From patchwork Mon Jan 8 21:36:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10152053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BE5FC603ED for ; Tue, 9 Jan 2018 13:34:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B363427F98 for ; Tue, 9 Jan 2018 13:34:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A7E35284B5; Tue, 9 Jan 2018 13:34:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A946A27F98 for ; Tue, 9 Jan 2018 13:34:07 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.46,335,1511827200"; d="scan'208";a="416635508" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA10.eemsg.mail.mil with ESMTP; 09 Jan 2018 13:33:59 +0000 X-IronPort-AV: E=Sophos;i="5.46,335,1511827200"; d="scan'208";a="7420171" IronPort-PHdr: =?us-ascii?q?9a23=3Ak1vm4RZS0GzXPZ0t93sKSBb/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZosuyYh7h7PlgxGXEQZ/co6odzbaO6uawBydasN6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCybL9uMRm6twbcu8gZjYd8Lqs61wfErGZPd+?= =?us-ascii?q?lK321jOEidnwz75se+/Z5j9zpftvc8/MNeUqv0Yro1Q6VAADspL2466svrtQLe?= =?us-ascii?q?TQSU/XsTTn8WkhtTDAfb6hzxQ4r8vTH7tup53ymaINH2QLUpUjms86tnVBnlgz?= =?us-ascii?q?ocOjUn7G/YlNB/jKNDoBKguRN/xZLUYJqIP/Z6Z6/RYM8WSXZEUstXWSNBGIe8?= =?us-ascii?q?ZJYRAeQHM+hTso3xq0IToReiAAWhAv7kxD1ViX/sxaA13OovHwLB0gI+A90ArW?= =?us-ascii?q?zUodfoOKocUe611rfHzS7YYvNKxTvw8pTEfwo9rfyOW797bMrfyVMoFwPAllie?= =?us-ascii?q?rpbqPy+J1uQNrWea4fdrW+O1hG49sQF+vCSvxtsxgYnXh4Ia0E3P+zhnz4YxJN?= =?us-ascii?q?24TlN7YNG5G5ZXrCGVKY92QsIkQ2F1tyc30aEGuJ6ncygKz5Qr3Rjfa+edfISS?= =?us-ascii?q?7RLjU/iRLC5+iXl4e7y/nw6//VWvx+DzTMW50EtGojBbntTDqHwBzQHf5tCZRv?= =?us-ascii?q?dh+kqtwzWC2gDJ5u1aP0w4ibDXJ4A9zrIukJcYrF7NETXsmErsia+bbkAk+u+1?= =?us-ascii?q?5Ov5erjmvZqcN5NsigH5L6QuhtSzAeQmPQgKWGiW4fi826f5/U34XbVKlec6kr?= =?us-ascii?q?XZsZ/GJcQbobS1AwlJ3YY49xmzFTKm0NUcnXUfLVJFfgyIj5TxNl3TL/31Au2z?= =?us-ascii?q?jlSxnDtx2fzLMaPtDo/QInTblbfuZ7d960pSyAopytBf4opZCqofL/L3W0/xss?= =?us-ascii?q?HYDxAgPwOvxObnFdN92Z8AVmKUGaKZLKPTvkOI5uIoOeWMYpQVtyznJ/gq4P7u?= =?us-ascii?q?k2c1mUUBcqmxwZsXdHe4E+xkI0WeZ3rjmMsBEWcQsQo4V+HqilqCUThWZ3moRK?= =?us-ascii?q?I8+i80CJi9DYvZQYCtmrOB1j+hHpJKfmBGFkyMEXDweoWGWfcDcj6dIsx6kjwD?= =?us-ascii?q?U7ihSpEh2AqgtA/+1rpmIfHb+jAetZL/ydh5/erTlQs99TZsFcSSz3mNT31onm?= =?us-ascii?q?MPXzI30qF/oUh4ylidy6h1mPJYGsJO6PNOSAc1L4bcz/Z9C9DwRA3OYsuJREyh?= =?us-ascii?q?QtW8DjE7VsgxzMMWY0ZhB9WiiQjO0De2DL8QkLyLAoA0/r/H0njvOcl90XfG1a?= =?us-ascii?q?gmj1kgWMdPM3OphrJn/QjJG4HJi1mZl7qtdakEwSHN6H2MzXCVsU5EVw5wVLnK?= =?us-ascii?q?UmoEZkvKt9j54F3NT6O2A7Q9LgRB0dKCKrdNatDxjVRHRfDjONLFbmK0n2e8HB?= =?us-ascii?q?eIxrWWYIrsYWodxibdCEkakw8N53qGMxYxBju5qWLEEDNuDU7vY1/r8eRmpnO7?= =?us-ascii?q?VFU7zweWYE1gzLq44RsVheSdS/8KxbIFtjwhpy9zHFan0NLcE8CAqBZ5fKVAfd?= =?us-ascii?q?M9509K1WHDuAx+OZygMrtvhl0EfAR0uEPuyg97CoJakcgltHkq1hZ9KbqE0FNd?= =?us-ascii?q?cDOVxYr/NaDNKmnz4h+vcbXb1UvC39aT4KsP7+44q1r7tgGzCkUi62ln08VS03?= =?us-ascii?q?aE/JXFERcdXIn+UkYy+Bl2vbfabTch54nMz31jLbG0siPe29IuHOYl0Rigf81Y?= =?us-ascii?q?MKOfCA//CNYaB86pKO0knlimdBQEMPpU9KEqI8Osb+GG17KzPOZ8gDKminxK4Y?= =?us-ascii?q?5n3UKI6ypzVPTI340ezvGGwASHTSzzjEqkssztnoBEfz4SFHKlySf4HI5RerFy?= =?us-ascii?q?fYETBGeoIs23wtF+iID2W3ND7lGsGUkG2MizdRqVdVz90hVa1V4Lrny/hSu40z?= =?us-ascii?q?t0nik3rqqewCPO3+PidAAdNmFXRGliilHsIYevgtAeXUioaRImlAGi5UrgwKhb?= =?us-ascii?q?vqt/JXHJQUhUZyj2M31iUqyou7qGYs5P848ovTxMUOuiZVCaS7j9owYV0i74BG?= =?us-ascii?q?te3DE7dzeruprlhBx2kmSdI2hvrHDBY8F/2Q/f5MDARf5WxjcGXi54iT3TBlei?= =?us-ascii?q?Jdmm4dKUlpnYv+ClSmKuSoZTfTPszYOauyux/XdqDgGnn/Cvht3nFhA30Szl2N?= =?us-ascii?q?lsTiXFtxX8bZft16ShN+JoYFVoCEX768pgFYF0ipEwi40I2XgGmpWV+mIKkX/p?= =?us-ascii?q?PtVG3aLxcmINSiQNw97J/gflwlZuLm+Sx43nTHWd2dFtZ8K9YmMLwCIy895FCK?= =?us-ascii?q?mT7Lxekit6vEC0rQTPbvhhhj0d0+ch6GYGg+EVvwog1judArYPEkRDIyzskQmH?= =?us-ascii?q?79CkoKVRemmvbaC61FBiktC5ELGCvgZcVW7hepg4AC9w6t5yP07N0H3v6oDoYd?= =?us-ascii?q?fQYsgVthGOlBfAledVIoorlvUWnSpnJX79vXo9xu41lxNu2426vI+CK2h28qK2?= =?us-ascii?q?HANXNjrvZ8wJ4jHtl6FensSI0I+zApVtADILXIHnTfiwCjIdqeznNxqSED07sn?= =?us-ascii?q?qbHKDQHQub6Eh4s3LPD4qkOGuMKXkf09piWAKdK1BFjwAMQjo2hJg5GR62xMb5?= =?us-ascii?q?akd2+igR5kLkqhtL0u9oLQPzU2nFqAetcDg0TJ+fLRpN4w5Y+0jVNNaS7uVpHy?= =?us-ascii?q?FX5pehthCCKnSHZwRUCmEEQkKEB0r9Mbaz/tnP6e6YBva5L/vVeriBs/BRV/KS?= =?us-ascii?q?yZKoyItm8C6GNt+TMXl6E/07xk1DUGh/G8TDgToPUzQXmjnDb86avhe84TF3rs?= =?us-ascii?q?6+8PTtQg3v45eAC7pIPtVr4Ry2hr2DN+GIjiZjNTlYzo8MxWPPyLUHxF4dlTph?= =?us-ascii?q?eCerEbQBqS7NS7ndmq5JABEFdSx/LsxI77gz3gNVI87Ulsv11qJkjv4yE1pKTk?= =?us-ascii?q?fulsatZcwLOGG9KEjHCFyQNLuYOTLH2dr3br24Sb1RiuVUqhKxtC2HHE7jJDSD?= =?us-ascii?q?iiLpWwqhMO5WkCGbJxteuIenfhZqE2jjQ8rsagenP99vkT023bo0i2vROm4dPj?= =?us-ascii?q?h8dEVNo6aN4ixGmfp/GnZO7nx/IemDgSaZ4PHSKowKvvtzHiR0i+Va7WwgxLta?= =?us-ascii?q?9i5EWuJ6lTDVrt52vV6mlOyPxSBmUBpKsTlLg42KsV9lOaXD+ZlKQWzE8w4V7W?= =?us-ascii?q?WMFxQKoMNoCsHou6BV0NTPjqXzKTZc/NLS5sQcHc/UJ9yEMHc6LRXpHzvUAxcf?= =?us-ascii?q?Qj6wKWHTnUpdn++O9neNtJg1toDsmIYSSr9cTFE1FfMbCkB7E9EZJZd3WT0kkb?= =?us-ascii?q?CFg84U+Xq+rB7RRMBEsZzdUPKdH+nvIi6DjbZYfxsI3a/4LYMLO439xUNtcF16?= =?us-ascii?q?kZ/JG0rXRtBNvjdubgkvoEVO8XhyVGsz1Fz5agm1+n8cCea0ngIqigt5eekt7i?= =?us-ascii?q?nj40wpKVXQvis/jEkxlM7+jjCQaj7+MaCwXY9OCyruqUcwMon3QwBrYg2uhUZk?= =?us-ascii?q?LivLR6pNj7t8cmBmkBLTuZxJGf5aUKJLfhsQxfCMavoyz1tcsCKnyVVA5evfBp?= =?us-ascii?q?tojBEqfoK0r3JcxwJja8Y4KrHKK6pXz1hfm7mOszSy2eAr2g8eIEgM8HiMdyEU?= =?us-ascii?q?pUwILLgmJzao/+B27wyNhSdDcnAWV/U2uvJq6l89O+OYwiLk1L5DMF6+N+qeLq?= =?us-ascii?q?OeoGXAmsiIQk4q2kMPjUlF8qB80d0/fEqMS0Av0LyRGgwSNcXcLQFVbsxS9GXc?= =?us-ascii?q?fCuVrerNxpd1MJmnGeDzUe+CrqAUjVy4HAwxBYQD8twBHoWw0EHfNcrnML8FyR?= =?us-ascii?q?Aq5AT3JFWEDO9Edw+KkDYHuc6w14V73Y9DKTEBGW99Kzm45q7Lpg82h/qORM05?= =?us-ascii?q?YnMbXoQYKH05QMi6mi5fv3RHCjm4yPkUxxOD7zDmoCTcFTf8b8d5aPeSexxsFM?= =?us-ascii?q?m8+S8j/KiulV7X7pLeKnnhOtt8vN/C8vkVqIuZC/xKV7l9qF3Tm5NYRnCwVG7P?= =?us-ascii?q?C9G1LYDqa4Ywddz0Fmq6UlunhjI6UsfxPdKtLqyWjgHtXotbrZeU0ysiNcCnED?= =?us-ascii?q?ESARBwp/sM5Khkfw0Mf4I7YQL0twQ5L6G/OgGY0tSyTGatLjtWS+Jfw/2jabJK?= =?us-ascii?q?1SQhcui0xWA8QZE9yum47VQCRIoWjh3Ew/aseZVeWzDpGnNBYwXPuTY5l295O+?= =?us-ascii?q?Yo2Og/2hTIvkIHPjCXbuxmcnJEsM84BVOTJ3V2BW44R16TjYrD/g6s0aod/zFY?= =?us-ascii?q?n9pO1+1KrmT+tIfFYD2wQKyrtYnVsy04YNkouaF+LYzjIsqDtJPfhDPfT4Ldsg?= =?us-ascii?q?ybXyGkCfVWgN9QIDhXQPNQg2EqJdQGuZZd6Uo2Tso+IqZACLMvpr+0dTpkDCgS?= =?us-ascii?q?zSACWoKOxjMChPuz27/dlheNbZsiKwYIsJNcjdsBSyR2eD8RpLe/V4XKkG+JUn?= =?us-ascii?q?IEIB0O7QRK/g4AlZR9fuHk4IrJUJ9D0CRao/RqXSvXDpNo7Uf0SnmKgVjkT/Ws?= =?us-ascii?q?i+2p3QROzP3y1tkURht/BlZBx+ZMlkolM7Z3K7EOsY7Mtz+Hb0L6vGb2x+uhK1?= =?us-ascii?q?hd08rUd0f3DIDdr2rzTjUc+WEIRY9I0HzfCZMSkw9iZaY3uFlMJZupdlz45zM6?= =?us-ascii?q?24RjB6O4Wtyzx1Y5sXYGQD+nE9pbBOF8ql3XXCBqbou2p5r7I5VSWnFf+JmDpF?= =?us-ascii?q?dDikltNDS5yZVEIcFX/jEMRCRPoSmavNaqSs1D3tF5AoQRLdhhoHfyBrlEOISP?= =?us-ascii?q?rHIroLDvzGHW+ywkuleg2DqzA7O4T/5e/2AGBgUmOnmRqkg1AOso6Wrd7lfNsl?= =?us-ascii?q?Vo8OhBHbiPkV99oDBjEZBSHjxJz2yqL0xvTHlatOVXML/ac8JATPUuZxKjJhIz?= =?us-ascii?q?GOU60EyO+EF7gW32YzdutgdA/SDSQRU0XzEPgrjxgT0ett2nOTgCRpJSczouci?= =?us-ascii?q?fFJBiHmS1MuBZfbF9qVI4HDtlZ/LEUwJVb8tDESUmyNSEPRAZiOR4g0fpDiU5D?= =?us-ascii?q?t12VeTjGDQq0b/nArwF3cNyKrM6uMfT55htIhZ3hsOAk7aUMXXmmlReqQdDEoI?= =?us-ascii?q?/2rseKuVeWdKfkL+28ZmfMTCTWjR+um7grEoLH/zXXMApHMZl102QkYZnmCW7P?= =?us-ascii?q?IxtGO7gXJ01BVaB1cd9GuPxVZ9d4eKYV/q9gHhCHSQn1GIyot/lGKkzcRSrFIi?= =?us-ascii?q?WE7+y/pZ7T7b3BRujhfMOMwW3HT7hwPpdg5jnxA63q3pNG+krqxvdt8Vt3SVrc?= =?us-ascii?q?PCCHotThPAQL69S8eUb5op0mBzXWAIx3kHb3wEFPadYXSTWw8JsE0JNZ9GrwSe?= =?us-ascii?q?Vg30j1tO1f7Lhk6Y8y47xzyMe0I6nSKe5Avk98HhiUHBhq+YkxAGhiXWBefPUd?= =?us-ascii?q?KPDLfaQWlcrusfz4F7QL6B2J/OxUcd3HJ0Ddlcm4DjGTUwdEkB0AqT4dKQuczO?= =?us-ascii?q?WFlrRxScuqqun1wEUt40KxLhQe1rBi+Z+E+raUpO/Qdxbe0aILWqz0ScPosrQt?= =?us-ascii?q?u0SS6OY/lLESe2x6fQunEPQcVsEH3Gvgy74lzT40GcPZA73g4OJDV24+nj/4n5?= =?us-ascii?q?B9BFAWF/MPELqF44tRg2A4m/bDOd0OaKBCnWSPGgC4Hb8e03Kr7DGXIGZ9iBHU?= =?us-ascii?q?zx7wWX+z7EPxrSJgQyvMztLjn1FQVrapBUZdQTCpOU5+sDOAJgbossT4ubgt5k?= =?us-ascii?q?EsLmPkrM6NlHemOL5PHs3+JcaTLjMoq18Ml50+WMCv1p4HFtanJ9cR6n5+ZOPE?= =?us-ascii?q?62y3iy9Bv7tHh43G786O+/XXBnehgLeYq7WM2DBY0mI3vUw76t27Kv7O4MCFTO?= =?us-ascii?q?qy2GYMVSd/vBHBUASvprzctVAUNlSB0F3Xl4wSItFZwX4421n+5Oc5XNI86AVe?= =?us-ascii?q?F4jHZ/MYpjD/ISD0zkibY9I2UCmezjRWE0ntEVZiBKgzxGLwvczOlXfK+F0kXI?= =?us-ascii?q?pweFL9hRxxEYo4LVgh6F8NwioMCQINcwyUDKm0BUT5KosJTUcDZg6d3LekZqc3?= =?us-ascii?q?3VZ+wreu5O/Pc+N8B7ACNutGjgKUmlhUBI4Wu7UEQL1gY19d6LLXpg/6BojoQf?= =?us-ascii?q?fmk2YwNfqyQsxd6sAWqX8i4ge5Rxq95pZO9LIbh46Sdq9Ee5fApsZ84Fl75TQX?= =?us-ascii?q?bCxCnAB/jw+lUeAbvO3s/trbv4C05eu1SKktQOEX9xw1B2tglZvwnE4srs3X1+?= =?us-ascii?q?tGTY3Vk4v/+hhXI3GWoIbazwV8Ke0WJoKue7Zg8WkHJycAKH8VONqWauMz4ylz?= =?us-ascii?q?PzXP6V1CBdkMZdADPMbXnwBblFHpUqlJ9sXHAl+YF5tzd8cw4mr41D816oA8Xv?= =?us-ascii?q?/95jG5I57f7ldNP+5MjSh3m9LCofIawfzMByQN5nmZcRd1yDuYy5aRE/bw4fmM?= =?us-ascii?q?yNbMWlMEGS42U4FdKCCe9gynQuq1iYjmUwKV6s/1m5I+d0OQS2evnKQErKZDC+?= =?us-ascii?q?pAhTj63jREEID6me6VucK26GRLrl1HDJpz7RrdFaVeIJV0IxL4m9KvRkhhGyT/?= =?us-ascii?q?ecbUdgE0tOqR3OcM7P10N1Hiao8DPhIE17X65GJXTgRwRr72sFKZUPkfZdR8Tv?= =?us-ascii?q?PLsGxV5ZhmK6ARIFiXvIbqoStQqFAqHA8pb6c9rjNedknJkgxaRaL0uLobhwsH?= =?us-ascii?q?Vt55v05MFn6qNGI4+TXHSbxfjLONB/wN7jWTUqsOXl1qMiN+QxK1wJJue7+onf?= =?us-ascii?q?BbrGxLhSZ9oPk20zx8WhSwoyrsp7gC2Tg44rG3qC0BuWBZTuWZiyrIFVRDzPER?= =?us-ascii?q?gKcACnbt9V+8b2cHbIfo5rloO9jg/5E743sjeRUjYzEGXeO4BiH1jqOIAY+PsN?= =?us-ascii?q?VHiR6PosrObrizLS4MObQ70x7jQWZy0hTGlhZy7GQLWimg7MMjJIilIskq2Cyo?= =?us-ascii?q?GXTAeVYX5qNJt9fxtUIVTOQodFxt2mJj0tKIRicVXszAB341jhQ4aWVDaJ9D8R?= =?us-ascii?q?gaF60yjTaSsKhG+QUUYDnPH4Sg/YnQmtzI1mchQtdwwWLWvbaFhpIs0H1qgd90?= =?us-ascii?q?6TSOuHsKfezCT8BsGmTz1ptYyeHmafWirOQHSIp+yLu/S/IDM8ij+W6z2Jp0QE?= =?us-ascii?q?+lwqoRE0C+MO8ZybfRSz2lRnGAWeSXb2iMmC40M0Dq5RmyL104dNlFolQ4MuvD?= =?us-ascii?q?mp5cjRPuXalzRiWKql/R1HYjPv8CdwIqpIenfBQHTOkVZ+eCPuUu2Pk+B0EXb3?= =?us-ascii?q?/VHCt5F/O2sUSzk4dlIXlg51v1Yfj1+AD8LNSSAgUEEZLdrpNp/fy6R2SBOWJv?= =?us-ascii?q?zRFrOEl09vzfF0gqtuJHcpaeh97Qh9Nh3e4CbfdtPjU3usQPlYJ79YmUzMCKfA?= =?us-ascii?q?nUzpnoOd7VovmYA/vYz0kxZGFaU7wZbh3x54U7ON45RrLSEaFevRQGCqgwWIYh?= =?us-ascii?q?OHvp9KFoMANzdRbcZLaujcnpoeKEfYBZp2LQ7lIsLCfcvAADyvO0TQxndZyqgW?= =?us-ascii?q?v9IIwoTDJbs9JtEgdmHJdIG84YrQqnBpmUmLuhi9+w4EN3oOkKvrD1Cv/U1dS1?= =?us-ascii?q?xYJxX4JV5UaTJjbeGLFrglh5juS1mvrAyZfxCcb+dt4FV+V2WXDFZaHcHoW+Kz?= =?us-ascii?q?OOPcT8d1RA87GCzLIqGimWMST4WbeW8SyiKPhr+0Qn26Rmc+fJij8g9bfW3J31?= =?us-ascii?q?fW4InCq7qW+1M8565UDWBeHBFz1dU+CI7HotSagVYtal3OgJNtMmzZ6X5Awlvx?= =?us-ascii?q?pY187QBqG9sk/BxQpUfIjBIVf1kzg4UMExLRC+N1Y8yTvCp3DcB2lMBtS1Islq?= =?us-ascii?q?xtCOB1ri4FcnyjJlXXJIBme9HYTZAmMcwc/rIVTTrA8=3D?= X-IPAS-Result: =?us-ascii?q?A2D0AgBhw1Ra/wHyM5BdGgEBAQEBAgEBAQEIAQEBAYMULIF?= =?us-ascii?q?aJ4QHixiNaIsNjkGBGANVKYleQxQBAQEBAQEBAQEBaiiCOCQBgk4CIARSAwMJA?= =?us-ascii?q?hISAiIEAgIDAR0TAQUBLAkFiAWCDwMVA6JIQIwRgW06hHOCVA2CcDISfYMRghU?= =?us-ascii?q?QiUlFhQWCZQWTOo9oPZBBhHMNhgiOAUiNLIkROYEXNiIygR4qCAIYCCEPPYEXG?= =?us-ascii?q?nmCVByCCFcBin0BAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 09 Jan 2018 13:33:58 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w09DXtsb024347; Tue, 9 Jan 2018 08:33:57 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w08LaWMg065765 for ; Mon, 8 Jan 2018 16:36:32 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w08LaXQU009078 for ; Mon, 8 Jan 2018 16:36:33 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BaCQCe41Nafy0YGNZdHQEBBQELAYM8g?= =?us-ascii?q?V0nhAeYf0UBAQEGijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBEwEBCxaGKgQZAQE?= =?us-ascii?q?3ATQCJgIjEwEFASwJihkDCA0DoW5AiyNugW06gwoBAQWEKw2BKoFGKggSfYMRg?= =?us-ascii?q?hWBDohKRAGFBYJlgTIBAZIKj2gzCAEBhgyKMoRzDYYIjgFIjSqJETmBFzVVgR4?= =?us-ascii?q?yGiNSgQSBJoJFDxyCCFcBinIBAQE?= X-IPAS-Result: =?us-ascii?q?A1BaCQCe41Nafy0YGNZdHQEBBQELAYM8gV0nhAeYf0UBAQE?= =?us-ascii?q?GijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBEwEBCxaGKgQZAQE3ATQCJgIjEwEFA?= =?us-ascii?q?SwJihkDCA0DoW5AiyNugW06gwoBAQWEKw2BKoFGKggSfYMRghWBDohKRAGFBYJ?= =?us-ascii?q?lgTIBAZIKj2gzCAEBhgyKMoRzDYYIjgFIjSqJETmBFzVVgR4yGiNSgQSBJoJFD?= =?us-ascii?q?xyCCFcBinIBAQE?= X-IronPort-AV: E=Sophos;i="5.46,332,1511845200"; d="scan'208";a="168710" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 08 Jan 2018 16:36:32 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AatPrxhzqZyqVByHXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?2usTIJqq85mqBkHD//Il1AaPAd2CraIfwLOL6+jJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fcbglUmTaxe7B/IRu5oQnMtsQanZZpJ7osxBfOvnZGYf?= =?us-ascii?q?ldy3lyJVKUkRb858Ow84Bm/i9Npf8v9NNOXLvjcaggQrNWEDopM2Yu5M32rhbD?= =?us-ascii?q?VheA5mEdUmoNjBVFBRXO4QzgUZfwtiv6sfd92DWfMMbrQ704RSiu4qF2QxLzli?= =?us-ascii?q?wJKyA2/33WisxojaJUvhShpwBkw4XJZI2ZLedycr/Bcd8fQ2dKQ8RfWDFbAo6k?= =?us-ascii?q?coUAAOQPM+VfoYf9uVUBsQCzBRWwCO711jNFnGP60K883u88EQ/GxgsgH9cWvX?= =?us-ascii?q?rTttr1KLsSUeCrw6jG0D7NbulZ2S3n6IfWbhAhveyHULV1ccrTxkkiFwfIg06f?= =?us-ascii?q?qYziODOV2eANvHaB4+V8UuKvjncqpgdsqTas3schkpfFip8ax1ze6yl0z5w5Kc?= =?us-ascii?q?O3RUJhbtOpEINcuz+GO4ZyWM8vQGFltDwkxrEYpZK3ZjYGxIg5yxPZdveJaZKH?= =?us-ascii?q?4gj5W+aUOTp4hGxqeLa4hxuq/0et1PTyWM+63VtUtCRIjsXAu3IX2xPN9MeHT+?= =?us-ascii?q?B9/ki71TaKzQ/T6+VELVoxlaraL54t2r8wlpwNvkTfBiL6hlj6gaCMekk69eWk?= =?us-ascii?q?8frrb7r8qpKTN4J4kgT+Pb4vmsy7D+Q4KA8OX22D9Omy1bLs41H3TqtKgf05nK?= =?us-ascii?q?bXtY3XKdgUq6KnAg5U3IAt5QyxDjqp39kZk2QLLE9fdBKcgIXlJVLDIO3lAfa/?= =?us-ascii?q?jVmhjDllyvTJML36DZTAIWLPnbnicLZk8UJdxgU+wM1E6pJaDrEOPv3yVlbouN?= =?us-ascii?q?zdFBA5LxC0w+b5B9Rz2YMRQ3iPArWHP6POrV+E/PkgI+6RZI8TpDnyNeMl6+Th?= =?us-ascii?q?jX8+nl8dcq2p0oUNZH+kGfRmJl2VYWDwjdcZDWcKog0+QfTxiFKcVT5TZnCyX7?= =?us-ascii?q?8z5zwgFIKnDZvMRoCqgLCb2ie7BYdZanpJClCLD3e7P7mDDvMNbj+CZ85njjEL?= =?us-ascii?q?T7m9Wqc/2hy08gz30bxqKqzT4CJLm4jk0Y1Q7vHPlRwtvRN9Fd6Qz33FG2R2kT?= =?us-ascii?q?5ZbzAx2697rAp2zVLVgvswuOBRCdEGv6ABaQw9L5OJirUiU90=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BrBwDn4lNafy0YGNZdHQEBBQELAYM8g?= =?us-ascii?q?V0nhAeYf0UBAQEGijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBARIBAQsWXYI4JAG?= =?us-ascii?q?CcAQZAQE3ATQCJgIjEwEFASwJihkDCA0DoWlAiyNugW06gwoBAQWEKg2BKoFGK?= =?us-ascii?q?ggSfYMRghWBDohKRAGESAwxgmWBMgEBkgqPaDMIAQGGDIoyhHMNhgiOAUiNKok?= =?us-ascii?q?ROYEXNVWBHjIaI1KBBIEmgkUPHIIIVwGKcgEBAQ?= X-IPAS-Result: =?us-ascii?q?A0BrBwDn4lNafy0YGNZdHQEBBQELAYM8gV0nhAeYf0UBAQE?= =?us-ascii?q?GijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBARIBAQsWXYI4JAGCcAQZAQE3ATQCJ?= =?us-ascii?q?gIjEwEFASwJihkDCA0DoWlAiyNugW06gwoBAQWEKg2BKoFGKggSfYMRghWBDoh?= =?us-ascii?q?KRAGESAwxgmWBMgEBkgqPaDMIAQGGDIoyhHMNhgiOAUiNKokROYEXNVWBHjIaI?= =?us-ascii?q?1KBBIEmgkUPHIIIVwGKcgEBAQ?= X-IronPort-AV: E=Sophos;i="5.46,332,1511827200"; d="scan'208";a="7406525" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 08 Jan 2018 21:36:31 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;a25fc760-5020-42d3-a832-fb685876f025 X-EEMSG-check-008: 393121640|UCOL19PA05_EEMSG_MP3.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.85.220.202 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BTAwCe41Nah8rcVdFdHQEBBQELAYUZJ4QHmH9GAQEGijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBEwEBAQoLCQgoL4VNBBkBATcBNAImAiMTAQUBLAmKGQMIDaFxQIsjboFtOoMKAQEFhCsNgSqBRioIEn2DEYIVgQ6ISkQBhEgMMYJlgTIBAZIKj2gzCAEBhgyKMoRzDYYIjgFIjSqJETmBFzVVgR4yGiNSgQSBJoJFDxyCCCA3AYpyAQEB X-IPAS-Result: A0BTAwCe41Nah8rcVdFdHQEBBQELAYUZJ4QHmH9GAQEGijyFTIoMA3mFJAKEOkIVAQEBAQEBAQEBEwEBAQoLCQgoL4VNBBkBATcBNAImAiMTAQUBLAmKGQMIDaFxQIsjboFtOoMKAQEFhCsNgSqBRioIEn2DEYIVgQ6ISkQBhEgMMYJlgTIBAZIKj2gzCAEBhgyKMoRzDYYIjgFIjSqJETmBFzVVgR4yGiNSgQSBJoJFDxyCCCA3AYpyAQEB Received: from mail-qk0-f202.google.com ([209.85.220.202]) by ucol19pa05.eemsg.mail.mil with ESMTP; 08 Jan 2018 21:36:29 +0000 Received: by mail-qk0-f202.google.com with SMTP id s6so9521429qke.3 for ; Mon, 08 Jan 2018 13:36:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=NC9ZC8NMGQ2psv6Fp9g4NvYJV3UPFZujl6dtD9jIAEc=; b=YMLJzjIuivm8RUnM95tThNX/7X7fbdj4ue7bL/uW7Sm8Jj+Yx55OF7NvB2J1obaz76 xOP00eXPgLbAkdJ9b2iShcHaZS1TFRRGDetMeOgPYaw1w1tspNv5tKvDKykwEH9R85Qq 9I5gE65CKuL0LI34m72U/pMEy06OVLOZQ1A292YmHny5Qx4zzc78Yglu/gDBFOZ0CX/G lNOyTDJ/WdV381aF520vf46HyZtS7RYucFW33G8vR86q355VVVcSOiVqRymT0UN9VOGm 0fM4jEgxLpBk952Kw7NZMp0QYIJ6kRF3lNrgVGANvPgANFpyOi+XCOi/tuCvJjbdzs/U vggg== X-Gm-Message-State: AKwxytdDwao8P8BUrtCB3LRhV+wGAOK5Hk5EW8OSefx9XJ5HmaX9YRD0 VYu/90jwwQtbzt4k3VSjpkDgPTli+KUwSgBjIsc2gw== X-Google-Smtp-Source: ACJfBotykuj6O0pnuGXqebarLtvneOeRy2C/gJWMguTj6GVy8qs+gVZubcjJmDPunpIuchEdr+YW9ojmwWGmGTrAk5XF/g== MIME-Version: 1.0 X-Received: by 10.55.171.10 with SMTP id u10mr10247663qke.4.1515447389393; Mon, 08 Jan 2018 13:36:29 -0800 (PST) Date: Mon, 8 Jan 2018 13:36:19 -0800 Message-Id: <20180108213620.170042-1-mjg59@google.com> X-Mailer: git-send-email 2.16.0.rc0.223.g4a4ac83678-goog X-EEMSG-check-009: 444-444 To: linux-integrity@vger.kernel.org X-Mailman-Approved-At: Tue, 09 Jan 2018 08:31:59 -0500 Subject: [PATCH V6 1/2] security: Add a cred_getsecid hook X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Matthew Garrett via Selinux Reply-To: Matthew Garrett Cc: Matthew Garrett , linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Dmitry Kasatkin , Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett Acked-by: Paul Moore Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: selinux@tycho.nsa.gov Cc: Casey Schaufler Cc: linux-security-module@vger.kernel.org Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: linux-integrity@vger.kernel.org --- include/linux/lsm_hooks.h | 6 ++++++ include/linux/security.h | 1 + security/security.c | 7 +++++++ security/selinux/hooks.c | 6 ++++++ security/smack/smack_lsm.c | 18 ++++++++++++++++++ 5 files changed, 38 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 7161d8e7ee79..72932dabbaed 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -554,6 +554,10 @@ * @new points to the new credentials. * @old points to the original credentials. * Transfer data from original creds to new creds + * @cred_getsecid: + * Retrieve the security identifier of the cred structure @c + * @c contains the credentials, secid will be placed into @secid. + * In case of failure, @secid will be set to zero. * @kernel_act_as: * Set the credentials for a kernel service to act as (subjective context). * @new points to the credentials to be modified. @@ -1541,6 +1545,7 @@ union security_list_options { int (*cred_prepare)(struct cred *new, const struct cred *old, gfp_t gfp); void (*cred_transfer)(struct cred *new, const struct cred *old); + void (*cred_getsecid)(const struct cred *c, u32 *secid); int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); @@ -1824,6 +1829,7 @@ struct security_hook_heads { struct list_head cred_free; struct list_head cred_prepare; struct list_head cred_transfer; + struct list_head cred_getsecid; struct list_head kernel_act_as; struct list_head kernel_create_files_as; struct list_head kernel_read_file; diff --git a/include/linux/security.h b/include/linux/security.h index 73f1ef625d40..5cfff15ac378 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -324,6 +324,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); +void security_cred_getsecid(const struct cred *c, u32 *secid); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/security/security.c b/security/security.c index 1cd8526cb0b7..35cbd75844c2 100644 --- a/security/security.c +++ b/security/security.c @@ -1005,6 +1005,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } +void security_cred_getsecid(const struct cred *c, u32 *secid) +{ + *secid = 0; + call_void_hook(cred_getsecid, c, secid); +} +EXPORT_SYMBOL(security_cred_getsecid); + int security_kernel_act_as(struct cred *new, u32 secid) { return call_int_hook(kernel_act_as, 0, new, secid); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8644d864e3c1..d3009c027de8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3844,6 +3844,11 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) *tsec = *old_tsec; } +static void selinux_cred_getsecid(const struct cred *c, u32 *secid) +{ + *secid = cred_sid(c); +} + /* * set the security data for a kernel service * - all the creation contexts are set to unlabelled @@ -6479,6 +6484,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, selinux_cred_free), LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 14cc7940b36d..b27327ebb031 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2049,6 +2049,23 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) /* cbs copy rule list */ } +/** + * smack_cred_getsecid - get the secid corresponding to a creds structure + * @c: the object creds + * @secid: where to put the result + * + * Sets the secid to contain a u32 version of the smack label. + */ +static void smack_cred_getsecid(const struct cred *c, u32 *secid) +{ + struct smack_known *skp; + + rcu_read_lock(); + skp = smk_of_task(c->security); + *secid = skp->smk_secid; + rcu_read_unlock(); +} + /** * smack_kernel_act_as - Set the subjective context in a set of credentials * @new: points to the set of credentials to be modified. @@ -4727,6 +4744,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, smack_cred_free), LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),