From patchwork Sun Sep 23 18:26:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10612401 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A47AC913 for ; Mon, 24 Sep 2018 12:33:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 93BBF28485 for ; Mon, 24 Sep 2018 12:33:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 880F52871B; Mon, 24 Sep 2018 12:33:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from upbd19pa07.eemsg.mail.mil (upbd19pa07.eemsg.mail.mil [214.24.27.82]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DAFC128485 for ; Mon, 24 Sep 2018 12:33:25 +0000 (UTC) X-EEMSG-check-008: 170231745|UPBD19PA07_EEMSG_MP7.csd.disa.mil Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa07.eemsg.mail.mil with ESMTP; 24 Sep 2018 12:33:14 +0000 X-IronPort-AV: E=Sophos;i="5.54,297,1534809600"; d="scan'208";a="18575838" IronPort-PHdr: 9a23:ub3ezh8ide+Zi/9uRHKM819IXTAuvvDOBiVQ1KB61uoeIJqq85mqBkHD//Il1AaPAd2Eraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HRbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsL4V7A0XSmp4bltRhHmlSwLMyc1/HzLhsB1iq9QvRCvqAFlw4PMfo+bOvlwcKTfctMUSmVORNtfVzRDD4+hYYYBD/ABMvpXoYbjvFsDtge+ChK2Ce/z0DJEmn370Ksn2OohCwHG2wkgEsoQvXTUttX1NbwSUfy0zKbSyzXIcvJYwTHh6IjUaRAuvfGMUqxtesrPyEkgDR7OgEiOpozhPjOV0PkNsmeG5OdnTuKglWonqwB3ojiyycYhkZXJh4IJxVDE8iV12oA1JcaiR0Jhbt6kF4VQujicOoBrQc0iW3lltDs1x7AJo5K2fDUGxI45yxPQdfCLaZWE7grhWeuTOzt0mXFodbClixu980Ws0PPwW8ey3V1XtCRKiMPMuWoI1xHL78iHTeZy8Vm51DaU0gDT9vlEIUcplarHM5IhwqA/lp4UsUnbAi/5gl/2jK6LdkU/4OSo9+Tmbanmpp+bLYN0jB3xMr8ylcClBOQ4MwwOU3Ca+eS6yrLj4VX0TKhFg/A5iKXUsI3WKd4FqqO2HQNZyJsv5w66Dzi80dQYmXcHLEhCeBKCl4XpIE/BIPT5Dfe5nlStny5nyOvBPr38BJXCMmbMkKz6cLZh609T1AozzddF65JSEbEOOuj/WkD2tNzGFhM5KRC7w/77CNVh0YMTQWCPAqifMKzIrV+I5vggI++XaY8Xvzb9Lf0l6OT1jX8lh1AdZ7Kp0YEQaHCiEfRsO1+Zbmb0gtcdDWcKuRIzTO7oiFKYTTFTZG2yX6U65jE6FoKrFonDRoSwgL2Oxyi7A5tWZnxbClyWFnfobYqEUe8WaC2OOs9hjiAEVb+5Ro85yx6hrxH1y7xmLurI/S0VrpPj28Zr6OLNjx0y8iZ0D8uF2WGXU250hn8IRyMx3K1nvEN9zVGD0a5ljPNGEdxT5uhEXR0kOp7GyOx2EdfyWhjOft2RUlapXs2mAS0tTtI229IPbUd9G9Gnjh/dxSqnGLEVmKKWC5wz6KLTxWDxJ9x6y3bEyqYuk0UmTtFINW28ia517xLTCJLRk0WFi6aqcrwR3CDX9GiZy2qBoEBYUBVrXKXARXAfZ1Larc/350PZVbOuDq4nMgRZw86YNqRKcsHpjUlBRPr7O9TReWGxm2CtBRuTxbODdonqe2IA3CnHD0gEiQ8T926cNQciHiehv37eDDt2GF31fkzs6+h+p22hTkIv1Q6Fc0hh26Cy+h4PivyWU+kT0a4cuCc9tzV0G06w0M7MBNqEuQVhZ7lcYNM64FpczmLWqw19MYKmL6B+h14RaR57v0Xw2BVrEo9Ai9QlrGs2zApuLqKVyElBeC6F0p3rNb3XL2bz8Aqpa6HIxlHUyMyW9bsX6PQkt1XjuxmkFlEs83V91NlVyGec647RDAoUVpLwXEM3+AJ8p73AZCky+Z/U32V2Maaoqj/Cx84pBOw9xxeuZdhfNL+EGxHoE80BHMWuNvIlm0KyYRIZOeBe7qk0P9mpd/Gewq6kIP5gnC66jWRA+I191EOM9y54SuHWxJYI2OuX0RWdVzf7lluhtdr3mY9cbzEIAmW/0TTkBJJWZqBqYIkLFX2hI9esy9pigJ7tXmJX+0S4B1MawsOpfwSdb0Dl1w1KyUsXuWCnmTe/zzFsjTEpr7aQ3DDJw+T4bhYIJm5LRG5kjVfjOoW0i9EaXE6yYAgzkxup/0H6x7JUpK5nNWncXV9IfzTqL2FlSqawsruCY9VT6J8xqiVYTuC8YVGcSr7grBoXyDjjH3NfxDA9djGlpo75kwZ8iG2DMHZ5tGDZdt1oxRfD+NzcQuZc3iABRCl8jTnYGEK8MMWu/dSajJrDqf2+WH66VpFJdinr14yAvjOh5WJ2GR2/g+yzmtr/HAg5zyD70cJqWD7LrBniZInrzKK6Pvx7fkVyA1/88cV6EJlkkoQsnJEQxWQahpKN8Hofi2jzLNFb1rzmbHUXQz4L38Da4BL+1U1+NXKG2Zj5Vm6Hzst6YNm6f3kW1T4j4MBED6eU9rNEkjVvrlq+sw3RfeB3ni0Bxvs29H4an+YJtRIzziWbH78fBldYPSrxmBSI9dy+qrtYZHq3e7iqyEV+hcyhDK2FogxEQHb2YIoiHStr48pjMVLMzH3y5pjqeNbKa9IfrBqUkw3Pj+JNMpI+iuIKhTZ7OWL6pXAlyO46jRhw0pyhuYiHLGtt/KynDR5EKj31Z8QT+jTzgqpEmMaZwZyvFI17GjoXRJvoUe6oEDUKuPTpLQmOFiE8qnCeGbfEEw+Q9lppr3XVE5+xL3GXPn4Zzdd8SxaBOExTmgcUXC81npQhDACl2NThcFtl5jAW/lP4pAFMxfx1OBnkSGjfohuoajAvSJWENhVZ8gRC613SMcyE4eJ5BztY8YG5rAyRNmybYBxFAnoSVUCDA1DjP6Ku5cXb8+SCHeqxMefBba+VqeNAU/eIxJSv0pZp/juXKsqOPmNiD+Ag2kZZU3F2AdjZmy4ISywRjS7NaNSbpBik8C1tss+/6OjrWB7o5YaXELRSMNpv+xewgaqYKuGfmj12KTdC2ZMK33PIz6If3FEKgSF0azatCagAtTLKTK/ImK9XDx4aazt0NMtM7qI8whdCNNXeitP0yr54lOA6B01CVVz7lcGjfdYKLH2lNFPbGEaLM6yLJTvVzM7tZaOxUr5QjOJPtx2sozmbFVTjPjeClzXzURCgL/1MhjmBPBNCoIG9bgptCW/7QdL8dBK7K8F4gicswbIohnPHLnUTMTlmc0xQqb2Q4ztYgu9hFG1B9HZlK/eLmzqB5enCNpkWqedrAjhzl+9C/Xs10aVV7CBZS/xugybdtMRuo0uhkuiB0TpoTgZBqitRhIKKoUVjOb/V9p9eVnbY5BgN93mfCwwWp9t5Dd3io6RQyt/VlK3tLjdD8tXU8NATB8jSNcKLKn0hMQDmGDTMFgsKUSarNX3Dh0xaiPyS7WOarpw7qpjqhZoPRaRWW0AyFvMfFktqBscCIIttUjMij7GbkNYC5WCioxnJWMVaopfHW+qPDvrzLTaZir9EZwcVzb7jM4QcKJf7201ja1l9moTGAUzQUs5Roid5dA87vF1N8GRiTm00w0/ldgKt4HoUFf6onh43ihBzbvks9Dbs+Vg4PUDGpC0un0ktgd/lmyyecCbtLKesWoFbEzD7t0wwMpznXQl6dQiynExiNDfDQbJelaBtentqiADGv5tDAPBcTbBebB8W2/6Xe+0i0U5ApSW/2U9H+ezFBIN5mwQ0d56htGhP1B99bNErP6zQP7BGzkJQh66UuS+ozO8xyhcEJ0kR6GOSZDIIuEsQO7k8ISqo//Bj6QyFmztHY2gCT+MkrO9w+E4hPOqN1D7v07lGKk+tLeOfNL+Zt3LGlcGWXlM6zlkImFVd/bhqzccjdFKZWFwtzLSLCxsELtbNKQZRb8pW9XjcYzyOsfnTzp1pP4WxDOfoTfWBtKwMmEKrAB4pH5gQ7sQGBpSsylvXLd3gLLEe0hgt+B7rK0+bDPtXfBKLkTEHo867zJ920oldJi0dAWtnPiWt47bbvAkqj+SfXN0ueHcVQpMENm4qWM29gyNYsW5MAyW30uIYzQiC7iXzpifLATn9cdVseumbaQlrCNGs9jU167K2hkLP8pXCO2H6MsxvutrV5uMApJaIFe9UTbh7s0fTgIRZSWalU2jTHt6xIJjwdpQjbcfuBna8TFO/lyo/T93tM9a1MqiInQboSJ5MsImc2DAsL9W9Fz8ZGxd0qeEO/6d8ZQoEY5ogfxHnqx4+N6ukIAeD09WuRWmtJSFRT/lFwuWwf6ZXwDY0bu+m1HsgSYk3wPOt8U4QQpEGlBLeyO2iZ4lfUCjzBmdSdx/JpSUni2hrLvwyzfsnwBPUrVkcNCiGdPBuaGxBpNw8GU+eIXBtBWYiQV+Tk5bD6Ba2378O5ytdg8pU0epdvXj8uZ/QfimhV7G1ppXOrSUgd8QmrLNsPoD5JMuJqo/elCTFTJbMqg2FTDK6F/1Cl9hMPS1XXfhIlnshOcEdpYVB7k8xWdskKLxUFKkgvLaqZiR4DSQK1y8WS5uA3CAegue7w7bajgyQcIg4PxMZrJVPmcAdUylrYiMEuKCsSYPWl3OeSmcRJAcf9wNM5BgPloVoZODq/JLITINQyz5Ru/97SSXLGYV0+1b5V22bj0P1R+mmk+yswQ1d1uns0sUBVB55F0dd2/5cllE0J7FvN6kQoonKvyeSdUzkoW3tyPGpJEVKxM3QcF34EpTKuXTgXS0b5HIbW5VDyHfBGpQOiwB5crokpE1QIIC6fUbz/yAkx553ELamSM+m3EslrXIaRyewCdVBFeBmsFXTWDJ7f5CnspLlO49dQmVI4p2St09ZkFlxMy6+0ZdcLttC4joIXDdRvTWdoMG9R9dY1M9wEZAMPsx/tGvnF6NcJpeduXs2taLzynXB4TAzrE+6xCmvG6+/V+9Z/XcRGh8uJ2SFrkkgFfUs/3zX8lDQtlB04+ZbCaSOjUprpjZ9BYpCBjFT1XCqN15zVmVJs/1GKKTJdMxRW/syagWpOxwwD/4m2FGG8l9vkHfleSNysBBa+yfHUwkySyYVnq/nmScCpcG/JT8aV5VIYC0ubyfYKgKbnSRXswhaa0xxRp8WHM1K+7AB0otS5MbCTlysKS4dVhx4Kg04yeZflVJEsEiAeyDdDA+oeO3KshJpfcaestSpLPX//AdIkI/ntv4397kbTX28hQKtWczer5P7ttCSsEuOcLz1M+y6YX/EVjTMjBawhbk+D5bQ5CjTLBBbK4Rmxno4fJjhE3DEMQ5BJ6IBKEpRTbp6ZsleouBGe89kf74E+apqBhKBWhPvF5KgoeJDLlbSXzveKTuO8vCxoILU97zdSvPgataKx3nZX6J9Jo165iXjG7f2zY9e/VL72vN29kN/SVXLKC6Bo8r8KQMM/smtbFPivocuHTPUHph/jGbtyltHd8oNTC2g6I4Yx49B6HbsVeJ41VD+sOxT9rZ+84Y4/6tkydyqKqfON/tVrVVrAh+OBgVl7p8tGnRwR3hNYu8NL/fcZb8WjcH1q+H5DaMX6hyV+/BBadTdOkHBntKyBS2bSRNZgggOsyMaLhGb1/6fgaB4U8GlpfL22kg1+VixMgYGzKxx5YeD4qeIvPXYbwfNwrgEVKnqQdnzrrc1t0OJ+/IkkL8OempoYwyoC+UdTtQSxnv8wqAqwyMsFNnDH7H69P5ASX05hDTglI55H1kMHfMUB7WL95xEnmgkg+zZKsEWcqdal2aACxGkFKMCyXms6yeQO2lqnBXO0xD2QWOu4177tit4TjXWz9bjiEVZTL+3CllOXyCxI093rCuPPBb0tNrwoak16kA2PXDjtNKJjmShI6lbH8z4JNybOik0v0kajJg+S92gw4wbHsC9INgJ+nFkcvTe83+rkzNGo6pfiIrR/tqV+u7OEXe9gKOUrbSNxDZFynk3plw/5dWgOevI59KUWfio0HwRTyhnsQvbQxG1sqDbr0wTOUGT0kfLn4wKPtdD0XYk1kHm4PUjT88y9QVfEIbAfPACpTHoNTvqwFaffcg4Vi2D3DtWBF71F0d3GLQk0mLqoM3JjWvQ+0EvRoRodkznmwZ4D4MjJEIp9VgY3ysDEQ8WaRyBC7GoH0vlJ5MeVUcfcRSHwKS6eqAv0E1x3Lyv6uHTbehnCqsDLPldiBCBnERBFpIQr6IeXKp2e0VB+67PugjiF4/nUuDplXo0Mv20TN5V8cQdt3Y5+Qa/QByg6ZZf4LoBjpCHaLJEa4DWvM9g90dn+SIPditVjRh6jhO5UuMcpOf479jZqpWo6eGuVKAzSOUR7RQ0AXpxj4foilA5vd7Xz/tcSpHSiYnn6w9CPXiKuJrB3hlnLeoOLJ6rfKp+93oZOicSPXUOPcCZa/Mk+S9iLC3T50BeAsMLfd4YMtTCmQRVik3xRr5e7cvaGl6dC4d2ac8o9W73xy4v/Zs7SObg5ye8JYrD4FFVI/NDkCJsmcrMpegN2/rSCTQY7meCZhhwwyOC14ONBOjq8eWL0tHUWEsMHjQqXIdFODqC5QunS/KylJXtTAyZ8dfzgJYke0KLWnyxnbgKsrpWEeFelCr3xD5eGZ7ph/iNqdqj9HNXtkFbEIZ09RDFHKRfPpNmORX3j8WrQkl8BjDjeMHPbRcuufCZxuEL4+lkMEv+f4AbKAoey73m8XpVUhduSLnus1acR+0eeNtmSPLCrnBS8o9gNa4PPF6Dq5zurzdIrk02AQAzZL83tDxaeVHEnBdJVKbspL4AlgwcXMZ7uUBWGmKwP3kx6iHaVaRTkKmRCPsV8iicTqwOT0VkKCV+TA2p2J92YbumgehHsn9aniN6uPUqyDJmRB6gtiDtpK8Awiwg96+itDUAuH1FSeOenz3OCVpd0PRZxZsbXm7r41i7SH8OcIXz5KVqP4Ln74Zlq3c2bREudAUMWe2rCCH3i67OAYKMsZRcmVrFttrmdqOpKSUUcLgwjVrvTmZw1yDSlQhl9W8MTCnm6tI4YM27NNorxy60FHKeeFsS76dhrsT8rxgIQfEwZFcnx39sloCMQTcAWMHGHk4zgxQqaGFYfYgF7gUVU+EujyqEs7du4A4ZenHXH56j942Wmt3HnTE5TNF31ifVq7eDi5cCznJogZV34zSItXBUcPbXF4d0C2X3/p9W1Oi7YvKqqO1BQ4xjjPy6XOQqLtio+Wzw3o5jHECi2PBWEkKwKu4Y7q/SSSa+UWmRUunNdHKD2347N0no/xizBls+bcpL6UgnPa+KnZNGmADJUbpwQjSW41TcyShrKu4edgQrqK+7agcKS6gXfOHaKu8whLU6CV0RfzrSECBrEe6qoBuom4RmP3hI/0r3e6Lu/xrgPd/UHQMLQrTXtppgxfvvbWKbOGR8zRR0dGbq6/vEHFQ8/rtXfISWm9XLr9t81uEBevJkMCl7sdkWzNFN846RheyKaxDK0pf7I5n6POSEGPbfwgw0e2gSabcdYAXo981uJdM9WrvODZNFrB8cAu48W5VnOGDvovInZDhvexLcMeznyvLhofiGM94N/3I= X-IPAS-Result: A2BsAAB72Khb/wHyM5BaGwEBAQEDAQEBBwMBAQGBUYFkKoEIXCiDdIgVX4tJhRyTQBQMgVEUGBMBhFmDQSE0GAEDAQEBAQEBAgFsKII1JIJgAwMBAiAEDRogDgMJAQEkAiIEAgICAQEtAwEFAQMBBwEQBwcLBRgEgkE/gWoBAQEVAwGWUDyLC3szhAABZ4IZBAoYDYEMgUUSeYVXhBYOCYIAhnqBcQQBEgGDIIJXApx1CgmQHiKIZwqGOyuUNwIEAgQFAgUPIThpOGRxKwoYKQ87MQZ8GoEfgiUXjWI4bXoBAQGJbg8XgiYBAQ Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2018 12:33:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8OCXBUO031667; Mon, 24 Sep 2018 08:33:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8NIQt0l020558 for ; Sun, 23 Sep 2018 14:26:55 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8NIQqIC008532; Sun, 23 Sep 2018 14:26:52 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AtAAD52adbly0YGNZZHAEBAQQBAQcEAQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQE5AwwGHwImAgI0AQUBHAcSgyGBaQEDFQMBllE8iwt7M4J2BYEFAYJfCj8NgQyBPQIGEnmFV4QWF4IAhnqBcYM4glcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDA4JEYM1ihw4bXqJXoJMAQE X-IPAS-Result: A1AtAAD52adbly0YGNZZHAEBAQQBAQcEAQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIUAQEBAQEGGAZMhUUDAyMEGQE5AwwGHwImAgI0AQUBHAcSgyGBaQEDFQMBllE8iwt7M4J2BYEFAYJfCj8NgQyBPQIGEnmFV4QWF4IAhnqBcYM4glcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDA4JEYM1ihw4bXqJXoJMAQE X-IronPort-AV: E=Sophos;i="5.54,294,1534824000"; d="scan'208";a="376432" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 23 Sep 2018 14:26:52 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AtAABu2qdbly0YGNZZHAEBAQQBAQcEAQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKCYgMDIwQZATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVAwGWUTyLC3szgnYFgQUBgl8KPw2BDIE9AgYSeYVXhBYXggCGeoFxgziCVwKcdQoJkB4iiGcKhjsrlDcCBAIEBQIFDyGBIYINNDwVbII7ghkMDgkRgzWKHDhteolegkwBAQ X-IPAS-Result: A0AtAABu2qdbly0YGNZZHAEBAQQBAQcEAQGBUYILgWcog3SIFV+LSop5jWOBegsshEACg0YhNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSKCYgMDIwQZATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVAwGWUTyLC3szgnYFgQUBgl8KPw2BDIE9AgYSeYVXhBYXggCGeoFxgziCVwKcdQoJkB4iiGcKhjsrlDcCBAIEBQIFDyGBIYINNDwVbII7ghkMDgkRgzWKHDhteolegkwBAQ X-IronPort-AV: E=Sophos;i="5.54,294,1534809600"; d="scan'208";a="18561695" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 23 Sep 2018 18:26:51 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;21b56343-2bef-4f4f-a58f-66defb0b120a X-EEMSG-check-008: 63232796|UCOL3CPA09_EEMSG_MP24.csd.disa.mil X-EEMSG-SBRS: 2.7 X-EEMSG-ORIG-IP: 209.85.128.67 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BIAAB42adbf0OAVdFZHAEBAQQBAQcEAQGBUYQag3SIFV+LSop5jWOBegsshEACg0YZBwEEMBgBAwEBAQEBAQEBARMBAQkLCwgbDCUMgjUigmIDAyMECwENATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVBJZQPIsLezOCdgWBBQGCXwo/DYEMgT0CBgkBCHmFV4QWF4IAhnqBcYM4glcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDBeDRoocOG16iV6CTAEB X-IPAS-Result: A0BIAAB42adbf0OAVdFZHAEBAQQBAQcEAQGBUYQag3SIFV+LSop5jWOBegsshEACg0YZBwEEMBgBAwEBAQEBAQEBARMBAQkLCwgbDCUMgjUigmIDAyMECwENATkDDAYfAiYCAjQBBQEcBxKDIYFpAQMVBJZQPIsLezOCdgWBBQGCXwo/DYEMgT0CBgkBCHmFV4QWF4IAhnqBcYM4glcCnHUKCZAeIohnCoY7K5Q3AgQCBAUCBQ8hgSGCDTQ8FWyCO4IZDBeDRoocOG16iV6CTAEB Received: from mail-wm1-f67.google.com ([209.85.128.67]) by UCOL3CPA09.eemsg.mail.mil with ESMTP/TLS/AES128-SHA; 23 Sep 2018 18:26:48 +0000 Received: by mail-wm1-f67.google.com with SMTP id q8-v6so7898934wmq.4; Sun, 23 Sep 2018 11:26:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Vnlw7/pMb0oHqqOMoluWOOGIReW9qKzzqbHvYF5dZzY=; b=VSTsTLynWkj0TWRhEu0c1GJEU9YzvuCHVeypPDZ+9VeZaxJIePgr9XhuLGycGb4D9C W2cX1MD1dsCt+NFcWcdyjZapVPYN+0FAdeh5Sv4dg9uTnGoUqszwayrim5MTpkgej3Ob EinKQsPUX2XfWmmKKmVJQnnh2rTQtxEhQRvBxB+YX1OMR8IWbO+TLT0TsWnsT+RMrHts Q/BLutWnW7iayrf+WMikteDLIH1VasmQUIeBW4ZtUkUlsHH6C4Xlg/EW7eg6dE4JmkoB zv2q46KPNjB/VEmtTfrE8tVRvEW002uYIqcm1z0Xu0+kxQdby41pyRvQvH5PQPLSq+qY wFiA== X-Gm-Message-State: APzg51D7nSL3axeZmhpY5XioCTTahoyQBA51iqESEBIQpcKZOBzzHCZi 11Ui6VXhxsaOUE+8x2APf8k= X-Google-Smtp-Source: ANB0VdaOnzyLowbdPPii5VjFXa1uiFn+wJ8dRWC8T18G+/7aaWvAtFonFyN1xllmV3mb6k8hsClnnw== X-Received: by 2002:a1c:adcc:: with SMTP id w195-v6mr4546884wme.41.1537727207983; Sun, 23 Sep 2018 11:26:47 -0700 (PDT) Received: from desktopdebian.localdomain (x4dbb2f17.dyn.telefonica.de. [77.187.47.23]) by smtp.gmail.com with ESMTPSA id c8sm15007248wrx.92.2018.09.23.11.26.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Sep 2018 11:26:47 -0700 (PDT) X-EEMSG-check-009: 444-444 To: pablo@netfilter.org, kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, jmorris@namei.org, serge@hallyn.com, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org Date: Sun, 23 Sep 2018 20:26:16 +0200 Message-Id: <20180923182616.11398-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180923182616.11398-1-cgzones@googlemail.com> References: <20180923182616.11398-1-cgzones@googlemail.com> MIME-Version: 1.0 X-MIME-Autoconverted: from quoted-printable to 8bit by prometheus.infosec.tycho.ncsc.mil id w8NIQt0l020558 X-Mailman-Approved-At: Mon, 24 Sep 2018 08:26:06 -0400 Subject: [PATCH v3 2/2] netfilter: nf_tables: add requirements for connsecmark support X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: =?utf-8?q?Christian_G=C3=B6ttsche?= via Selinux Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add ability to set the connection tracking secmark value. Add ability to set the meta secmark value. Signed-off-by: Christian Göttsche --- v3: fix compile error when CONFIG_NF_CONNTRACK_MARK not defined Based on nf-next Tested with v4.18.8 net/netfilter/nft_ct.c | 17 ++++++++++++++++- net/netfilter/nft_meta.c | 8 ++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index d74afa707..586627c36 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -279,7 +279,7 @@ static void nft_ct_set_eval(const struct nft_expr *expr, { const struct nft_ct *priv = nft_expr_priv(expr); struct sk_buff *skb = pkt->skb; -#ifdef CONFIG_NF_CONNTRACK_MARK +#if defined(CONFIG_NF_CONNTRACK_MARK) || defined(CONFIG_NF_CONNTRACK_SECMARK) u32 value = regs->data[priv->sreg]; #endif enum ip_conntrack_info ctinfo; @@ -298,6 +298,14 @@ static void nft_ct_set_eval(const struct nft_expr *expr, } break; #endif +#ifdef CONFIG_NF_CONNTRACK_SECMARK + case NFT_CT_SECMARK: + if (ct->secmark != value) { + ct->secmark = value; + nf_conntrack_event_cache(IPCT_SECMARK, ct); + } + break; +#endif #ifdef CONFIG_NF_CONNTRACK_LABELS case NFT_CT_LABELS: nf_connlabels_replace(ct, @@ -564,6 +572,13 @@ static int nft_ct_set_init(const struct nft_ctx *ctx, return -EINVAL; len = sizeof(u32); break; +#endif +#ifdef CONFIG_NF_CONNTRACK_SECMARK + case NFT_CT_SECMARK: + if (tb[NFTA_CT_DIRECTION]) + return -EINVAL; + len = sizeof(u32); + break; #endif default: return -EOPNOTSUPP; diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index c8ac0ef4b..a6715c816 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -284,6 +284,11 @@ static void nft_meta_set_eval(const struct nft_expr *expr, skb->nf_trace = !!value8; break; +#ifdef CONFIG_NETWORK_SECMARK + case NFT_META_SECMARK: + skb->secmark = value; + break; +#endif default: WARN_ON(1); } @@ -436,6 +441,9 @@ static int nft_meta_set_init(const struct nft_ctx *ctx, switch (priv->key) { case NFT_META_MARK: case NFT_META_PRIORITY: +#ifdef CONFIG_NETWORK_SECMARK + case NFT_META_SECMARK: +#endif len = sizeof(u32); break; case NFT_META_NFTRACE: