/DSyTRgJfkQcdszEaKBCc1/?= =?us-ascii?q?mfl69yV8mlufDz2lgx7FimMh4G0Ldt6J+L+qqVpe/Xax/RwqYBWqXxW8z8sK8j?= =?us-ascii?q?u0KI6v0ijrIOfXZ1YwK/GugHSsEd3nvgzbwtzS80EcPDHrfg9eVGV30nnjPvhY?= =?us-ascii?q?p9H1QQGvMbB7aL+5pRnnsgkezDKtIWarxCmnqIFRO8FL8CzWWm6yqRIGlgmB3O?= =?us-ascii?q?0hfwQW2p7FDsti94XTHMz8r/nUpJS7m3H1ldUzCuOU9ivzOFJBDou8bvuaQp8E?= =?us-ascii?q?E2NXTptNeKlGunJLNXENPwKceZISk1vl0XioM+RsCh2IAcA9q9I8wR/Gt4bvTA?= =?us-ascii?q?92OhizVBrLtfh4rC/sGV/e3aHX27j62fq7iA3z5YxWYlslE48NCvLOnO58eNQ/?= =?us-ascii?q?SqyWkeUzt/txHGXx6vpbzRt0oUNlCT0EfXhIwKOclU3Xg51078/ucsXMk+9B5A?= =?us-ascii?q?GYbcefwNuSr/ODzuwVaQe9g3TDWR0yNLHlLpFll1ALMz2GPrvMPHj3jQ+VwoRp?= =?us-ascii?q?Vod0P9mBx3C541Jl4q6FcK3CUMCxUNaQqcDLGyH0vpN4wEVVIMaR6fxri1Zr83?= =?us-ascii?q?3VFvwrOo/OLTdfZzB7YROfZdgA+Om0JbGpEPva0FXr18f15d9KjKpgntEIXnR+?= =?us-ascii?q?LplWYsOv21TMFa9toZt3g47ga8WRWg85FD4KgfiJySca5Ee5fMtthm70h7/T4P?= =?us-ascii?q?ajBNgB9nghOlS+ATuuTj7cLdsJW28euhSactR+oW9xgoHWt+lIH/gEo+od3N0e?= =?us-ascii?q?dTVJHVg5zl8A9RO36KpJra0x5kJOoBMY2rZqhv92kHJyUFI3IOPMaWZOc84yB3?= =?us-ascii?q?LTXT/EZOAsUSatMEJMDNgxxbilX1WLFP8crWAlCYBJl1d8A06Gr3zzc58YAiXe?= =?us-ascii?q?bk6T+2I43f7l5WMvNHkipsjtLDq/IPzfrUFicX/WGTawJpzSOa15mNF/Hw8P2K?= =?us-ascii?q?yNHVS1wGGSo2XJ1GJDaY+AynQe21lI7yUg6P78/+j50/eFiXRnyrk6QPqrxMHv?= =?us-ascii?q?JYiiXnwjheEZj4h/2JvNq382tbr0BJHol14x3EHqVfI5p6NA/3lsmuXEd8ADXw?= =?us-ascii?q?dNvTdho0t+qc3v0M7PlmN0vieY8bJQoJy7D96XpVSAtiUqL5vladXeIMedRnSf?= =?us-ascii?q?LErnZO6YJjKq8CJ0adpJ30rjhSrFA5HQ4pZKU2rjNEaknEhBdVVLrsuL4clgsc?= =?us-ascii?q?VsZ0uU5SGW2qPmIz/D7HVblIg6mQD/wV6S+fTqsUU0VnKil+WQ+62I1ye7u1mv?= =?us-ascii?q?BKqmFGkT1zoPgk1zxrXxW9tjfqp60TxTIs4re4uysduXZdVOWRjz/ICUlfzPQN?= =?us-ascii?q?laocBHLi6VuyYXYdaIvy5KJqJd/n9Ykn4nQwfQ8vfysYUuS8Eyvwlb+HApSTsN?= =?us-ascii?q?JAgx6AoMfObb+zLCgKMbQ9zRPjR2Rj3QXFmRZo8XcLQi++49M+I4W9I8klzDKy?= =?us-ascii?q?GWfHbFYM/r9JsMzpuF4XTes2bEhswHli0sebRS0CWsjPF3wzjgc6dWVOaIhD5g?= =?us-ascii?q?MCF6k0njaIubFL/gQVYDfXEYSl/ZLdncXS1nk+StdqwHzZpqufipMsznJlh8t+?= =?us-ascii?q?7jSSt3QKa+zYT8hsD2Do2YhBz+z+e+6gsvsDSIth1LShTOECPde+9mes35VqQE?= =?us-ascii?q?ClzKwEH1WlKO8D2qvbUyC9RG2WR+uLd2mMny4nPUPp5BioL1g3aMJUoE8nNuvN?= =?us-ascii?q?mIRQlwr7UbN7Xi+Qv0PUzHQ/MeMGcAI7oImmexQQTO4Qe+eTO/MjwPg/CFsQdX?= =?us-ascii?q?/GAzF6C+issV6ihIJ7IWlv4V3mYeTx9QDrKNySGh0aHoPBtp5x/ea1RnmdOX9h?= =?us-ascii?q?0BJyIFN0+PnBGFgrsO9TbYqRl8DKh9tnye4Fa+ttMSolt94Xm4Jj75SU0ciTfR?= =?us-ascii?q?HVz5byPs3VouODDv3e1UsqfGZaXqAeYQPv6IUwJsQ5VKHLHbtFoRQcArA3QJk7?= =?us-ascii?q?OGjt9KF0LQVzcgnKabSqg8nqoPyEZp9Vp3/Q81IxIz3QuxoZyvy7VQZ7dYylh2?= =?us-ascii?q?3uIJAsQTJMt99tBQFlHItIAMwNtBenA5iImKG7jN+x5kx6u+8WsabqDPDFysi5?= =?us-ascii?q?1Z1rX5dG/UyLICrRBK5zj0Rni+Syhe3A0oPwCcP5Yt4EUvJ0QmvbZb/HBIm/LS?= =?us-ascii?q?iOOs3kcU5c77GcyK55UgmWZC3hRKqGuiikO+ll7Eg40YF4YvTczCYs77Da39vy?= =?us-ascii?q?YXtXpiG9on6VZ9Nj6wnRCOjfWQ9EYeaU+2ZiW6sMZM378/ldH8YlxY2k7hVppB?= =?us-ascii?q?BLzdefKaGqrgeYwkZyaI7BJkLBwSs1WYAWZh+4NB1/0ifitn3BDCEEfYCfIs53?= =?us-ascii?q?jYPQV0Tg?= X-IPAS-Result: =?us-ascii?q?A2DHAwCrHh1a/wHyM5BdHAEBAQQBAQoBAYMQKQOBVCePE44?= =?us-ascii?q?gmnURGIogQhUBAQEBAQEBAQEBaiiCOCSCRAMDAQIkVQMJAQFICAMBUxkFiE2BQ?= =?us-ascii?q?w0DqWM6inwygzqCB4FVgWmFCIk3AQSiSZR/DYt1h1qTEoMtgTo1I4FQTCMVgmK?= =?us-ascii?q?EVnaKHAEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 28 Nov 2017 08:34:52 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vAS8YSer029497; Tue, 28 Nov 2017 03:34:33 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id vAS8YSg8025940 for ; Tue, 28 Nov 2017 03:34:28 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id vAS8YNqD029484 for ; Tue, 28 Nov 2017 03:34:27 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1AVBACrHh1a/yMWGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMQKQOBVCePE44gmGuCEQoThSgChHtBFgEBAQEBAQEBAWuFSAYnUhBRVxmIUoF?= =?us-ascii?q?DDQOpYzqKfAEBAQcCJoM6ggeBVYFphQiJNwWiSZR/DYt1h1qTEoMtgTomBS2BU?= =?us-ascii?q?EwjFYJigweBT3aKHAEBAQ?= X-IPAS-Result: =?us-ascii?q?A1AVBACrHh1a/yMWGNZdHAEBAQQBAQoBAYMQKQOBVCePE44?= =?us-ascii?q?gmGuCEQoThSgChHtBFgEBAQEBAQEBAWuFSAYnUhBRVxmIUoFDDQOpYzqKfAEBA?= =?us-ascii?q?QcCJoM6ggeBVYFphQiJNwWiSZR/DYt1h1qTEoMtgTomBS2BUEwjFYJigweBT3a?= =?us-ascii?q?KHAEBAQ?= X-IronPort-AV: E=Sophos;i="5.44,467,1505793600"; d="scan'208";a="128508" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 28 Nov 2017 03:34:27 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AoVfy0BBsLETcy/tbMFMEUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPv4pcbcNUDSrc9gkEXOFd2Cra4c06yH4uu5AzVIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfa9+IA+yoAjVucUanJVuJrsswRbVv3VEfP?= =?us-ascii?q?hby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnD?= =?us-ascii?q?UBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulS?= =?us-ascii?q?wKMSMy/mPKhcxqlK9VvRKvqQJxzYDXYo6VOuFzcr/Bcd4AWWZNQtpdWzBHD4ih?= =?us-ascii?q?b4UPFe0BPeNAoofnuVQOsQG+DhSqCuz11z9ImmX20rYg3Os9EQHNwQstH8oKsH?= =?us-ascii?q?vOsdX1KL0SXvuvw6TT1zXMce5Z2Tfn54jUaBwuvfaMXbdpfMfX1EIhFBvFg02O?= =?us-ascii?q?pYD4MD6ZzPoBvmeB4+Z+S+6jkWAqpgFprjSx2sshjpPFip8bx1za7yl13YU4KN?= =?us-ascii?q?OiREJlYtOpFoZbuTuAOItsWMwiRnlluCYkxb0Cvp62ZDUKyJc5yB7bdvCKd5CI?= =?us-ascii?q?7Qj/WOuROzt3mmxqeLekhxa960Sgz/fzVsiw0FpQqypFk93MumgM1xzV9MeHVu?= =?us-ascii?q?Nw8lm81TuAzQzf9O5JLVoqmabFMZIszL49moIWsUvZHy/2nEv2jLWRdkUh4uWo?= =?us-ascii?q?8+Dnba/7pp+ALY97kRvxP780msOhHOs4MhIBX3SB9eug073j+FX1QK9Wgf0ujq?= =?us-ascii?q?nZrJfaKNwApqGnBw9V04Aj6wuwDjq9zNQZnWUILFJCeB6diYjpIEvBLOr3Dfe4?= =?us-ascii?q?nVT/2AtskuvLOrznH4XlMmnIkLCne610rUFb1lkd19dasqpZFqtJBPvuRlX7vd?= =?us-ascii?q?fYRkshNwWp3/ztAf1n248eUH7JCaicZvCB+WSU7/4idrHfLLQevyzwfqAo?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AXBACrHh1a/yMWGNZdHAEBAQQBAQoBA?= =?us-ascii?q?YMQKQOBVCePE44gmGuCEQoThSgChHtBFgEBAQEBAQEBAQFqKII4IoJGBidSEFF?= =?us-ascii?q?XGYhSgUMNA6ljOop8AQEBBwImgzqCB4FVgWmFCIk3BaJJlH8Ni3WHWpMSgy2BO?= =?us-ascii?q?iYFLYFQTCMVgmKDB4FPdoocAQEB?= X-IPAS-Result: =?us-ascii?q?A0AXBACrHh1a/yMWGNZdHAEBAQQBAQoBAYMQKQOBVCePE44?= =?us-ascii?q?gmGuCEQoThSgChHtBFgEBAQEBAQEBAQFqKII4IoJGBidSEFFXGYhSgUMNA6ljO?= =?us-ascii?q?op8AQEBBwImgzqCB4FVgWmFCIk3BaJJlH8Ni3WHWpMSgy2BOiYFLYFQTCMVgmK?= =?us-ascii?q?DB4FPdoocAQEB?= X-IronPort-AV: E=Sophos;i="5.44,467,1505779200"; d="scan'208";a="6189927" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ukel19pa05.eemsg.mail.mil ([214.24.22.35]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 28 Nov 2017 08:34:26 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;f461a2bf-139d-4973-b85c-50aee6ec8f3c Authentication-Results: ukel19pa05.eemsg.mail.mil; dkim=neutral (message not signed) header.i=none X-EEMSG-check-008: 289608053|UKEL19PA05_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.132.183.28 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BGAgC+xhxahxy3hNFcg0GCAI86jh+aewoThSgChHRCFQIBAQEBAQEBEwEBAQoLCQgoL4UgBnkQUVcZiFKBUKk1iyuDOoIHgVWGcYk3BaJGlH8Ni3SHWpMOgyyBOjWBc0wjFYVEgXRAilgBAQE X-IPAS-Result: A0BGAgC+xhxahxy3hNFcg0GCAI86jh+aewoThSgChHRCFQIBAQEBAQEBEwEBAQoLCQgoL4UgBnkQUVcZiFKBUKk1iyuDOoIHgVWGcYk3BaJGlH8Ni3SHWpMOgyyBOjWBc0wjFYVEgXRAilgBAQE Received: from mx1.redhat.com ([209.132.183.28]) by ukel19pa05.eemsg.mail.mil with ESMTP; 27 Nov 2017 20:33:19 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 04E778553E for ; Mon, 27 Nov 2017 20:33:17 +0000 (UTC) Received: from workstation.redhat.com (ovpn-204-253.brq.redhat.com [10.40.204.253]) by smtp.corp.redhat.com (Postfix) with ESMTP id E1E2A600C2; Mon, 27 Nov 2017 20:33:15 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Petr Lautrbach To: selinux@tycho.nsa.gov Date: Mon, 27 Nov 2017 21:33:12 +0100 Message-Id: <20171127203312.24986-1-plautrba@redhat.com> In-Reply-To: <1511800156.23941.8.camel@tycho.nsa.gov> References: <1511800156.23941.8.camel@tycho.nsa.gov> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 27 Nov 2017 20:33:17 +0000 (UTC) Subject: [PATCH v2] libsemanage: Use umask(0077) for fopen() write operations X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When a calling process uses umask(0) some files in the SELinux module store can be created to be world writeable. With this patch, libsemanage sets umask(0077) before fopen() operations and restores the original umask value when it's done. Fixes: drwx------. /var/lib/selinux/targeted/active -rw-rw-rw-. /var/lib/selinux/targeted/active/booleans.local -rw-rw-rw-. /var/lib/selinux/targeted/active/policy.linked -rw-rw-rw-. /var/lib/selinux/targeted/active/seusers.local drwx------. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/cil -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext drwx------. /var/lib/selinux/targeted/active/modules/disabled -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote Signed-off-by: Petr Lautrbach Acked-by: Stephen Smalley --- libsemanage/src/database_file.c | 3 +++ libsemanage/src/direct_api.c | 8 ++++++++ libsemanage/src/semanage_store.c | 2 ++ 3 files changed, 13 insertions(+) diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c index a21b3eeb..a51269e7 100644 --- a/libsemanage/src/database_file.c +++ b/libsemanage/src/database_file.c @@ -119,13 +119,16 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) cache_entry_t *ptr; const char *fname = NULL; FILE *str = NULL; + mode_t mask; if (!dbase_llist_is_modified(&dbase->llist)) return STATUS_SUCCESS; fname = dbase->path[handle->is_in_transaction]; + mask = umask(0077); str = fopen(fname, "w"); + umask(mask); if (!str) { ERR(handle, "could not open %s for writing: %s", fname, strerror(errno)); diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 00ad8201..a455612f 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1176,6 +1176,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) sepol_policydb_t *out = NULL; struct cil_db *cildb = NULL; semanage_module_info_t *modinfos = NULL; + mode_t mask = umask(0077); int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, @@ -1645,6 +1646,8 @@ cleanup: semanage_remove_directory(semanage_final_path (SEMANAGE_FINAL_TMP, SEMANAGE_FINAL_TOPLEVEL)); + umask(mask); + return retval; } @@ -2016,6 +2019,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, const char *path = NULL; FILE *fp = NULL; semanage_module_info_t *modinfo = NULL; + mode_t mask; /* check transaction */ if (!sh->is_in_transaction) { @@ -2076,7 +2080,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, switch (enabled) { case 0: /* disable the module */ + mask = umask(0077); fp = fopen(fn, "w"); + umask(mask); if (fp == NULL) { ERR(sh, @@ -2722,6 +2728,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, int type; char path[PATH_MAX]; + mode_t mask = umask(0077); semanage_module_info_t *higher_info = NULL; semanage_module_key_t higher_key; @@ -2833,6 +2840,7 @@ cleanup: semanage_module_key_destroy(sh, &higher_key); semanage_module_info_destroy(sh, higher_info); free(higher_info); + umask(mask); return status; } diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 63c80b04..37ff5ace 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -2099,6 +2099,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, const char *kernel_filename = NULL; struct sepol_policy_file *pf = NULL; FILE *outfile = NULL; + mode_t mask = umask(0077); if ((kernel_filename = semanage_path(SEMANAGE_TMP, file)) == NULL) { @@ -2127,6 +2128,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, if (outfile != NULL) { fclose(outfile); } + umask(mask); sepol_policy_file_free(pf); return retval; }