From patchwork Tue Mar 6 11:58:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vit Mojzis X-Patchwork-Id: 10261501 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A0A15602C8 for ; Tue, 6 Mar 2018 12:00:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 83B722901C for ; Tue, 6 Mar 2018 12:00:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 827542901D; Tue, 6 Mar 2018 12:00:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from USFB19PA14.eemsg.mail.mil (uphb19pa11.eemsg.mail.mil [214.24.26.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1056B29002 for ; Tue, 6 Mar 2018 12:00:26 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA14.eemsg.mail.mil with ESMTP; 06 Mar 2018 12:00:25 +0000 X-IronPort-AV: E=Sophos;i="5.47,431,1515456000"; d="scan'208";a="9370401" IronPort-PHdr: =?us-ascii?q?9a23=3Am7gvuRPaVT8/r2SRBRwl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0L/r8pcbcNUDSrc9gkEXOFd2Cra4c0KyJ4uu7AyQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9HiTahb75+Nhe7oAHeusQYn4dpN7o8xAbOrnZUYe?= =?us-ascii?q?pd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbY?= =?us-ascii?q?VguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLmhy?= =?us-ascii?q?cdMz4y7X/ZhMp+gqlGpB6tvgFzz5LRbIyTKfFwfL7SfckCSGRBQMhfWS9PDYGy?= =?us-ascii?q?b4USF+oMP/tUoofjqFsVthayGRWgCfnzxjNUmnP6was32PkhHwHc2wwgGsoDv3?= =?us-ascii?q?vVrNXpKawcVue1zKvJzDXCdPNdxDDw6JbNchAmo/GNXLNwcdHKxEk1CQzKk1WQ?= =?us-ascii?q?ppb5Pz+PyusNtG2b4vNmWOmyhWAnrARxrSKuxscqkoTJnJwaxU3E9Spj3IY5P8?= =?us-ascii?q?G3SEl+YdOiDZBetDmaOpNrTs4tTGxkoiY3xqActZKlcyUG1o4rywPHZ/GGcoWE?= =?us-ascii?q?+A/vWeWTLDtimn5odryyiwyw/EWuzOD3S9O630xQriVfl9nBrnUN1xvO5ceZUv?= =?us-ascii?q?Z95UKh2SqX1wDU9+FEPVg4larFJJ4lxb49joYTvl7ZHi/3hUX2l7Wadlkk++e0?= =?us-ascii?q?6+TnZa/qppmAOI9vlg7yKKEums27AeggMwgOWXaU+fik2bH+8kD0T69Gg/0rnq?= =?us-ascii?q?XDrpzXKtoXqrSkDwNN14Ys8Re/DzOo0NQCmnkHKUpIeAmZgIjtOlHOJu34DPim?= =?us-ascii?q?j1u3lzdr2vbGMaH/DZXWNXXDjLfgcqp9605b0gYzy8tf6IhOBrEOJ/LzRFf9tM?= =?us-ascii?q?bEAR8hLwy03+HnBc1/1oMZX2KAGLOZMKPIvl+O/e8vIe6MZIkQuDnnMPgl++Dh?= =?us-ascii?q?jWUimVMHeqmpx5QXYmiiHvt6O0WZfWbsgtAZHGcIvAoxVvDliF6ZUT5UYXayXr?= =?us-ascii?q?w86yo1CIKiEIfCSZuigKGH3CenA51afGdGCkqDEX3wbYWLR+8MaD6OIs9mijEF?= =?us-ascii?q?W7mhS4sk1R6wrg/30LRnIfTJ9S0fr5LszsB15/fUlREw6zN7E9id33uKT2FukW?= =?us-ascii?q?MCXyU207xnoUxh1leD1rB1jOFEGtxW4PNJVBs6OYPHwuxkFd/yQAPBf9aOSFag?= =?us-ascii?q?WNmmBy8+Ts4pyd8Uf0l9A8mijgzE3yeyHrAVi6aEBIYv/63A2HjxItpyxGzd1K?= =?us-ascii?q?k9lVUmRNVANXG+jK5l6wfTH5LJk1mel6uydaUd3SnN9GGYwGqLuEFUSQ9wUaPf?= =?us-ascii?q?UXAZfETWt9f55kLcT7CwE7gnNBVOydKaIKtQdtLplUlGROvkONnGfW2xg32/BQ?= =?us-ascii?q?yJxrOXd4fqY38S3D/cCEgfiwAT+WyJOhQgCSu7pGLeFjNuH0r1Y0zw6el+tG+7?= =?us-ascii?q?TkgswgGEdU1uzby19QIUhfyHUP4T26oEuCY4pzVvEle9xMjaC92apwpuZK9ce8?= =?us-ascii?q?8y4E9b1WLFsAxwJp+gILphhl4ZbgR6pEDu2A90CoVHjMgmtnQqzBB9KaiAylNO?= =?us-ascii?q?ayuY3YzsOr3QMmT95g2ga7TX2l7Aytab4b0A5+g9q1n5uwGpDEUi+W1909ZJy3?= =?us-ascii?q?uc+onKDA0KXJLrT0k46gN3p77fYigy/Y/U02NjMbWsuD/Yx90pHPclygqnf9pH?= =?us-ascii?q?K6OEGhXyE8oBB8iyM+EqgF6pbhUKPeBX7qE0Odmqd/2Y1663JOxghi6pjXxb4I?= =?us-ascii?q?Bh1UKB7yR9RfTM35YZ3f6YxBCHWizijFi/qMD4gp1EZTQIEmq40yjkC5ZbZrdu?= =?us-ascii?q?coYTFWeuP8q3y814h57sX35Y8ECsB0gd1cCzZxWSdVv90RdX1UQNrnytgTG4wC?= =?us-ascii?q?BskzE1sqqf2zTDw/rjdBUbJm5LQ3NigU3wLoi0iNAaWkeoYhMtlBuk40b13bJb?= =?us-ascii?q?pKNlI2nUW0dIcDD8L3t+XauoqrqCf8lP5YsssSVWS+S8fUmWSqXjrBse0iPjGX?= =?us-ascii?q?ZexT8gejGxopX5nhp6iGOBI3ZotnbZf99/xQvH7tzGWfFRxiYGRDV/iTTPHFi8?= =?us-ascii?q?ON2p/dGKmJfZru++UGygW4ZIcSn20YyArzG35WpwAR2wh/qzgMHoERAm0S/n0N?= =?us-ascii?q?lnTSbIowj6YonwzKm6Mvxofk9zBF/69cV6BptykowqhJEfwXIanIma/WIbkWfv?= =?us-ascii?q?NtVWwbr+Y2AQRT4P3dHV+BLq2Et/Ln2X3YL0TWidwtB/aNmgeWMawDk978dXCK?= =?us-ascii?q?eO8LNLgyV1ol2irQLef/dxhDEdxuUy6HQCmeEGpBItzjmBArAVBURYIyrsmAmT?= =?us-ascii?q?4tCgqqVYeWavfaK21EVggdCrFKuCrR1EWHblZpciGjd97t1lP1LR1H3+8Z3reN?= =?us-ascii?q?jMbdMTrxGUnQ3Pj+5PJJI2jPoKijJtOXjhsn091+47kRtu0Im0vIedLWVt4KW5?= =?us-ascii?q?AhtDOz37ecwc5zbtjbxEkcaOxYCvGZdhFSsXU5v0V/6oFygStfv/PQaUDDI8sm?= =?us-ascii?q?ubGabYHQKH7UdptXbPE5S1OHGLOHkW189tSQKbJENBnAAURyk1kYQhFg+03sDh?= =?us-ascii?q?dll25iwJ7F7ithRM0v5oNwX4UmrHqgeocCk7R4WELBVM6AFC+0DVMdeF4+1pAy?= =?us-ascii?q?5Y+4etrAuXKmyUfw5IF30GWlSYB1D/Obmj/d/A8/KCCeqmN/vDeruOqe1EV/eT?= =?us-ascii?q?2ZKv3Ipm/zCWOcWJInZiDuc02k5ZUXB+AcTZlC0FSzYLmCLVc86buBC89zVvrs?= =?us-ascii?q?+h6/vkRgTv5YqTC7tVKthv+g65jrmdOOKKgyZ5MzlY3IsWxXDU0LgfwEISiyZ2?= =?us-ascii?q?eja2CrsMsirNTKPLmq9LFB4XcThzO9VU4K4mxQlCJ8rbitLz1r5lgf84EEtKVF?= =?us-ascii?q?z7msG0fswGOW+8O0nbBEaQM7SGIyfHw8btYaOzUbdQlvlbtwWsuTaHFE/uJi+M?= =?us-ascii?q?lzjmVxCoN+FBlzyUMwJFt4G8aBltD3LvTNX8ah20KNV3lyE5waUohnPWMm4RKS?= =?us-ascii?q?Jzc0xXob2O8yxVmfJ/G3Rf4XpjKOmLgSeZ7+3DJZYRvvpnGCN0l/hV4H4i0bta?= =?us-ascii?q?8DlEROBpmCvVttNuv1amkuyVxjp9VxpPqyhEhISQskV4PqXW6JpAVG3Y8xIK6G?= =?us-ascii?q?WfFw4Fp8B5CtH1vaBf1MTPnrrpKDhe69LU4dccB8/MJcKFMHogMQLpGDnQDAsE?= =?us-ascii?q?UT6kK3rSh0lckPGO7H2asII2qp/2mJoBUrVbTkA6FusGCkR5G9wPOJR3XzMgkb?= =?us-ascii?q?GFl8MI4H2+rBffRMpEopDHSvKSAfLqKDmHl7VEYQUHwa/gJ4QJKoL7w1BiakV9?= =?us-ascii?q?nInSHUrfQ8pCoil6Yw83p0VN62R+QXc120L+aQOt4WUfFfiqkR4qkgF+e/gi9C?= =?us-ascii?q?/w41crIVrHvDEwn1cqmdr7mz+RaiL+LKerUI5NCir0rVU+MpT1QwZtdw29g0xl?= =?us-ascii?q?OC3CR71Pk7tqbXprhxPEuZtTBf5cSrVJbwIXxfGRYfUnzEpTqiGmxUJc/+TKF4?= =?us-ascii?q?FilAwwfZ6rtXJA1BppbMQpKqzIOKpJ0l9Qi7qTsSCyyOAxwRIRJ10W/WyIYi4I?= =?us-ascii?q?oksIN7c9JyW24uNs9BaCmzpfeGkMTfYqpOxl9l8lMeSa0y3gy6JDKly2N+GHK6?= =?us-ascii?q?OZvHLAmtCOQlIx0UMFjEZF/b5r0cs5dEqUTU8vxqOLFxsVLcrCNR1Vb81K+XjI?= =?us-ascii?q?YymOteTNwZRoP4SyDe3nUeiOtKMIjU2+BwYpA54A7sIfEZmwyEvYN9voLKYZyR?= =?us-ascii?q?Ux4wTmPEmFDPVMeBKMjDcHo8G+wYRq0olcJjASG35yPT+x5rnJug8gmOCDU8su?= =?us-ascii?q?YncGQosEMWo7V9e+my5Yo3tPEiG40ucZyQiE6D/8oD7fASLnYNpifviUYwpgCN?= =?us-ascii?q?+r+Tkl9ai5l0LX+I3EJ27mLdRipsPP6eQCqpmcFfxUS6JwvF3BlIlGWXOqSXXP?= =?us-ascii?q?HsSvJ5nwcYUsasb0CnmiWFyllz01V9vxPMqqLqWQjgHoWIdUsI2f3D89MM+wDS?= =?us-ascii?q?wRFAlrqOEC/q18YxcPY50hYR7nrw4+LbCwIB+E0tWyRGagMSFWT/9ezeqmZ7xX?= =?us-ascii?q?yC4sbvSixnU5U5801fW6/0kWSZ4WiRHewOqsaJNFUSjvAHBdfRvApTYhnWh7Ku?= =?us-ascii?q?ky2vs/wA/PsVQEKTCEbvZpaGtfsNwnGVOSO295CnQmSF+YjIrD5AGs37QT/ytS?= =?us-ascii?q?n9ZUzeNFv2Lkvp/aej6sXrKkqYnNuSo6cdcmu7FxMZDkIsaeupLShCDQTJnRsg?= =?us-ascii?q?2AUS61Dflal8NRIC1GXvZHh3spOcscuYpO8UAxTNsxJ6RTCKkwobCncT9kAjQI?= =?us-ascii?q?zS8aSYyAwD0CguGz27bBmBafapIiPwAAsJVFn9sSTjV2bjkYpKC9S4Xcj3WERX?= =?us-ascii?q?QTIAcP8QRM4xoNmZVqfuD45orEVpxMxiVXo/J1UyvLCoJn+0H9Sm6InVjyUO+h?= =?us-ascii?q?nPCx3QJO0PLs1cEWWB95CUhB2elWklUnKLRpJKkMpI7LsiSFdUTivG3zzuumIU?= =?us-ascii?q?NeyczQd1LjC4rEunDwUioG+X0bXYVP0m3QFYwOkwplb6YmvElMIIejekvl+zwo?= =?us-ascii?q?24FpEKKiWcCt2VklsW4MRz22HNpZF+FmrFXXVSVlY5+xspXqIZFSTXJL9ZKAtV?= =?us-ascii?q?hZiF1tPDC9yZVCMcFB+DkMXCJAoT+Fptu9VNVD2dNqD58LOtp/uXD9F71fNZeM?= =?us-ascii?q?vXI2oaLgymXF+z8irVi23jOzFLGkT+hB5W0RBh0pJ3iCqkkoF+Ys7nrd/U3Msl?= =?us-ascii?q?9u++dWHaSAjUJ0oDlhBJ9OHSpJ2WqjL1ttUHlMq/9aJ7jNc8xAX/kyYgeiNAcw?= =?us-ascii?q?FfE6w0CE/1x4kHnibiNusQta/jzSUBMvVSkJmLvtnyMRqt2/Mz8AV51IdSkhbz?= =?us-ascii?q?vCKw+DgyBYogtQa0FwVJAFGdtF/7Yb3ZVK8cbcVUmsLjwKUwJ4OgI+z/VfiVZJ?= =?us-ascii?q?sF+EdiDFEQqoafHPvwVvfceKsM6mNun2/Btch4P8t+A46r8DSGG4lg2rXdDetZ?= =?us-ascii?q?XzttmQukuJbqf4PPW2YWXdQzjUkRCwmbAkAoHW/yjJLgVUNYR1xGE5YZjlFW7L?= =?us-ascii?q?Jw5JJ7waJ0pcUaB1d8lGrvpdZ89+d6YD4bVtCQ6fRhPzBIyvq+FLLlTJSjTEKC?= =?us-ascii?q?WB6ei/rpjN7bHGTOjge8iMx2rGQ61rP5d18z/7G6zw3Y9Z4Er21e9n9llmRlje?= =?us-ascii?q?LyCBsNPhKxsJ5Ma4cEvisIcpHTTLD5hui3ft2ltPd8wMQy2t6pgYzo1W6GroQ+?= =?us-ascii?q?JizkfzqPFS96Vj6YQv5bBpzdy5JabUKfRfq0NnAx6UBgtw9po3G2h/W3pRYvIN?= =?us-ascii?q?J/fNYKQZl97hp/rwF6wN5x2f4/ZZZsffJ0Hdhsm/DSmRSRpFnAgdrj4aKhGT1+?= =?us-ascii?q?Wfl691TsalovP52lk27li7IRMHw6ph5YCe+qqHvOXXdQfezaAYWqj2QcP+tqgj?= =?us-ascii?q?tFmW5fI6j74OZmx0Ywq8HegGSsEdx3nvzaY2zSItCczPBbTg9+BfV3ghhDLvh4?= =?us-ascii?q?h9H0kKGvMTBbeL+Z9enmI4luHCON0ZbL1NmmGVFRG+Cr8C03mr6ymJL2Z5nhHC?= =?us-ascii?q?yRbwQXm87FXuty93XTPMz8v/kkpSTrS3B0ZSXy+yNE99rjyOPBTntMD2uaQz40?= =?us-ascii?q?E6KGrku8yRlGG5IrNYA9X/JMCAISkzvF8XjZwwSca11o8HAte9O8ke8G1gYfTC?= =?us-ascii?q?8W+rlDVBo6hfjYrE/s6V4unXHWWnj6CCsLqNxStYy3YislE969CgKunO6MeXQ/?= =?us-ascii?q?SszGseUyB/tBbfUBGvt7zbtVcUOVaR30vRn4wKJN5Z12Ei1k76/OgjXM4z9AJG?= =?us-ascii?q?G4bYffwCuSz8ODv6wFaYedI3VTCS0yBJEVLxEFl4HrU82W3rscLRj3jQ50EnRo?= =?us-ascii?q?l+dkzgnxx3DJ80KUEz51gNxCoMDwwNZQqcDLGyCkTvNZEEWlQbaRSbwLi6fb86?= =?us-ascii?q?3UJpzbO1+uDTcex8CrEJNvZckg6BglhbFYgLsa0FWr58fUFS9LLPrAj4F4fnR+?= =?us-ascii?q?TmlWY3NfCtTcBV78YZt2cl4ga4QBag8olM77IaiJCOa65FboPBvMRi4Ed95T8A?= =?us-ascii?q?bDZBgB5hgBOlSeocvvzs4sDHsJq07eajTLoiR+cN+BcoHGlxk5zwgFQnodHWye?= =?us-ascii?q?hcUJHVhprj/wBNOXKKv5za0xZkI+oUN42rZKpg92kAJyUGInIOOtyWa+Uz4yBz?= =?us-ascii?q?KzjT4l1CDdkKZdwGIMrMlwdUilfqWLFI7MbbHEGXC5trfcAy82X30Cw18Yc7Uu?= =?us-ascii?q?v45z+5OYvf70pUM/1egytiktPCpO4IwfvdEyUX7nyZZAJzwiyc0ZWNDOzw/eqU?= =?us-ascii?q?wtHOS1wGBjI2U5taJDea+wynQeq1lJPzXgyI6s/zhI8+e1+RR3ywmqQFqaVMEe?= =?us-ascii?q?9bhyXl3zheCJr6h/aIvNqt8mdXsENIEJpr5x3fBKpfJol7OQj/lsSzR0h8GDHw?= =?us-ascii?q?eMfPexoqpeqZ2+YM4+JlN0fkYo8bOB0Ewarg6XVJVgtuVKL2vlGBUOITetRmRv?= =?us-ascii?q?3ErnRO5INuMaAPOkaSpIDwojdOtl82HBcjaKUsoTxCaknOgApVVr77uL4EjQsd?= =?us-ascii?q?X8B2uUtIGW+rI2I+4DzHVaVJg6WLDvwa7CmTRLQUU0p0KiN+Xw+12JJ2dru1nP?= =?us-ascii?q?BHt3hLnj98oPc20DxpWh+8tTfqp60TxTIq4Ku4uykZuXxZUuWelD/FCVBCzPQJ?= =?us-ascii?q?jqccDG3v6V6mb3kAa4vy5qdoJcL6+Ykn/Xs/fQ0pfzcaUuS4FyHwk6SID5SUv9?= =?us-ascii?q?1Cgh6NpN7DbaS3LSgVKrQ91QzjSGZg3QTEmxZo6mQLSC267NA4PIW9Jdolxi2w?= =?us-ascii?q?FGjDc1YM5rlGsNH/tF4MSOs2Z0hswGBk0siAXS0CWtDAG3wyjgg/cmVEcZRD6R?= =?us-ascii?q?AAG6kvmDaIsbFM/hsIbzfMDoSl5o7QkN/G2XYjSddqx3rWqbOei5Ir0X1lntZ0?= =?us-ascii?q?4TCUuHQWaePUSchsAmL81o1H0+zxe+2tsvwbSIth0LmgXucCMtOi+WSqxppnQU?= =?us-ascii?q?qlxrUCH1qjLuAP3LDbUz2qSWeAQ+SEb3CMnyolMk71/RSoKVk3Z9lRok8lNuvN?= =?us-ascii?q?nIVclxHgUbxoWiWQv0HUw3I5PeMcaQ02pJ+texYWQ+4Je+icOe8uzeU6CFsNaX?= =?us-ascii?q?/JACR3B/aysV6sh4h7J25g7F77Yev39ADmN8GeGh4eEY7VtpRx4+C1RnqdOX98?= =?us-ascii?q?yx1/JEx0+P3DGFQxt+9cdZGRkMPOh9R61+4KafNtMSw7ut4OlYNv846U0N2FcR?= =?us-ascii?q?vJ1Jb9OcnVouSEA/3Y10kqeHtVUrkeYQzu/Ig6I9g5W6HTHbteoBQcCqg6QIA7?= =?us-ascii?q?O2f36q50MBt5chTNa7SsnsnquuWLa4NWp3/T6VIwNj3cuxwYyvGvSwx0dZWqiG?= =?us-ascii?q?vzIJwqQTJBtdJtAAN8HIRTA8MAsxanA5mMlaGghd+x/l91tu4JvKfrFPDFys65?= =?us-ascii?q?34RwXphd40yHJjDRC7d3ghctsuPnmfrE05/sGev+aNgEU659WWeDZbjYTaulLT?= =?us-ascii?q?fbBMPgM2tB8aydy/otTBCWZjL4RIKcuSGkPeki6kI+nN8rNNHPxSAguumIkOD5?= =?us-ascii?q?YHtW82L69XM=3D?= X-IPAS-Result: =?us-ascii?q?A2AgAgBhgZ5a/wHyM5BcHQEBBQELAYMjKgNmcCiNeHSNBYM?= =?us-ascii?q?YlDSCEQ4YC4gPITQYAQIBAQEBAQECAWongjgkgkgDAwECJFUDCQEBSAgDAVMZB?= =?us-ascii?q?YM/gVcDDapFOoRyg3eCIQWFLoIugVeBZoUIgVMEGYdDBIgjkkQJhlSKHQ6JAoV?= =?us-ascii?q?2iX2HWYEuHjiBUk0jFYJ9gjEcgXx2AYwlAQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 06 Mar 2018 12:00:19 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w26C0Ig0026729; Tue, 6 Mar 2018 07:00:18 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w26BwT8e071348 for ; Tue, 6 Mar 2018 06:58:29 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w26BwQ1C025649 for ; Tue, 6 Mar 2018 06:58:32 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BaAADOgZ5alywYGNZcH4M1KmlwKI5sj?= =?us-ascii?q?QWDGJQ0ghUKI4UNAoMAITQYAQIBAQEBAQECEwEBAQEBBhgGhXoDAydiUVcZg0S?= =?us-ascii?q?BVwMNqkU6hHKDd4IhBYUugi6BV4FmhQiBUwQZh0MEiCOSRAmGVIodDokChXaJf?= =?us-ascii?q?YdZgS4eggpNIxWCfYIxEAwWgWZ2AYwlAQEB?= X-IPAS-Result: =?us-ascii?q?A1BaAADOgZ5alywYGNZcH4M1KmlwKI5sjQWDGJQ0ghUKI4U?= =?us-ascii?q?NAoMAITQYAQIBAQEBAQECEwEBAQEBBhgGhXoDAydiUVcZg0SBVwMNqkU6hHKDd?= =?us-ascii?q?4IhBYUugi6BV4FmhQiBUwQZh0MEiCOSRAmGVIodDokChXaJfYdZgS4eggpNIxW?= =?us-ascii?q?CfYIxEAwWgWZ2AYwlAQEB?= X-IronPort-AV: E=Sophos;i="5.47,431,1515474000"; d="scan'208";a="217059" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 06 Mar 2018 06:58:29 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AxuKi3BMIk40BhGG39Jcl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0Lf/yrarrMEGX3/hxlliBBdydt6ofzbKO+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1?= =?us-ascii?q?Ov71GonPhMiryuy+4ZLebxlGiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPde?= =?us-ascii?q?RWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbY?= =?us-ascii?q?UwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhS?= =?us-ascii?q?kaNzA37m/ZhM9yg6JVux+tuwBzzpTIbI2JKPZyYqXQds4aS2pbWcZRUjRMDYy9?= =?us-ascii?q?b4sTEuEPOuFYr4v8plsPthu1GA6hBP3qyj9PhH/33Kw60/86HAHcwgMvAtIOv2?= =?us-ascii?q?7IrNnvKKgSVuW1wbDOwD7eYf1W3jL955LJchAnufyMR6x/ftfRyUY1CwPJlEmf?= =?us-ascii?q?qYvgPz6Ty+8DsHCb4vJ+We6yhGMrsR99rze1yssyhYTFnI0Yx1/c+Sh4wYs5P8?= =?us-ascii?q?C0RU15bNK+DpdduS+XO5F0T84sRWxjpTw0xaccuZGheSgH0JQnyADba/yAa4WH?= =?us-ascii?q?7AzuWv+XLzp2mn9rYq6yiwqz/ES61OLzSMy00E1FriZfl9nDrHEN1xjJ5siCS/?= =?us-ascii?q?t9+l+t2TeJ1w/N9uFJOV44mbfUJpI73LI9mYAfvVrMEyPsl0j7g7eadkA+9eip?= =?us-ascii?q?7+TnbK/mppiZN4JslAH+N6Mums6+AOQ5KQgDRHKb9vqh273j50L5XK9GgeExkq?= =?us-ascii?q?ncqJzaP9gUpralAw9J1YYu8w2/ACmi0NQZm3kHMV1EdQmbj4npJ17OIPf4Ae25?= =?us-ascii?q?g1S3ijhn3f/GPrr/AsaFEn+Wi7rlfLBg+2ZA2QEzypZZ/JsSBbYfc9zpXUqkit?= =?us-ascii?q?3ERjo+MR612K6zFtB61JEfQkqVD6OZOb+UuliNsLF8a9KQbZMY7W6uY8Mu4OTj?= =?us-ascii?q?2Cc0?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BaAABhgZ5alywYGNZcH4M1KmlwKI5sj?= =?us-ascii?q?QWDGJQ0ghUKI4UNAoMAITQYAQIBAQEBAQECARIBAQEBAQYYBlaCOCKCSgMDJ2J?= =?us-ascii?q?RVxmDRIFXAw2qRTqEcoN3giEFhS6CLoFXgWaFCIFTBBmHQwSII5JECYZUih0Oi?= =?us-ascii?q?QKFdol9h1mBLh6CCk0jFYJ9gjEQDBaBZnYBjCUBAQE?= X-IPAS-Result: =?us-ascii?q?A0BaAABhgZ5alywYGNZcH4M1KmlwKI5sjQWDGJQ0ghUKI4U?= =?us-ascii?q?NAoMAITQYAQIBAQEBAQECARIBAQEBAQYYBlaCOCKCSgMDJ2JRVxmDRIFXAw2qR?= =?us-ascii?q?TqEcoN3giEFhS6CLoFXgWaFCIFTBBmHQwSII5JECYZUih0OiQKFdol9h1mBLh6?= =?us-ascii?q?CCk0jFYJ9gjEQDBaBZnYBjCUBAQE?= X-IronPort-AV: E=Sophos;i="5.47,431,1515456000"; d="scan'208";a="10176201" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa06.eemsg.mail.mil ([214.24.24.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 06 Mar 2018 11:58:29 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;accbaf51-b630-4e5e-8504-30f92683fe9a Authentication-Results: UCOL3CPA05.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 286526969|UCOL3CPA05_EEMSG_MP20.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 5.2 X-EEMSG-ORIG-IP: 66.187.233.73 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0A9AAAogJ5amEnpu0JcHQIFDIMkgRNwKI14dJAdlDSCFQojhQ0CgyA0GAECAQEBAQEBAhMBAQEBAQgLCwYoLoUkAwMnYlFXGYNEgVcQqj06hHKDd4IhBYUuhAWBZoUIgVMEGYdDBIgjkkQJhlSKHQ6JAoV2iX2HWYEuHoIKTSMVgn2CMRAMgXw/NwGMJQEBAQ X-IPAS-Result: A0A9AAAogJ5amEnpu0JcHQIFDIMkgRNwKI14dJAdlDSCFQojhQ0CgyA0GAECAQEBAQEBAhMBAQEBAQgLCwYoLoUkAwMnYlFXGYNEgVcQqj06hHKDd4IhBYUuhAWBZoUIgVMEGYdDBIgjkkQJhlSKHQ6JAoV2iX2HWYEuHoIKTSMVgn2CMRAMgXw/NwGMJQEBAQ Received: from mx3-rdu2.redhat.com (HELO mx1.redhat.com) ([66.187.233.73]) by UCOL3CPA05.eemsg.mail.mil with ESMTP; 06 Mar 2018 11:58:28 +0000 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C76E8182D0C for ; Tue, 6 Mar 2018 11:58:28 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.43.12.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id E5AB42026DFD for ; Tue, 6 Mar 2018 11:58:27 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Vit Mojzis To: selinux@tycho.nsa.gov Date: Tue, 6 Mar 2018 12:58:08 +0100 Message-Id: <20180306115808.17470-4-vmojzis@redhat.com> In-Reply-To: <20180306115808.17470-1-vmojzis@redhat.com> References: <20180306115808.17470-1-vmojzis@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 06 Mar 2018 11:58:28 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 06 Mar 2018 11:58:28 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'vmojzis@redhat.com' RCPT:'' Subject: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP access() uses real UID instead of effective UID which causes false negative checks in setuid programs. Replace access(,F_OK) (i.e. tests for file existence) by stat(). And access(,R_OK) by fopen(,"r") Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 Signed-off-by: Vit Mojzis --- libsemanage/src/direct_api.c | 133 +++++++++++++++++++++++++-------------- libsemanage/src/semanage_store.c | 16 ++++- 2 files changed, 99 insertions(+), 50 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 49cac14f..4e2af810 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -140,6 +140,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh) int semanage_direct_connect(semanage_handle_t * sh) { const char *path; + struct stat sb; if (semanage_check_init(sh, sh->conf->store_root_path)) goto err; @@ -302,10 +303,16 @@ int semanage_direct_connect(semanage_handle_t * sh) /* set the disable dontaudit value */ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT); - if (access(path, F_OK) == 0) + + if (stat(path, &sb) == 0) sepol_set_disable_dontaudit(sh->sepolh, 1); - else + else if (errno == ENOENT) { + /* The file does not exist */ sepol_set_disable_dontaudit(sh->sepolh, 0); + } else { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto err; + } return STATUS_SUCCESS; @@ -1139,6 +1146,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, int status = 0; int i; char cil_path[PATH_MAX]; + struct stat sb; assert(sh); assert(modinfos); @@ -1155,9 +1163,13 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, } if (semanage_get_ignore_module_cache(sh) == 0 && - access(cil_path, F_OK) == 0) { + (status = stat(cil_path, &sb)) == 0) { continue; } + if (status != 0 && errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); + goto cleanup; //an error in the "stat" call + } status = semanage_compile_module(sh, &modinfos[i]); if (status < 0) { @@ -1196,6 +1208,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) struct cil_db *cildb = NULL; semanage_module_info_t *modinfos = NULL; mode_t mask = umask(0077); + struct stat sb; int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, @@ -1234,10 +1247,15 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Create or remove the disable_dontaudit flag file. */ path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT); - if (access(path, F_OK) == 0) + if (stat(path, &sb) == 0) do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1); - else + else if (errno == ENOENT) { + /* The file does not exist */ do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); + } else { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { FILE *touch; touch = fopen(path, "w"); @@ -1259,10 +1277,16 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Create or remove the preserve_tunables flag file. */ path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES); - if (access(path, F_OK) == 0) + if (stat(path, &sb) == 0) do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1); - else + else if (errno == ENOENT) { + /* The file does not exist */ do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); + } else { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } + if (sepol_get_preserve_tunables(sh->sepolh) == 1) { FILE *touch; touch = fopen(path, "w"); @@ -1299,40 +1323,24 @@ static int semanage_direct_commit(semanage_handle_t * sh) * a rebuild. */ if (!do_rebuild) { - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } + int files[] = {SEMANAGE_STORE_KERNEL, + SEMANAGE_STORE_FC, + SEMANAGE_STORE_SEUSERS, + SEMANAGE_LINKED, + SEMANAGE_SEUSERS_LINKED, + SEMANAGE_USERS_EXTRA_LINKED}; + + for (i = 0; i < (int) sizeof(files); i++) { + path = semanage_path(SEMANAGE_TMP, files[i]); + if (stat(path, &sb) != 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } - path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; + do_rebuild = 1; + goto rebuild; + } } } @@ -1465,7 +1473,7 @@ rebuild: goto cleanup; path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { retval = semanage_copy_file(path, semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS), @@ -1473,12 +1481,18 @@ rebuild: if (retval < 0) goto cleanup; pseusers->dtable->drop_cache(pseusers->dbase); - } else { + } else if (errno == ENOENT) { + /* The file does not exist */ pseusers->dtable->clear(sh, pseusers->dbase); + } else { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; } + + path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { retval = semanage_copy_file(path, semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA), @@ -1486,8 +1500,12 @@ rebuild: if (retval < 0) goto cleanup; pusers_extra->dtable->drop_cache(pusers_extra->dbase); - } else { + } else if (errno == ENOENT) { + /* The file does not exist */ pusers_extra->dtable->clear(sh, pusers_extra->dbase); + } else { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; } } @@ -1817,6 +1835,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, ssize_t _data_len; char *_data; int compressed; + struct stat sb; /* get path of module */ rc = semanage_module_get_path( @@ -1829,8 +1848,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, goto cleanup; } - if (access(module_path, F_OK) != 0) { - ERR(sh, "Module does not exist: %s", module_path); + if (stat(module_path, &sb) != 0) { + ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); rc = -1; goto cleanup; } @@ -1859,7 +1878,12 @@ static int semanage_direct_extract(semanage_handle_t * sh, goto cleanup; } - if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && access(input_file, F_OK) != 0) { + if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); + goto cleanup; + } + rc = semanage_compile_module(sh, _modinfo); if (rc < 0) { goto cleanup; @@ -2004,6 +2028,12 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh, } if (stat(path, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + status = -1; + goto cleanup; + } + *enabled = 1; } else { @@ -2330,6 +2360,12 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, /* set enabled/disabled status */ if (stat(fn, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); + status = -1; + goto cleanup; + } + ret = semanage_module_info_set_enabled(sh, *modinfo, 1); if (ret != 0) { status = -1; @@ -2738,6 +2774,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, int status = 0; int ret = 0; int type; + struct stat sb; char path[PATH_MAX]; mode_t mask = umask(0077); @@ -2838,7 +2875,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, goto cleanup; } - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { ret = unlink(path); if (ret != 0) { ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 4bd1d651..10f8b306 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -514,6 +514,7 @@ char *semanage_conf_path(void) { char *semanage_conf = NULL; int len; + struct stat sb; len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE); semanage_conf = calloc(len + 1, sizeof(char)); @@ -522,7 +523,12 @@ char *semanage_conf_path(void) snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(), SEMANAGE_CONF_FILE); - if (access(semanage_conf, R_OK) != 0) { + if (stat(semanage_conf, &sb) != 0) { + if (errno != ENOENT) { + /* semanage_conf exists but can't be accessed */ + return NULL; + } + snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE); } @@ -1508,8 +1514,14 @@ int semanage_split_fc(semanage_handle_t * sh) static int sefcontext_compile(semanage_handle_t * sh, const char *path) { int r; + struct stat sb; + + if (stat(path, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + return -1; + } - if (access(path, F_OK) != 0) { return 0; }