From patchwork Sun Sep 23 09:16:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10612395 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5DC05913 for ; Mon, 24 Sep 2018 12:32:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4BAE829EBD for ; Mon, 24 Sep 2018 12:32:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3E10E29EC0; Mon, 24 Sep 2018 12:32:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from usfb19pa16.eemsg.mail.mil (uphb19pa13.eemsg.mail.mil [214.24.26.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8297329EC1 for ; Mon, 24 Sep 2018 12:32:49 +0000 (UTC) X-EEMSG-check-008: 129808289|USFB19PA16_EEMSG_MP12.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by usfb19pa16.eemsg.mail.mil with ESMTP; 24 Sep 2018 12:32:27 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="18575704" IronPort-PHdr: 9a23:qtG+5RAp0p8FHoSSE/TjUyQJP3N1i/DPJgcQr6AfoPdwSPn+p8SwAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/Vjq476dvVRTmliEJOTAk+23Tk8B8kb5XrBenqhdiwYDbfZuVOeJgcK3Tft0UQmhOXsheWCNbH428d4kCA/cPMOhYtYnyu1QAogWlBQS3GOPg0SVFimPs0KEm0eksFxzN0gw6H9IJtXTZtMv4NKcIUeC016nI0TTDYOlQ2Tzg6YbQdAwhoe2XXb1sccre11QkFx3EjlqKtIfrIi2a1uAMs2id8uphWv+khmk8qw5vpjivx8EsipTGh48O1lDF9Tl2wIYyJdGiTk57esSrHIFftyGdKYt7W8UvSHxrtiYi0rAKpJG2cScQxJkn2hLTceKLfoeW7h75SeqdOTV1iXB/dL6ihBu/81Ksx+L+W8WuzlpHoCxImcTWuH8XzRzc8M2HR+N4/kemxDmAyRje6vpBIUAojarbLIMhwqIompoTr0vDGij2lV3qjKCMbEUk+/Wo6//9brX6pp6TK490igbkPqQohsO/Gvg3PhILX2ia/eSwzLzj/UvnT7VWlvA6j6bUvZ/AKckbu6K1GRFZ34k95xqlEjuqyNEYkmMGLFJBdhKHlY/pO1TWLfDjE/i/h1WskDF2x/HJJ7HuGZLNLmXFkLj9Y7l98FVRyBYzzN9D55JUDasNIPToWkDrrtDYARg5MxKsz+b9FNp9zp8eWX6IAqKBMqPStlmI6fgzI+mMfoAVvi3wK/oi5/7oiH82g0QdfbW30psNc3C0BPNmI1+WYXD0mNcODX8KvhYiTOztkFCCUzxTaGyuUKI//TE7D4SmDYbdRo22jryB2Dq7H5JNaWBbDFCMDWroe5+DW/cWZyKYOtVhnSAcVbi9V48h0gmjtBfkxLV8MOXU/CwYtY7k1NVu5u3ciw89+iJuA8SayWGNQHl+nnkUSD8uwKB/vUt9x0+e3qh/hfxYE8Fc6O1NUgc7LpPT1fJ1C8r1Wg7bedeJUlmmSM28AT4tVtIx38MOY0FlFtSsjxDD2y+qDKEPl7GQCpw77L/T33/rJ8ln03bGzq4hj1s4TcRTKW2qnKl/9xLcB4TRiUWWi76qdbgA3C7K7GqDw3COs1teUAFsUKXFRmsSZk7OrdT4/0/CVLGvCa89PgtG086CJbNAasf1glVeWPfjJNPebnqym2iqBhaIwa6MYZHpe2oH3yXdD1UEnxoU/XacOgg0Hj2hrH7GDDxyCVLvZFvh/vNjp3OhT0870RuKYlZ72LWp/x4Zn/ucS+kc3rgcoicuty10HEqh39LRE9ePuxBufKFCbtMm/FdG1WXZuhdmPpO8LqBtmFgecxh2v0z0zRl3DJtPkdQypnMw0AVyMb6Y0E9Gdz6Ax5D/J6DYJ3L9/BCqZK/awFfe38iK+q0X8vQ3t03jvB21Fkol63hnyNdV02Gb5pXREAofSonxUkAw9xl0orHVeC8965nS1XJyLam+qiXC1M4xBOs51hageM9SMa2eGw/2D80VGdKuKPcxlli3cB0EJvtd9LMxP8+8cPuGwqGrNv56nD26lWRH/Jx90kWU+ip6S+7I25IFzO+D3gacTTjzkk2hssftlYBDfzESEXK1yTL4C45Jeq1yYYELBH+zLM2r3Np+nYXgVGJf9F6mG1wJwtSpeQaIY1z7wwJQyVwdoWa7liug0zx0jzYpo7KB3CzP3+viaB0HOnRRSGZ+jVfsJo60j98BUUisbggpkgGq5Vz9x6RBo6R/NWbTS19SfyfqN2FiTrewtr2abs5L6ZMoqjlXXP2nYV+ETr79oh0a0z7sHmZF3zA7bzCqupP4nxNmk2KRNnBzo2TFecto3xfQ+MTcReJN3joBXCR4kz7XBly4P9a359Wbi5DDs+6lWmK6S51cbTLrwZmHtCuh6m1gGQe/kOyrmt37DQg61jf219p0WiXOtxbxeYrr2Lq8MeJ8eElnGkP859B9GoFknYs6nIsQ1mQChpWJ4XoHln/+Mc1B1qLjaHoCWyYLzMTT4Aj5xkJjNGmEx5/iVnqD2MthfMO2YngR2iIg9cBFFLmb7LJDnStvrVq3sxjdYf5jkTcB0fEu8mIVg/kVuAoxySWQGq4SHU9FMiH3iRSI6c2xrKVNaGapb7ewyFJ0ncq9A7GavgFcRHH5d486HSBq88V/NEnB32Hy6oH4eNjcdNwTuQeSkxvaiOhVMp0xnOIQhSV7IWL9oWEly+kjgBxt3ZC6uJaIJn5o/KK+DB5YOCP6Z98P+jHtiqZem9iZ05qpHpp/BjUBRIHoQu6wEDIOqfTnMB6DEDMmpXedBbrfGgqf5Vxor33RDp+rMGuXK2MBzdV4QxmdJlJQjxwIXDkgmZ45DA+qztT7cEhl/jAR+kL4qhxUx+JmLRnwTHrQpByyZTcyVJifKwFW4xpY6EjJNMyS9OVzHztX/pe5tgyCNnSbZxhUDWEOQkGLHEvsMr6q5dnB6OiYGvG+I+HVYbqQteNSTeyIyoyr0otn+TaMK8qOM2J+APw7wEpDQGt5F97XmjoVVywXjCXNb8iBqBe74C13odi18O73VwL3+YuPF7xSPM109BC3jqeDMOiQiT1kJjlGzZwMxGXHyL4F0F4VkSFueCGnEa4cui7VUKLQhqhXAgYZayNzNMpI96U83g1MOc7HlNz4zbt4jv8pC1dfS1PtgMapZdYFI2ulLlPIGF6LNKiaJT3M28z3Z72zRqdUjOhPtB2wvi2bE1P5MTSFjDnpVBGvPftKjC6FIBxUoJu9fQp1CWj/UNLmbQW2MMVpgj0t37I7nGnKOnIcMTVnaExNr6eQ4j5fgvVxA2xB9GRqLOmelyaf8ebYNo4cseF3DSRsi+Ja/HM6xqNI4y5eWvx1mTbdrsV1rl68iOmP0D1nURRVqjlVmI2LoF9iOaTF9phAQ3rE+gwC7XmIARQQu9RlEsHvu7xXytXXkKLzLy1C/MzS/codAMjZM82HMHw8MRbzHz7UFgQFRyaxNW7Dn0xdjO2S9nqNo5ghtJfsnJsOSrlGVF06Df4VFkNlHNkeL5htRTMkjaSXjMgW6nqitBPRXtlVvojbVvKOBvXiMCuWgqVBZxsPx7P4MZkfO5bl20N8cFl6nYXLG03WXdxXpC1ucBM0ql1X8HdiVm0zx17lagS17X8PFP60mxk2ihd+YeUt7zrj/lY3J1rQqyQrikUxn8vqgSyJej7rMKiwRZ1WCzbzt0UpKJz7Rwd1YhGskkN8MTfFR7RRj7xmdW9xkwLToppPFuRaTaFdbh8Q2OubZ/M23lRAsi+n31NI5fPZCZt+kwsnaYWjoGxG2w94dtE6OLLQK7RTzlhLnK2OpC+p2vo2wA8EKEYH6HmSdzIQuEwUKrkmIDKl/vZq6QyDhzRDeG8MV/4xovxy700zJv6Owj7n3bNYNk+xMOmfIL+DtGjbic6EWFUw2V0Ul0Nd57h5zd8jc1aIV0Ao1LaeCxYJOtDeJgxOc8VS83zTfSKPserT25J1I5uyGfzoTeOUs6YUmE2kFh4zH4sQ9sQBAoWs0EbAIMf9NrEF0xIt6x/wKVWZFvRGYgyLnykDo8G+yp930o1dJjASAWV9LSW36KzYphUvgPaZWtc5fGsaVJMeNn0qQM26hzJZv3NYATi5yO4W1AiC7z75piTRFjb8bMFuZPaKahxyFt664zI/87K5iVTP6JXRO3n6Nch+ut/I8e4aooyIC+lXTbZjr0fcmo9YR3OxXm/BC9G1IYT/a40rbdzpF3m6SUazizQrQMftJNytNLSHgRn0RYZIt4mWxCgjNci5Fj4EARdxqeYD5KZyZQAYZpo7Zhnotx8gOKOjOgeY1c6uQ32sKTtQQPlT1+K6Z6ZYzyA0dO+11GMgTo0mz+mw6UMCXosKjgzYxfq5ZIlTSinzGn1cewXTviU1jW5hOfguwu0n2hPHrUEcMyyXdOxucGFEo9Y8BVaJLHVqFmY4QkSTgZDF4gGyw7AY5zFdkMpM0e1ZrHj+uYfSYDCrWKO1spjarjQvbcM4rK1rLYzsPNaJuInYnjPBUJnaqheFXzKiF/pGhthQJzpVQOVVlm44OMwJo45B5FEtWcc5IrxAFLMjpqu2aTZ+Cy4d0zMZXZua3DMemue8x6falhCIfZQ6KxwErI9NjcYBUyNteSMeo7KjV5/KmGCaTGgLPB0T4h5I5A4akY9wZO/l6pLSTJBQ0z5Wv+50UizTG5Zz+Vv0Vn2ajFrlRPiviOGmwQVSzPfw3dYBQx5/FVJRx+BImUs0MLt3MbUfvpbWsj+UckP3pHjtx/W7K1lR08LUa0b1DI7CtWriTCIQ52EbRYhSx37BD5gSlRR2aLozrlVWPI+mYlr+5yAjx4lxA7m4T96kyEg4onsdWieqF8ZBC/t8v1LJWT1lZJSrp4v5O5lIRW9Q4pKdoU9DkEpxKy651YZcK8ZV7z4JRjdPpTGds8WuSM1fw8B5FYQBItFhtHfhA6NLJIKeo2UotbD1zH/W5Sw8uk+gxDqvA6+4U/5Z/2oGFwUrPWuesE4vD/Ao8mjI7FDAqVV0//pfBriTjEV+vDd9EYpIBjZSz3ylKE5zTHZeueVANKvVa9BcQ+U1ZRK3ORwxD/gm30KT/UFzgHj2fTd/thdA9CDbRAk0UjMZgrHzlj0CssunIyMVS4pUbTU9aCfIMw2bmT1WvBZbb0FlRZUZD81Y9L4FxoRU/9DNSUC2JSECRhxiORoy0eBDmk5brEWYZSfdABKqdfbOtx16ZsKRo9CpLfvn5gdHi4XnsO8i+6UFWXKmhRWnQcrCoI/kqt2KqkyOeb/+M+24enLBTT7MjRWqibclCZnK8TLTPxBAK5lm03okfITuCXLWPRRcOa0XPU1bVbp1ad9euOBVe9dkeLoV+a9qHh+HQxTvGIqzrPlJMFneXjHeLySb/ey5v43T8bLcSe/6ZsyP3HbLWaR3MYlm6TPjAbflzZde+lbq2vdq7k56TUPGMyWBodn6KAME+tStdkz4vpIzBTPWGpBwkHjzyU5ca8obWSqq8I4XyJlB8nb/Vfp40lTvsO1V77Rk6Ig27KpzxsioPqrSMupVsVN5DReIHAlq8Y8tAGdnTWBLfuARMOvRfbgejc32sO/3FrcX6ROP9OxbaNvHO1nBldOiCjGYUhFLgAABpiMEIQSGyv6Fgah0Sdy/quTj3UIt+Ve+JAYczL9x/YeE5raIpOjPYhvJ17cERrTlRsP9r7QroUOS5uQolKUQdWxxYg2nFvUdV8EGy2f4168q0T4jE8PNHrLn4v5DVGg1njH+lJBnGVUZBPcUEaCM/YREkWcyg/bZOcEOcqBehmaPEgapErAcxn6t9yuXJ25ljhbV0x7uRWOz7Vn2rTJ3QCbXy9fsjFBVV7mtCktIWSqmJ1N4uiuVPAX0rNr3pbg17EYuP2zitdKCiGyhOLdNEM3kPtCcIC40pFUMjJ0qXdGv3I8WGNWnLNcW6nF+YePU63m3nC9Zv6dHm43e79ma+vrLBnmglLSWpaiCyj5ey3g4u0w/69+7O/HB4t2FWfKo2HgLQyd4oQvBUAa/qqbHoFAMJUyLzEDLlZQIPtFe3Xk40Fvq6/QjQNI36QVRC4fBZ/IEpTDoOzv0wE2SY8w2VimAyTRXGk/6EVhiFKg6xm3woNrDlW3M9F0wWolwa0vniAR2D4UmM00t7kMawi4eEQcQaBCbC6qoCV7iLYseWkgJcQ6H06SieqcrwU1zxaui5O3NYuxyCaoNMu1QjwCUk1hdBJ0WrbcSQLRidF9B7KTXvBTtC5D7X/j6kno9LfK1QsRd8cEXqXQi5gK/SgG76ZdE6bYbiYyHerRCYZfSoMB2911n6iIXdixRnBh/iAu0UeUdpODg4djbt4Gl6uS0W6YuQOUX8QY7B2Jkg5v2nl8jvcnd1/1ARY3NlYT/7AdNLmaRt4nE1Rl8NfEDK5mvfLZn63UHOzYeKGwTMtaMbPk8+SBtOi3J51NeGsMMec8YPM3VlABalELpXLBT9tLFFVKDCoZzdsUo72/pxzAv9ZszTPzs6DisJZDQ91tNJe9MjD1wlNLeo+gY2fTTCDAN4XmYdxd63DiPy5yMC/bs5+WD1svYV1QcHi45S41dPiaN+RS7Ruqpk5XkSgSU6svtj58lbEKQQma+nL8ZsqZNDeFAlj/70SZAGYzvgfKarcas4nNNtlJbCIZz8QHFGKJHM5V/OBT4kNSrR0dlCiv7ecHUbQYuuPGNy+cN+ep+MUz+aZUcIhIexLLw8WBVQRd2SL7qolaZWvocZN58R/zYrnBV6IRgK6gUMViDpZzqqClHqFQ3AA8vdb8xoSZWdk7UnA1aQ6z0oqIPihMAUd5lvk9BAWCwN3g95zrATqtYl7SRCPoJ8jWTSawOTkpoMiNiQx+v3pVhZaepl+hdsmxahiN9vOQq0zt+SRunty3sor4C1DMj9byjqjUOp2ZFTuSfkifPD1VP1vIKgrkACyWq1VvpeHAJaIza5rR7K8Xk6YQ7pXMlblFrfCQKWemrIyv0hqiLAouLvZRfih2M/sXTKfe9MgAJKq45xBSlS3U5mgTXghtt2GcCXDil6NgqOMO7NNphjiylBWbacEoB+OZFvdX8sXYVQ+YsL1Bs2mNu1o6AXCJJDMfIAWspgwEhQWNJbJxC7QMXDe8vmDnM9q9L4g0Zfh/KHYm/vIrdh8HF3T86V9gujmbXoLCVw5Anynton/tq4SOU/ncfberVV4lrGHe3np9W1OjWf/ywtqUCT4x8xfKqV/pGetKv4kOqyZ5qXQmj3b1YEF2ndKcO3r7BUjyNUWSCWP+Td2GHknA+KEG2rRutKUctadxiqUY4P+qEgYRT00X6XKl7Sw2QrFvf3WplOuQfM0ottYOmfREaZPIAbOibY+41ybsxD0VIJ3vIGzZmTvS7ukO3nZRqfnBn7Vj+bMzz/Q38dtifAB8JFcjdtJEiw/GiQnO9PipLzAdzJ1V1/uGXOMotqvRXc5vZydPfldN93PUtePBqPikwv9cSnsRo7ozCg+mQdhSE5ZboJMrJo/GeS9JB01gxcWFXGqQYaEvO6oE7OMMpE+nIEL9YuwkMLbQrS5wmcWHq/ed7Kx0lIV2ZX6i9nsS//rHDXZBTvXKDqwtoIQ== X-IPAS-Result: A2DWAQB72Khb/wHyM5BaHAEBAQQBAQcEAQGBUoFjKoEIXCiDdIh0i0mFHJNAFAyBURQYEwGEWYNBITUXAQMBAQEBAQECAWwogjUkgmADAwECIAQNGiAOAwkBASQCIgQCAgIBAS0DAQUBAwEHARAHBwsFGASCQT+BagEBARUDAZZQPIsLezOEAAFnghkEChgNgQyBRRJ5hVeEFg4JggCGeoF1ARIBgyCCVwKcdQoJkB4iiGcKhjsrlDcCBAIEBQIFDyE4awI0ZHErChgpDzsxBnwagR+CJReNYjhtegEBAYl9gj0BAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2018 12:32:26 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCWO8d031562; Mon, 24 Sep 2018 08:32:25 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8N9GZ04014460 for ; Sun, 23 Sep 2018 05:16:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8N9GVQo027132; Sun, 23 Sep 2018 05:16:33 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1A1AACwWKdblywbGNZaHQEBBQEHBQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQE5AwwGHwImAgI0AQUBHAcSgyGBaQEDFQMBlmM8iwt7M4J2BYEFAYJfCj8NgQyBPQIGEnmFV4QWF4IAhnqFKYJXApx1CgmQHiKIZwqGOyuUNwIEAgQFAgUPIYEhgg00PBVsgjuCGQwOCRGDNYocOG16i3QBAQ X-IPAS-Result: A1A1AACwWKdblywbGNZaHQEBBQEHBQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQE5AwwGHwImAgI0AQUBHAcSgyGBaQEDFQMBlmM8iwt7M4J2BYEFAYJfCj8NgQyBPQIGEnmFV4QWF4IAhnqFKYJXApx1CgmQHiKIZwqGOyuUNwIEAgQFAgUPIYEhgg00PBVsgjuCGQwOCRGDNYocOG16i3QBAQ X-IronPort-AV: E=Sophos;i="5.54,293,1534824000"; d="scan'208";a="376213" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 23 Sep 2018 05:16:32 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0A2AACwWKdblywbGNZaHQEBBQEHBQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKCYgMDIwQZATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVAwGWYzyLC3szgnYFgQUBgl8KPw2BDIE9AgYSeYVXhBYXggCGeoUpglcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDA4JEYM1ihw4bXqLdAEB X-IPAS-Result: A0A2AACwWKdblywbGNZaHQEBBQEHBQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKCYgMDIwQZATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVAwGWYzyLC3szgnYFgQUBgl8KPw2BDIE9AgYSeYVXhBYXggCGeoUpglcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDA4JEYM1ihw4bXqLdAEB X-IronPort-AV: E=Sophos;i="5.54,293,1534809600"; d="scan'208";a="16129740" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 23 Sep 2018 09:16:31 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;cc496ba2-4ea2-4233-8089-276862f69c8b X-EEMSG-check-008: 45534822|UPDC3CPA08_EEMSG_MP24.csd.disa.mil X-EEMSG-SBRS: 2.7 X-EEMSG-ORIG-IP: 209.85.221.68 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BiAAAyWadbf0TdVdFaHQEBBQEHBQGBUYQag3SIFV+LSop5jWOBegsshEACg0YZBwEEMBgBAwEBAQEBAQEBARMBAQkLCwgbDCUMgjUigmIDAyMECwENATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVBJZoPIsLezOCdgWBBQGCXwo/DYEMgT0CBgkBCHmFV4QWF4IAhnqFKYJXApx1CgmQHiKIZwqGOyuUNwIEAgQFAgUPIYEhgg00PBVsgjuCGQwXg0aKHDhteot0AQE X-IPAS-Result: A0BiAAAyWadbf0TdVdFaHQEBBQEHBQGBUYQag3SIFV+LSop5jWOBegsshEACg0YZBwEEMBgBAwEBAQEBAQEBARMBAQkLCwgbDCUMgjUigmIDAyMECwENATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVBJZoPIsLezOCdgWBBQGCXwo/DYEMgT0CBgkBCHmFV4QWF4IAhnqFKYJXApx1CgmQHiKIZwqGOyuUNwIEAgQFAgUPIYEhgg00PBVsgjuCGQwXg0aKHDhteot0AQE Received: from mail-wr1-f68.google.com ([209.85.221.68]) by UPDC3CPA08.eemsg.mail.mil with ESMTP/TLS/AES128-SHA; 23 Sep 2018 09:16:27 +0000 Received: by mail-wr1-f68.google.com with SMTP id k5-v6so16712679wre.10; Sun, 23 Sep 2018 02:16:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mgTHSkW4YsUxUx1zKtiHWDUN6r3Nwhwqj9hrE/x7CNo=; b=ftvXKET/EZuTXjE79XwF+zgEsAJmCTUmBPmn9QwzbennIRKyNxnI23W2Iyv2wmfQUV q18jzCajTqc/FQFkx0t3eyOU0P4luG4Hc8B1UCTHByF9jxOdSNQeYDbHYr1sAW3sIogc u1gh8Ov7IBqc/1g0Pnsr1C4D+rlPWN4YZ4fiZ+C2EgNBIXgodRLKvNJQ+ISeIqXSRouv Ms2/+C3ioLwWu+Q101c80AKrilq5WIJyr7E0LEv74/i6A8zgykDXRVIZjDOA/9WphYUB qGbnP9UaYDtMdEtZNYJavLfYHE6vihdrpE1JruVKbltsYQhmylMXJ/+D3YoPXur4DclW 6y1g== X-Gm-Message-State: ABuFfoj2/tyMGrusaU8BRGHWRkWXnyEB2JjWmywOl83VPIoNyU6p6+EC JO3IU/u0R+prLHDD6/Xlg40= X-Google-Smtp-Source: ACcGV62H6fugQK5nnM9SfOD3sNjgMMW/Kg3GFWrvHuUZlWjaNYq9Z9LHjFnZ4M406TRFuDriIl6ung== X-Received: by 2002:adf:cc8d:: with SMTP id p13-v6mr4517294wrj.67.1537694186446; Sun, 23 Sep 2018 02:16:26 -0700 (PDT) Received: from desktopdebian.localdomain (x4dbb2f17.dyn.telefonica.de. [77.187.47.23]) by smtp.gmail.com with ESMTPSA id m68-v6sm20865759wmb.10.2018.09.23.02.16.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Sep 2018 02:16:25 -0700 (PDT) X-EEMSG-check-009: 444-444 To: pablo@netfilter.org, kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, jmorris@namei.org, serge@hallyn.com, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org Date: Sun, 23 Sep 2018 11:16:11 +0200 Message-Id: <20180923091611.19815-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180923091611.19815-1-cgzones@googlemail.com> References: <20180923091611.19815-1-cgzones@googlemail.com> MIME-Version: 1.0 X-MIME-Autoconverted: from quoted-printable to 8bit by prometheus.infosec.tycho.ncsc.mil id w8N9GZ04014460 X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH 2/2] netfilter: nf_tables: add requirements for connsecmark support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: =?utf-8?q?Christian_G=C3=B6ttsche?= via Selinux Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ability to set the connection tracking secmark value. Add ability to set the meta secmark value. Signed-off-by: Christian Göttsche --- Based on nf-next Tested with v4.18.8 net/netfilter/nft_ct.c | 15 +++++++++++++++ net/netfilter/nft_meta.c | 8 ++++++++ 2 files changed, 23 insertions(+) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index d74afa707..dcc451c20 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -298,6 +298,14 @@ static void nft_ct_set_eval(const struct nft_expr *expr, } break; #endif +#ifdef CONFIG_NF_CONNTRACK_SECMARK + case NFT_CT_SECMARK: + if (ct->secmark != value) { + ct->secmark = value; + nf_conntrack_event_cache(IPCT_SECMARK, ct); + } + break; +#endif #ifdef CONFIG_NF_CONNTRACK_LABELS case NFT_CT_LABELS: nf_connlabels_replace(ct, @@ -564,6 +572,13 @@ static int nft_ct_set_init(const struct nft_ctx *ctx, return -EINVAL; len = sizeof(u32); break; +#endif +#ifdef CONFIG_NF_CONNTRACK_SECMARK + case NFT_CT_SECMARK: + if (tb[NFTA_CT_DIRECTION]) + return -EINVAL; + len = sizeof(u32); + break; #endif default: return -EOPNOTSUPP; diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index ac5df9508..555fcd66b 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -284,6 +284,11 @@ static void nft_meta_set_eval(const struct nft_expr *expr, skb->nf_trace = !!value8; break; +#ifdef CONFIG_NETWORK_SECMARK + case NFT_META_SECMARK: + skb->secmark = value; + break; +#endif default: WARN_ON(1); } @@ -436,6 +441,9 @@ static int nft_meta_set_init(const struct nft_ctx *ctx, switch (priv->key) { case NFT_META_MARK: case NFT_META_PRIORITY: +#ifdef CONFIG_NETWORK_SECMARK + case NFT_META_SECMARK: +#endif len = sizeof(u32); break; case NFT_META_NFTRACE: