From patchwork Wed Mar 21 11:58:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laurent Bigonville X-Patchwork-Id: 10299231 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 16046602B3 for ; Wed, 21 Mar 2018 12:00:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC4F329835 for ; Wed, 21 Mar 2018 12:00:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EAE332983D; Wed, 21 Mar 2018 12:00:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18F8629835 for ; Wed, 21 Mar 2018 12:00:52 +0000 (UTC) X-EEMSG-Attachment-filename: 0001-Stop-using-avc_init-which-is-deprecated.patch, 0002-Stop-using-selinux_set_mapping-function.patch X-EEMSG-Attachment-filesize: 11652, 4646 X-IronPort-AV: E=Sophos;i="5.48,340,1517875200"; d="scan'208,217,223";a="657738478" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 21 Mar 2018 12:00:51 +0000 X-Attachment-Exists: TRUE X-IronPort-AV: E=Sophos;i="5.48,340,1517875200"; d="scan'208,217,223";a="9952412" IronPort-PHdr: =?us-ascii?q?9a23=3AuBd60xH83yIRA2Hv/6v3ZZ1GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ7+ocm7bnLW6fgltlLVR4KTs6sC17KN9fi4EUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCazbL9oMBm6sRjau9ULj4dlNqs/0A?= =?us-ascii?q?bCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG?= =?us-ascii?q?81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUj?= =?us-ascii?q?us9adrTALjhjkBOTA37WrbjtV8gL9HrB6koRF03ozab5yPNPdmYK3TfdAUS2?= =?us-ascii?q?RPUcleSyNPH5u8YokSA+cPI+lYtJLwp14SoRakHwSgGO3ixz1Oi3Tr3aM6ye?= =?us-ascii?q?MhEQTe0QImBd0OrW7Uo8vzNKcOTOu40ajIzTrEb/NQxzf96YzIchQ/rvqRWr?= =?us-ascii?q?9/asvRyUYoFwPDlViftJLqMCiU1usXtWiX9e1gVfigi2M+rQx6vzahxsApio?= =?us-ascii?q?bTh4IVzEjJ9StjwIkrO9K3VVB0YcWnEJtMsCGaL5F6QsQ4Q2Fnvisx174IuY?= =?us-ascii?q?ajcSQXx5kqyATTZvyaf4SS/B7uW/idLS1liH59Zb6ygxi//VKgx+DyTMW4zl?= =?us-ascii?q?hHoylfntXSqnwByhre4dWdRPRn5EeuwzOP2hjW6uFDPE87i7LWK4Ukwr4sjp?= =?us-ascii?q?oTtlnDHjPulEX2kqCWckIk9/C06+v9eLXmp4KcN5RuhgHiMqUhhsy/AeMiPg?= =?us-ascii?q?gIQ2eb4viz2Kfm/U34RLVGlvw2kq/Hv5DGPckXu6G0DgBP3osj9hqzFSmq3d?= =?us-ascii?q?sGkXUdMV5JYBeHgJLoO1HKLvD4F/C/g1G0nTdw2f/GOrzhApPQLnnMibvuZr?= =?us-ascii?q?F961NayAUv099f/IlZCq0BIf3vWk/xs8bUDhkiMwOu2ernB9J91p0GVWKVHq?= =?us-ascii?q?CZKL/SsUOP5u83IemMY4kVtyzhK/gl/fHui2Q0mV0afamv2JsYcmu4Huh4LE?= =?us-ascii?q?WDenrgmNABEX0FvgAmVuzllEWCUSJPZ3a1R6885DM7B5i6AofAXYCth7qB3C?= =?us-ascii?q?alHpBNaGBGDk2MEHjzeIWZXfcMdD+SLtVmkjweWrirU5Uh2g22tA/m17pnKf?= =?us-ascii?q?LZ+jUGup34ytd14ezTlQ019TFvDsSSzX+CQH9ukmMPXT8207h1oVZhxVebza?= =?us-ascii?q?h4n/tYGMRO6PNOVAc6M4PTwPJ+C9DzQQ/OZMmGSEyhQtm8BjExVN0xyccUY0?= =?us-ascii?q?lhA9WikgzD3y2yDrAIi7yEHoY0/7nA0Hj2IsZy12zJ1LI9j1U8RMtAK3GmjL?= =?us-ascii?q?Zl9wfPH47Jj1mZl6GyeKQd2i7N6HmMzW6Qs0FdTgFwTb/FXHAEa0vRtdT2+E?= =?us-ascii?q?XCT7q0BrQmNgtO0smCK6RQZt3ul1VGS+/pOM7CbGKph2ewGRGIy6uMbYvrfG?= =?us-ascii?q?Ud2j7QCE0AkwwK/HaGMxIyBiG7rGLEDzxuFEzvbF32/el4tny7Ulc+zxuWYE?= =?us-ascii?q?15y7q15hkViOSSSvMS2rIEvTkuqy9vEVazwd3ZFt2ApxB7c6VEe9M951VH2n?= =?us-ascii?q?zFuAxhJJCgKLpihlEGeQRto0zuzwl3CplHkcUyonMq1hB9KaSE31NAbDOVxp?= =?us-ascii?q?XwOqXWKmXr5xCuZbXW1kvZ0NaM9acF8O44pEn7vAG1Ckoi9G1q09pP3Huf4Z?= =?us-ascii?q?XKEREfUZHrXUY08Bh6uqvWYi4n54PbzXdsK7W7sife29I1A+so0gyvcMpFMK?= =?us-ascii?q?OFCgDyCdYXCNKyJ+wvgVSpaQgEPO9K/q4uI8ymb+eG2LKsPOt4gD2pl2BH75?= =?us-ascii?q?5m0kKQ9yt8TfXF340ZzPGZwASHUSv8jFa7vcztn4BLey0SFHKlySf4HI5Rer?= =?us-ascii?q?FyfYETBGe0PsK4285zh5HoW39X7lKjAU0J2NOxcxqIc1P9xRFQ1VgQoXG/gi?= =?us-ascii?q?u4wSZ0kzYyrqqDxyHO2OLidB0JO25OXmZii03gIY6qgNAGREKodRQmlAO55U?= =?us-ascii?q?bmwKhWvKp+IHPXQUdUYSf2NXpiX7CutrWcec5A844osSBNXOS7e1CaRab3ow?= =?us-ascii?q?EG3CP7A2te2Dc7eim0upX4gxN6lGWdLGxpoHXFecFwwhHf5NPHSP5V3zoGQj?= =?us-ascii?q?N3iSPQBlSmONmp59qUnY/Zsu+iT2KhSoFTcS7zwIOEtSu7/nFqDQSkn/+tnt?= =?us-ascii?q?3nEA460TL01tRxTiXItBf8Yo/q16umKuJrZE9oC0Hg68BiAIFxjpMwhI0M2X?= =?us-ascii?q?gdnpiV530HkWP3MdpFw6LxcH0NRDAQzt7O/QjqxFZjImiOx4LjWXWX2tFhaM?= =?us-ascii?q?WiYmMKxiI96NhHCKSK47xChit4uVm4ohzXYfhmmDcS1+cu5GQdg+ETtwon1j?= =?us-ascii?q?+dDawKHUlEISzskAyF78iko6VKYGagb6Cw21B4ndC9Er6CuBpRWGviepg8By?= =?us-ascii?q?9w9d9zMEnL0H3u8IHrZMffbdwUth2OnBfPkfJZKJQvmfoWnSBnI37yvWU5y+?= =?us-ascii?q?4nihxjxY+6vI6aJGh24qK5BANXNj3va8MV5D7tkb5UntyK0IC3ApVhBjILUY?= =?us-ascii?q?PwTf2yDTISse/qOBqPED0gqnaXALTfEhWZ6Et8qHLPCZ+rPWmNJHYF1dViWA?= =?us-ascii?q?WdJEtHjQAXXDQ6moA2GxuvxMzmfkd56C4e5kLkqhtMzeJoMgfwXn3ZpAi2dj?= =?us-ascii?q?c+UIKfIwZO7gFe+0fVNtST7uxpECFe4p2hqwmNJ3eVZwtWEG4JXVaECEr7Pr?= =?us-ascii?q?m04tnA8faXCfaiL/fUZrWOs+NeXe+SxZ2zyotm4yqMNsKXM3Z/E/I7301DXX?= =?us-ascii?q?ZlG8jEgDgPVTIYlzjMb8+aoxe8/Dd7rsah//T3QAjv/5eAC6NOMdVz/BC7ma?= =?us-ascii?q?mDN/SOiylkMjZXzJUMxWPPyLgEx1MdkT1hdzy3HbQHry7NQ7ramrVLAB4Ddy?= =?us-ascii?q?NzKMxI4ro63glXI8Hbksv126V2jv40EVdFTkDhms+oZcwMOW69Mk/IBEeRO7?= =?us-ascii?q?SCPzHLxNv3YaykQ71KkOpUrwGwuSqcE0L7JTuMjD7lVxSuMeFXkCGbJwZSuJ?= =?us-ascii?q?qjfRlxE2TjV8zpahm6MN9xkD03zqY5iW/KNG4GLDh8aFlBr7OK4iNEmfV/HG?= =?us-ascii?q?pB4mBiLemelCaT9/PYJYoOsft3HiR0kPpX4HI7y7tR6CFLWud1lTDIodFwuV?= =?us-ascii?q?GmlfODyj19UBpBsjxLnp6EvV1+OaXF8ZlNQW3L/BMC7WWXDRQHvMZqBcP0tK?= =?us-ascii?q?BR0NfPkrj/KDBY89Lb5cEcHdTbKNqbMHo9NhrkACTbDAQfQj61K27SnEtdkO?= =?us-ascii?q?mM+X2Tq5g1sJnsmJ4VRb9cW105DPQaCl5qHNYaOpd4QiskkaKHjM4P/Xe+sB?= =?us-ascii?q?7RRMBAspDdUfKTAOvgKDCCgrleYBsH37D4IJ8POY383kxtdkN1nJ/WG0bKW9?= =?us-ascii?q?BCvDFhZBcuoEpR6Hh+UnEz20X9ZwOv4H8SFea0nhkyigt/feQi6izh41I2Jl?= =?us-ascii?q?rWvis/jlM9mdL/gTCeaDTxNru/XZlKCyrosEg8Ko30Qx5vYg2onExkLyzJR6?= =?us-ascii?q?pLgLt6dGBrkxfcuZ9VFvFAU6JIehgQxeuYZ/8wy1RTtj2nxVNb5evCEZZikh?= =?us-ascii?q?UlfoSor39b2AJja8U1JbDKK6pP1VhQhaOOsjWu1u8v3A8UP1wN/3+KeC4UpE?= =?us-ascii?q?wIMaErJzC28ex39wONgSFDd3QMV/cxuf1q91k9NPmHzyLuy75DMF6+NuyFI6?= =?us-ascii?q?OfpWfAidaCQkks2UMQi0lF4b923N8+fEWOSUAvzaaeFw8SOMXYMwFVdc1S9X?= =?us-ascii?q?bIfSmQrerN3Ih1P4ShFuHoV+OOsrgbgl68FgYzA4sM9tgBHoWr0EzAKcfnK6?= =?us-ascii?q?QFxgsr5AXqI1WIF/tJeBSWkDsdpMG/1pB315FHJj4BGWV9LTm35rHPqw8xnv?= =?us-ascii?q?WDWNY2YnEHXooLLX85RMq6mytFsHtaFzm3zvgVyA6c4D/gvi7QFiXzb8J/ZP?= =?us-ascii?q?eIYhNhEM22+TQ686ixlV7X8pXfKnrnOtRjut7A8/gVq4yBC/xKUbl3q13clJ?= =?us-ascii?q?VAR3y2T27PFsa4KIL0a4ktcdP7FG61Ulm/ijIzSMfxOsyiI7OTjgHpX4lUtp?= =?us-ascii?q?CX3D4+NcOnEDERBQtwrfkZ5K1gfQ0Df4Y7YRnwugslKaO/JhyV3c+zTGazNz?= =?us-ascii?q?RWVeJfwv+gZ71X1SYsafW6yHQ4RJEg0+a36VINRI0NjhzG3/ajYYheXjTzGn?= =?us-ascii?q?xafwXPvjI3mXF8OOgo3uoxxwjFvkUbMzCOaONmcndEv80mCVOUP3p2FnIyR0?= =?us-ascii?q?WAgorb/g6sw7cS8jNBkNZWy+JKrGPzsYPYYDKoXKyrqIvaszA8bdc4v6JxMZ?= =?us-ascii?q?bvIsyctJPRhjbfVoXfshWZUC6mEPpXgsJQLzhCQPlPgm4oItAGuZBb5kovSM?= =?us-ascii?q?g+I71PCK8jprCuaDpkAi4SzTMXV4yaxjwCh/2w273EmReMaJ4iKgALsI1egt?= =?us-ascii?q?sBVC57ei0fqLW/WIXWlm+ET2kLLx0Q7QlX5QIPiJF/cf7/7IrPVp9MxCZco+?= =?us-ascii?q?hoXSvTCplo61z7R3mTgVfiUvWhkPKm3R5TzPLq3dkWQxB+BlJbx+lKkksoL6?= =?us-ascii?q?x3JLQLvoLQtD+Ha1/6tnr3yOS6PFlR1dHUd1rgAYrdsmr8VjcT+WcaRI9IzH?= =?us-ascii?q?HfG48fkw9+aKYsv1VDPpypelz55zw/3IRpHr+4Vc+xy1Yit3YGSD+gE8BdBO?= =?us-ascii?q?F+rFLXRDplboixp5X/JpVSRHVc+J6GpldYkUVtMjK5xoFGJ8FL/DEMQCBFoS?= =?us-ascii?q?+Bs9uqVM1Dxch2AocQItd4vnfwA79ENISUo3ItoLDvzGHW+ywkuleg2DqzA7?= =?us-ascii?q?O4T/5e/2AGGgUmPX6epVMrD+Qx6Wrd707Cskhs/+hFAriAk19xrCx6HpBUCT?= =?us-ascii?q?ZDzWqlIEhrTHlar+VaL7zYc85bQ/YsfhKgJgIxFeU40EyT4UF7g2r2bzZ0tg?= =?us-ascii?q?RE5yDXRxM0WjUNgrfxhT0erdmqOSMHRJ1VbDUudSPFJhmHliBQuRZQd1tlW4?= =?us-ascii?q?sFAtpf/bEUw5dU9NLYSUmwMSEFQABiNgUg3PVEm05MrFmUdCLAAQembvvArh?= =?us-ascii?q?p3fcKNo8GzN/T54B1LioX5v+Ak768DXWGpmRWxQdDCqI/xrseKuVWTe6f4Ke?= =?us-ascii?q?K8fWTMTDzLjRCum7goEYXF/y/OPwVFMZV6z2QrYYT5A27RIRtGP74bJ1ZcVa?= =?us-ascii?q?1icdVGufxaaNV5d6YV4qJtHRWHRg71GIOzsvZGKErTRS7EICWF6OC/ppjT7b?= =?us-ascii?q?PFQ+j6esOM32rHQ75wPppi9Tn7Aanl3pFD9Uftx/dt8l96SULcPCCfrdThIQ?= =?us-ascii?q?cL69e+dkf4uZ0pBzzWCo9qkHXx3kFAa9YXQyqy/ZQd0pxZ7HLwRvxk0kjvqu?= =?us-ascii?q?Jd7aJp6Y8p7LB10se7Ob3dKexEvkN9BBibGBlq/I03AGdjX2BRfvMRKPDJcK?= =?us-ascii?q?Qbl8/usef3F7cT6BKP5exUct7HJ1zFmsmjCzGTVR1Ekx0HqT4BNAec0OSFm6?= =?us-ascii?q?BsQ8a/uef5wl4t40S5LhMezrBi/4GE+qSSpO/QchTe06MJWrTwScP1tbQsvF?= =?us-ascii?q?me5fs6m74SYmZ1eRGoEPABVs4BwWft1a8qzT8tE8PHG7Lv5vtDWmkkkT3+gJ?= =?us-ascii?q?99Hk8ZGvUOEbqM54RekX8ym/bFOd0ObqBChmGPGAamEr8DzH6m8C6XL3dlgx?= =?us-ascii?q?7QyRHwQGWz7FDsoS9+XyTM08/pklBJWbmvGUdSQy2pNFd+sDOLJwfotdz3ua?= =?us-ascii?q?Ev4EE3NGzkusiNm3G6OLNLBc3/OcCTITUppFINkpI9XNuv2ZoUGdClOtce7G?= =?us-ascii?q?l+bufC62OsiyJBpqBHh4zC4sGa5PraBnygj6yApLWL2j9Y1nY5vVYl6tCjLf?= =?us-ascii?q?HC/duKTOq012wJVSdwpxPBXwKpqrzct10UPVeL0ELLlYERMNFWw2Q31kb85O?= =?us-ascii?q?c5WNIz7gJeFoTeaPweuTD/Ijz0wUyQY9gvTCmRzyNXHk7pEVl/AKU82WPxs9?= =?us-ascii?q?jTmnjM4FAoXZd/d1D5ihNrFYk4Llgt6FcPyCoZDQcNcQybDK2vBUn9NoQEVF?= =?us-ascii?q?MDaBqd07i4e6c3wVVzzamy5O/XduFzG60NOetDgQGUgVhbAJUWsbcET75mfF?= =?us-ascii?q?9d7qHXrBD4C4f7R/jmiWYwNfqtT8BC688Zq2ct4gaxRhqn85dD7K8XiIuWea?= =?us-ascii?q?5AYJjMut187kh86D4XbCNNnARwjxO3UOAbvuDj4cLXsJm25ea0UqYiWeEX+w?= =?us-ascii?q?IzB2RkgJv6mEojrs3P1+dAVo3Vjpzy8A9XLH6Qponazxl8JPEKK4KqYLZv6X?= =?us-ascii?q?UHKDIDJ3IVJ9aWbecz4zN1OjXJ+1NCGt8MZc8fPMfVlgBblEvpWK1U9srcHV?= =?us-ascii?q?OYEJl8d8Qp72rx1TA0/oAxUuL+5z+sJZHQ9UtBP/VdgyVwjNjCvvQaweLOCC?= =?us-ascii?q?gL5nmUcx51wiKexJmKD/b/5/6MxMvVV1MBGS42SJxdKSGH+QGoSeu5jpLpUh?= =?us-ascii?q?mb6sXrmpIxaFqQRmCtnKQCqqtMHvJPij7g3jRHC477iPSbs9uq6GtKuVxKC4?= =?us-ascii?q?lz7RjfF6VZIJp3IxP4ltOkRkJkHCvwZNnUdgYyuOqR3uoM4eJ+N0v4ZYMBPh?= =?us-ascii?q?0Ey7b66WdIQQpvSb72uE2ZXeEQZNZ9VvPEr25V5phkK6ASPViRvprqoSlUqF?= =?us-ascii?q?ouGg8mdKcwriBGdknJhABVWrj0t6QGigYHVd55pFJDGWO3OGIl/TbHUr5VjK?= =?us-ascii?q?aJAvwP7jqTVrAOU1lvMi5mQRO6xptue7Wtnf1cvGJJhCV9r+Y20zB8Qhuzpz?= =?us-ascii?q?HsrboX2T084LG4qCkBuXtdQ+WRlyfIDltCw+oOjacYEHvi8lu8YH8CbITu+r?= =?us-ascii?q?VnI9rv9ZU56XQlfRojZzEGXfinCyzoiqOIA4+PsNFbhBOWusXBd7yzLS8UNr?= =?us-ascii?q?sjzxLvXX593RbCnBxw6msEXi2g7MM4JIW6Icsq3TSnGW7HdFsX+aNJtMzxtU?= =?us-ascii?q?IXTOsod1xu3X9v0s+dRi0CXMbPAXo6jhA4aWVYd5JO8REaGLcsgjaJpqlJ4B?= =?us-ascii?q?oZYTbVEoSg/4nfg93I2X0jQttwwWLWvKKFjIsw0HJ5g9N08jKOuHMKeu3WS8?= =?us-ascii?q?9sGHnz2ZtBxuHlYvWts/wHSJF4x7i7V/8CKMaj83Os2Jp2Qk+l2qgeH12hPe?= =?us-ascii?q?8EwrfUTTyoSXWcWeuRaGiMgzc5PVLu5RmyMFI4dt1Gr0kjPevenpRcjRHuUa?= =?us-ascii?q?toRiWMol/W1GgjMeIcdwIrt4arYggKTO8KZ+iAPugj2/w+B0EKb3/OByd2DP?= =?us-ascii?q?W2sVG1lohhJ3pg+Vn6Yfjq8g3+NdudAAULEY7brp53/vy3XXyBOX5mzBJsOE?= =?us-ascii?q?l09uHfF0k+t+NGdJaRh9fQjcxh0eEZb/dtLTE9utkLl4Jh84aU08CKfgrKw5?= =?us-ascii?q?bvI9HVvviYA/rCz0QlemFaTqAVYQXr6IUmJtQ5QaHcHaNFvRQAAqg3WJ4hN2?= =?us-ascii?q?L29KFuNgNzcxXRaa+ygsbwo+KEeJpUq2XR7lIqIyfWowcDxeCsTQxnc5CqgG?= =?us-ascii?q?3/IIs+RjJEs9JgCxhrEZBRG8wetQqnAp+VmKa9i9Or/UN1pfMK4uLMDaXR2d?= =?us-ascii?q?C42Zhhd4RL7kyMejDKDe9khVo2oP61h6Lk24TrBMX+MfkFW+99XG/BbrKOSo?= =?us-ascii?q?++JTWIEs7xcU9P9fibyr0vAUbZXzzwQ6fT7H7sD/5j+0huj9UgJrCBxSEx77?= =?us-ascii?q?zdxNr5bn1aoSHmt3OSKZ9D9wORV9H1eDYPYsKsqTwjEKASdoSy8e4PNZonwd?= =?us-ascii?q?zPhms74DdD1Z6DJK6s5g/J11lgfJ3WZE3ux24iWIYMLRj+eUshiGPUsDLcVH?= =?us-ascii?q?JbKMWp?= X-IPAS-Result: =?us-ascii?q?A2DrAgDbSLJa/wHyM5BdHAEBAQQBAQoBAYMSKANhcCiDX?= =?us-ascii?q?Id/X4wtSQZ5gTmTKIF+FhgBCoRdAwKDVCE0GAECAQEBAQEBAgFqKII4JIJJA?= =?us-ascii?q?QMEAiBZAwkCDgEMAwECJwQCAgMBSxsGAgEBAYMygUoNAwEBCqo1giAghDmDc?= =?us-ascii?q?IF/CgWHQ4ELgQiBDiKFewQZgWaCYYJUA4dBBwaGHIpRCYNbgjOCZYY7BoJwg?= =?us-ascii?q?gmDHIUbiTOHA4EkAhw4gVJ9CDqCQ1+BQhh7AQIGjRNvAY9tAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 21 Mar 2018 12:00:50 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w2LC0gMe021332; Wed, 21 Mar 2018 08:00:45 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w2LC0ZHJ181640 for ; Wed, 21 Mar 2018 08:00:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w2LC0dKL021330 for ; Wed, 21 Mar 2018 08:00:39 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BAAACaSLJalywYGNZdHQEBBQELAYMSK?= =?us-ascii?q?GRwKINch39fjC1JBnmBOZMoggkLI4Rig1QhNBgBAgEBAQEBAQITAQEBAQEGGAa?= =?us-ascii?q?FfAEpdQEMAwECKwJRGwYCAQGDM4FKEAEBCptYjl2CICCEOYNwgX8KBYdDgQuBC?= =?us-ascii?q?IEOIoV7BBmBZoJhglQDh0EHBoYcilEJg1uCM4JlhjsGgnCCCYMchRuJM4cDgSQ?= =?us-ascii?q?CHIIKfQg6gkNfgUIOCnsBAgaNE28Bj20BAQ?= X-IPAS-Result: =?us-ascii?q?A1BAAACaSLJalywYGNZdHQEBBQELAYMSKGRwKINch39fjC1?= =?us-ascii?q?JBnmBOZMoggkLI4Rig1QhNBgBAgEBAQEBAQITAQEBAQEGGAaFfAEpdQEMAwECK?= =?us-ascii?q?wJRGwYCAQGDM4FKEAEBCptYjl2CICCEOYNwgX8KBYdDgQuBCIEOIoV7BBmBZoJ?= =?us-ascii?q?hglQDh0EHBoYcilEJg1uCM4JlhjsGgnCCCYMchRuJM4cDgSQCHIIKfQg6gkNfg?= =?us-ascii?q?UIOCnsBAgaNE28Bj20BAQ?= X-IronPort-AV: E=Sophos;i="5.48,340,1517893200"; d="scan'208,217,223";a="231126" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 21 Mar 2018 08:00:36 -0400 X-Attachment-Exists: TRUE IronPort-PHdr: =?us-ascii?q?9a23=3A1CDfBh1zqougI9vNsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8Zse0QLfad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vz?= =?us-ascii?q?a/4KdxUBLmlTkJOT46/m/ZhMN/g75UrQmkpxBj2YPZep2ZOfR8c67bYNgURX?= =?us-ascii?q?BBXsFUVyFZBI2zdZYPD/AfMuZes4n2ukYDrRqxBQmrAuPv1D5Ihnvy3aIkzu?= =?us-ascii?q?8sFhrJ3A0vH9IJtnTZt8j6O7kJXuC01qbIyy/Pb/RM2Tfy8YXFdA0qr/+LXb?= =?us-ascii?q?J1a8XRyE8vGhvLjlWKt4PqIS6a2foWs2iY8+pgUvqvh3QgqwFrrTiiwNonhI?= =?us-ascii?q?rRho8N1FzI6Cp0zJwrKdC3UkJ3f9GpHIFfuiyVL4d6X8cvTm9ytCs6xLAKo4?= =?us-ascii?q?C3cSYJxZg92RLTd+GLfo6V6Rz5TumROy13hHd9dbK/mRmy9U+gx/XyWcSqyV?= =?us-ascii?q?hEqCRIn8fWuH0RyxDe69KLReVj8UekwjaP2Brf6uReLkA1karXMZshwr80lp?= =?us-ascii?q?YLsETDGDH5mFnugaOIa0kp9fKk5/rob7n8uJOROJV4hw7xP6g2n8ywG+U4Mg?= =?us-ascii?q?wAX2iB/uS80aXu8lb4QLVFif02lLLUv43EKssAp662GQlV3pwk6xalADeqyM?= =?us-ascii?q?4YkmUfLFJZZBKHiJDkO0rQL/D8DPe/hUmskThwyvDaPrzuHpXNLn/ZnLfnZr?= =?us-ascii?q?Zy8VRQyAU0zdBBtNpoDeQaLfbyXFLhnMDJBR8+dQqvyqDoD8su+JkZXDerC7?= =?us-ascii?q?KDPaXO+XWJ6eUpPeiIYIJd7Dz8JP8jz/Ljh34wnxkaZ6b/jshfU2yxAvkzex?= =?us-ascii?q?bRWnHrmNpUST1Q7AMjUOznjkGDWjdPZnG0Grgx/Sw/FJn5VNX+baeJ25e59X?= =?us-ascii?q?7hWJBbY3tJTFWFEHOucoSACL8AayOXd8lmlDFMFb2sUJQo2hzmsgjmg6FmIe?= =?us-ascii?q?zZ9mxQtZ/q2NVvoeyGkxY0+DE=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BAAADHSLJalywYGNZdHQEBBQELAYM?= =?us-ascii?q?SKGRwKINch39fjC1JBnmBOZMoggkLI4Rig1QhNBgBAgEBAQEBAQIBEgEBAQE?= =?us-ascii?q?BBhgGV4I4IoJLASl1AQwDAQIrAlEbBgIBAYMzgUoQAQEKm1iOXYIgIIQ5g3C?= =?us-ascii?q?BfwoFh0OBC4EIgQ4ihXsEGYFmgmGCVAOHQQcGhhyKUQmDW4IzgmWGOwaCcII?= =?us-ascii?q?JgxyFG4kzhwOBJAIcggp9CDqCQ1+BQg4KewECBo0TbwGPbQEB?= X-IPAS-Result: =?us-ascii?q?A0BAAADHSLJalywYGNZdHQEBBQELAYMSKGRwKINch39fj?= =?us-ascii?q?C1JBnmBOZMoggkLI4Rig1QhNBgBAgEBAQEBAQIBEgEBAQEBBhgGV4I4IoJLA?= =?us-ascii?q?Sl1AQwDAQIrAlEbBgIBAYMzgUoQAQEKm1iOXYIgIIQ5g3CBfwoFh0OBC4EIg?= =?us-ascii?q?Q4ihXsEGYFmgmGCVAOHQQcGhhyKUQmDW4IzgmWGOwaCcIIJgxyFG4kzhwOBJ?= =?us-ascii?q?AIcggp9CDqCQ1+BQg4KewECBo0TbwGPbQEB?= X-IronPort-AV: E=Sophos;i="5.48,340,1517875200"; d="scan'208,217,223";a="10923880" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa06.eemsg.mail.mil ([214.24.24.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 21 Mar 2018 12:00:35 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;c8d82f87-2325-4c38-8ee9-fa2086e144a4 Authentication-Results: UCOL3CPA12.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 12010690|UCOL3CPA12_EEMSG_MP27.csd.disa.mil X-EEMSG-Attachment-filename: 0001-Stop-using-avc_init-which-is-deprecated.patch, 0002-Stop-using-selinux_set_mapping-function.patch X-EEMSG-Attachment-filesize: 11652, 4646 X-EEMSG-check-001: true X-EEMSG-SBRS: None X-EEMSG-ORIG-IP: 91.121.173.99 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AvAwAgSLJa/2OteVtdHAEBAQQBAQoBAYMSK2FwKINch39fjC1JBnk4gQGTKIIJCxMQhGKDVCE0GAECAQEBAQEBAmsohSUBKXUBDAMBAisCURsGAgEBgzOBShEBCqozgiAghDmDcIF/CgWHQ4ELgQiBDiKFewQZgWaCYYJUA4dBBwaGHIpRCYNbgjOCZYY7BoJwggmDHIUbiTOHA4EkAhw4gVJ9CDqCQ1+BQhh7AQIGjRNvAY9tAQE X-IPAS-Result: A0AvAwAgSLJa/2OteVtdHAEBAQQBAQoBAYMSK2FwKINch39fjC1JBnk4gQGTKIIJCxMQhGKDVCE0GAECAQEBAQEBAmsohSUBKXUBDAMBAisCURsGAgEBgzOBShEBCqozgiAghDmDcIF/CgWHQ4ELgQiBDiKFewQZgWaCYYJUA4dBBwaGHIpRCYNbgjOCZYY7BoJwggmDHIUbiTOHA4EkAhw4gVJ9CDqCQ1+BQhh7AQIGjRNvAY9tAQE Received: from anor.bigon.be ([91.121.173.99]) by UCOL3CPA12.eemsg.mail.mil with ESMTP; 21 Mar 2018 12:00:30 +0000 Received: from anor.bigon.be (localhost.localdomain [127.0.0.1]) by anor.bigon.be (Postfix) with ESMTP id 1A1CC1A275 for ; Wed, 21 Mar 2018 12:58:27 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at bigon.be Received: from anor.bigon.be ([127.0.0.1]) by anor.bigon.be (anor.bigon.be [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5SbgZPkXDS6o for ; Wed, 21 Mar 2018 12:58:03 +0100 (CET) Received: from [10.20.225.173] (unknown [193.53.238.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: bigon) by anor.bigon.be (Postfix) with ESMTPSA id E3E051A052 for ; Wed, 21 Mar 2018 12:58:02 +0100 (CET) To: selinux@tycho.nsa.gov X-EEMSG-check-009: 444-444 From: Laurent Bigonville Message-ID: <9dc38544-b297-741e-dd7e-e09778a0baf3@debian.org> Date: Wed, 21 Mar 2018 12:58:02 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Language: en-US Subject: dbus-daemon patches review X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Hello, Could somebody have a quick look at the two patches that I opened for two dbus bugs: https://bugs.freedesktop.org/show_bug.cgi?id=92831 (stop using avc_init()) https://bugs.freedesktop.org/attachment.cgi?id=138021 (stop using selinux_set_mapping()) I'm also wondering whether the call to avc_add_callback() shouldn't be replaced by selinux_set_callback(), an opinion on this? Kind regards, Laurent Bigonville From 94889d438c81f001d4716d11df8a55a3706e45b0 Mon Sep 17 00:00:00 2001 From: Laurent Bigonville Date: Sat, 3 Mar 2018 11:15:23 +0100 Subject: [PATCH 2/2] Stop using selinux_set_mapping() function Currently, if the "dbus" security class or the associated AV doesn't exist, dbus-daemon fails to initialize and exits immediately. Also the security classes or access vector cannot be reordered in the policy. This can be a problem for people developping their own policy or trying to access a machine where, for some reasons, there is not policy defined at all. The code here copy the behaviour of the selinux_check_access() function. We cannot use this function here as it doesn't allow us to define a cache. https://bugs.freedesktop.org/show_bug.cgi?id=105330 --- bus/selinux.c | 75 ++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 43 insertions(+), 32 deletions(-) diff --git a/bus/selinux.c b/bus/selinux.c index f0ddfa11..7cde0537 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -236,24 +236,6 @@ bus_selinux_pre_init (void) #endif } -/* - * Private Flask definitions; the order of these constants must - * exactly match that of the structure array below! - */ -/* security dbus class constants */ -#define SECCLASS_DBUS 1 - -/* dbus's per access vector constants */ -#define DBUS__ACQUIRE_SVC 1 -#define DBUS__SEND_MSG 2 - -#ifdef HAVE_SELINUX -static struct security_class_mapping dbus_map[] = { - { "dbus", { "acquire_svc", "send_msg", NULL } }, - { NULL } -}; -#endif /* HAVE_SELINUX */ - /** * Establish dynamic object class and permission mapping and * initialize the user space access vector cache (AVC) for D-Bus and set up @@ -275,13 +257,6 @@ bus_selinux_full_init (BusContext *context, DBusError *error) _dbus_verbose ("SELinux is enabled in this kernel.\n"); - if (selinux_set_mapping (dbus_map) < 0) - { - _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).", - strerror (errno)); - return FALSE; - } - avc_entry_ref_init (&aeref); if (avc_open (NULL, 0) < 0) { @@ -398,19 +373,55 @@ error: static dbus_bool_t bus_selinux_check (BusSELinuxID *sender_sid, BusSELinuxID *override_sid, - security_class_t target_class, - access_vector_t requested, + const char *target_class, + const char *requested, DBusString *auxdata) { + int saved_errno; + security_class_t security_class; + access_vector_t requested_access; + if (!selinux_enabled) return TRUE; + security_class = string_to_security_class (target_class); + if (security_class == 0) + { + saved_errno = errno; + _dbus_warn ("Error getting security class \"%s\": %s", + target_class, _dbus_strerror (errno)); + log_callback (SELINUX_ERROR, "Unknown class %s", target_class); + if (security_deny_unknown () == 0) + { + return TRUE; + } + + errno = saved_errno; + return FALSE; + } + + requested_access = string_to_av_perm (security_class, requested); + if (requested_access == 0) + { + saved_errno = errno; + _dbus_warn ("Error getting access vector \"%s\": %s", + requested, _dbus_strerror (errno)); + log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class); + if (security_deny_unknown () == 0) + { + return TRUE; + } + + errno = saved_errno; + return FALSE; + } + /* Make the security check. AVC checks enforcing mode here as well. */ if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), override_sid ? SELINUX_SID_FROM_BUS (override_sid) : bus_sid, - target_class, requested, &aeref, auxdata) < 0) + security_class, requested_access, &aeref, auxdata) < 0) { switch (errno) { @@ -477,8 +488,8 @@ bus_selinux_allows_acquire_service (DBusConnection *connection, ret = bus_selinux_check (connection_sid, service_sid, - SECCLASS_DBUS, - DBUS__ACQUIRE_SVC, + "dbus", + "acquire_svc", &auxdata); _dbus_string_free (&auxdata); @@ -606,8 +617,8 @@ bus_selinux_allows_send (DBusConnection *sender, ret = bus_selinux_check (sender_sid, recipient_sid, - SECCLASS_DBUS, - DBUS__SEND_MSG, + "dbus", + "send_msg", &auxdata); _dbus_string_free (&auxdata); -- 2.16.2