From patchwork Thu May 10 16:05:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 10392045 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 72EC76053D for ; Thu, 10 May 2018 16:06:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 613262236A for ; Thu, 10 May 2018 16:06:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5375F28BC3; Thu, 10 May 2018 16:06:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from upbd19pa07.eemsg.mail.mil (upbd19pa07.eemsg.mail.mil [214.24.27.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37AF02236A for ; Thu, 10 May 2018 16:06:14 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa07.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 10 May 2018 16:06:12 +0000 X-IronPort-AV: E=Sophos;i="5.49,385,1520899200"; d="scan'208";a="13143108" IronPort-PHdr: =?us-ascii?q?9a23=3AmdsaXx2jcT4iGto9smDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8Zse8QLPTxwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3?= =?us-ascii?q?RHUMhfSidNBpqwY5YTA+YEO+tTsovzqEYUrRamBAmjBu3vxD9GiHH1w6M1z/?= =?us-ascii?q?kvERnE0QA9Ed8Brm/Uoc7pNKsOS+250LXEwSnBYv5QxDzz6JLIchckofyUR7?= =?us-ascii?q?x/a9fRyU0yHA3CiVWQrpblMC2I3ekKq2iU9fdgVea0hm4/sQ5xvzyvyt4pio?= =?us-ascii?q?nOgYIV0E7L+T9lz4YyIN21UUh2asOqHptXsiGVLYp2QsU6TmFwoik617kGtY?= =?us-ascii?q?e+fCgNz5Qn3QDQZ+abfIiP5xLuUvuaLzRghH99Zb6yiBm//VKgx+HhTMW4zl?= =?us-ascii?q?lHojRfntXRrnwA1h/e5tKaRvZ//EqtwyuD2x7X5+1ePEw5lqXWJ4Y/zrIskp?= =?us-ascii?q?cfq0fOEy/slEnokaObdl8o9+i05+nhf77ovIWTN5VuhQH7Kqkun8u/DvkmPQ?= =?us-ascii?q?UWRGib/Pi81KXk/U3kXLVGlv02nbfdsJDdPckburS2AxVU0oY+8BazFSum0d?= =?us-ascii?q?QEknkHK1JJYhSHgJTyO17SOvz4CPa/g1C0nDdqwfDJIKHhD43QInXMn7rtZ7?= =?us-ascii?q?Zw51NGxAYtwt1T+YhYBqwZLPL2QEDxtdjYDhEjMwyzxubqEM592Z0aWWKOBK?= =?us-ascii?q?+ZLazTvUaT6eIoPumMYpMatyjmK/U++/7vjWM2mV8afaWz25sXc2q3Eu5pI0?= =?us-ascii?q?Wef3rgms0BHnsSvgoiUOzqj0WPUTxUZ3a0Ra08+jE7B5igDYrYRICth7qB3C?= =?us-ascii?q?KhEZ1NemBJFEqMEWzye4WDQfcMZzqYItV9nTwcSbihV4gh2AmstA/40bVoMu?= =?us-ascii?q?nU+jYftZLl1dh1+fbelR829TxpAMWSyHyNT2donmMVXTM227p/oUNlwFeZza?= =?us-ascii?q?d4m+BYFcBU5/5RXAY6NJrcz+lkBNDoQQ/BcMmGR0uhQtW8Gz4xVsgxw9gMY0?= =?us-ascii?q?ljB9qikgrP3y2wA78aj7aLHoA78rrA33jtIMZw02vJ27Ukj1khRMtPKXCqi7?= =?us-ascii?q?Vh9wfNHY7JkkSYl6GsdagG2i7C6nuDx3KUvE5ESA5wTbnFXXcHa0TLsdT2/F?= =?us-ascii?q?nCQqSyBrQgNwtO1dSNKrBWatHzi1VJWuvjMszEY22tg2ewGQqIxrSUYYvqem?= =?us-ascii?q?Qd2yPdBVMBkwAX5HqGNA4+Cj2no23EFjxuFlPvY13y/uVkrnO0UFM0xRmQb0?= =?us-ascii?q?J9z7q15gIVhfuERvMdxLILoiEhpCl1HFamxN/WDsKApwt4cKVHb9I9+01L1W?= =?us-ascii?q?XDtwxyJpagNbxthkYCcwRruEPjzxZ3BZ9DkcgtsXMn1wlyJrib0FNGajOUx5?= =?us-ascii?q?fwOqfYKmPq5hCgd7bW2k3C0NaR4qoA8uk3q0/ivA63DEov6G9o3MVQ03eG4Z?= =?us-ascii?q?XKFgUSW4rrUkkr7xh6u63aYi4l6oPOyHJjLLK5sjDH29MmHuclzAivf8tHOq?= =?us-ascii?q?OeCADyC9EaB9SpKOEygFipYAgEPOdJ9K4oJM6mbP2G2KmlPeZlhj2mi35L4I?= =?us-ascii?q?Zj3UKQ7yB8UPLH344Zw/GE2QuKTzn9g02lssDrh49EfyoSE3GhySf6Ho5efb?= =?us-ascii?q?ByfYMRBWepOc23yc10h4TxVH5A6F6jG1QG1deveRqTa1z92RNf1V8MrHO9hy?= =?us-ascii?q?S41Tt0nysurqqF0yzE2/7iewYfOm5XWGliik/hIZa1j98GQEioaBIpmAG56k?= =?us-ascii?q?b6wKhboqt/InLXQUdJeSj5NXtiUqyqurqFec5P54sisT9LX+SkfVCaVrn9rg?= =?us-ascii?q?Me0yPiBGte2Ck3dyq0tZX9nhx6jn+dLXlooXrCYcFwxBHf5N3ASv5KxDYGQj?= =?us-ascii?q?d3iSXPDFimI9ap5cmUl4vEsu2mTWKhUZlTcS31woOaqCS74mNrDAakn/Cuht?= =?us-ascii?q?LnChI20Sjh19llTS/ItgrzYpH316SmNuJqZkpoC0H668phAYx+kZU/hJcL2X?= =?us-ascii?q?gcmJqV4WALkWDpMdVUwaj+dmYCRSYXw97J5wjowFVjIWiUx4L9SHqd2tFuZ9?= =?us-ascii?q?+mYmwIwCIw9N1KCLyK47xehit5uEG4rQXMYfhngjgS1/Uu6HkAg+EGpgUh1C?= =?us-ascii?q?OdDa4OHUNAJyzjiwyI78yirKVQfGuvb76w21dlkNC/CrGNvwFcVGz/epg8AS?= =?us-ascii?q?969t9/P07U0H3v9oHkf8HdbcoJuR2JlxfNlPRaKJMtlvsKnCZnN3jyvXs/x+?= =?us-ascii?q?48lxxu0omwvJKbJGV14KK5HhlYOyX7Z8wJ/DHtkaFensON0oChAJpuBzILXI?= =?us-ascii?q?HyQvKwCjISsvbnOBiSHz0gsHubHqDfHQCH4kd8s33PC4yrN22QJHQByNVtXh?= =?us-ascii?q?2dJEhBjwAIQDU1hIQ2GxusxMP/bEd5/Swe6UTgqhRS0O5oMQfwUnvHrgeydj?= =?us-ascii?q?g0UISfLAZR7gxa6UfVK9KR4f9oHy5C+J2hsAuNKneAagtSEW4JX1aIB1f5Pr?= =?us-ascii?q?mh/dPA6fSXBvKiL/vSZrWDsepeV+2SypK3yotr5DiMNsSVPnl5E/071EtDXX?= =?us-ascii?q?ZjFMTfhzoPSjYYlybXY86cvhe89TV9rtqj//TzRALv+YyPBqNKMdpx4B+5n6?= =?us-ascii?q?GDN++MhCZ+MjtY140DymHWx7QF214SkS5ufSG3EbscrS7NUL7QmqhPAhEAcC?= =?us-ascii?q?x/M89I76Mn3glRIs7XkMj12aBkgfIvEFdKS1jhmsCvZcwXLGCwL0/IBUaRNL?= =?us-ascii?q?SbPj3H2c/2brmgSb1Li+VUsQe8uTGBE0/sJj6DjSXmVwizMeFQiyGWJAdRuI?= =?us-ascii?q?CychZqD2juV8/pZQOgP992lzI2x6c4hnTQNW4TKTJ8aV9CrqWM7SNEhfVyA3?= =?us-ascii?q?ZO7nV/IumahSmU9O7YKo4IvvttByR7jeNa4HAhxLtS4yBIXvt1mDHdrtR2uV?= =?us-ascii?q?GpjvGPyiZ7UBpJsjtLmIWLvUB4NaXD8ZlBWGjL/BQW4mWKDBQFudhlB8bztK?= =?us-ascii?q?BXz9jAiLj8KCxe897O+8sTGdTUItqdMHU9KRrpBCLUDAwdQD6pNWHeh1RdkP?= =?us-ascii?q?aW9n2Uspg1tIPhmJ8PSr9HTlw6COkWCkN/HNwNOJ13RC8rkaaHjM4U4nqztB?= =?us-ascii?q?rRRcVevp/ZTf+SBPLvKDiXjbZaexsI3bP4LYMWNoLlwUBibEd1nJjSEUrKQd?= =?us-ascii?q?9NujFhbhMzoEhV9nhxUHc820b+ZwOu538TDuK0kQQwigtlYuQt9S3g41EpKV?= =?us-ascii?q?rWvCEwilU+mc35gTCNdz78NL2wUp9NCyXqrUcxKI/0QwZuYAKpnExkLirLR7?= =?us-ascii?q?Vfj7t4b2Bklg/dtYFJGfFCUa1OeAUQyu2PZ/U0zVRcrT2qylJA5evDD5ttiR?= =?us-ascii?q?UlcZqtr39bwQ1scsQ1JavKKKpO1FhQibqEvjW02eAp3A8eO0EN/XuPdyESpk?= =?us-ascii?q?wIN6QpJzGz8+N28wyCgTxDeWYXV/U0vv1q61k9O+WczyPgybJDLF6+N/CHJa?= =?us-ascii?q?ODp2fAjdKIQk831k4Qk0lF+qJ23tklc0uVUEAi17SRFxIUNcbYLgFVdcVS/m?= =?us-ascii?q?DJfSmSqeXN3Y51P4KlG+DzU+COsKcUgkS5HAcmBIkD8sMBHpyw307CNsfnMK?= =?us-ascii?q?QJyRMz6wT3PF+FFuhGeAqXkDcbpMGy1IN33YhYJjEaHWV9MSW2663KqQ8rgP?= =?us-ascii?q?uMRsw5bm0cXoQaKnI8QNe6lDJBv3RcEDm31foUxxKG7z/9uivfEiHzb99jZf?= =?us-ascii?q?eSYhNsDsu59C4k/Ki3k1HX9IzSJ2/nNdh4vN/A9/8arY6dC/xIVbl9r1vcm4?= =?us-ascii?q?5ASnOxTWHPF8W4KILtZIkyc9P0EG26XUalizM1VcvxO8ytLqeQiwHyWYlUqJ?= =?us-ascii?q?Wb3CwkNcKlGTEeBhZwp+UH5K1iYA0OeIc0bgDzuAQ/LaO/Jh2U0tK0Q2aiMT?= =?us-ascii?q?FWVeVQzf2mZ7xLyCohdvW6yH0hTp4mz+m39koNRIoSgB/H2PitfZVTXy/oF3?= =?us-ascii?q?NBfAXPoDY2mHJ6NuYu2Os/xg3HsUUEOTCRaONpcHBEv807BV6KO3V5EHA4R1?= =?us-ascii?q?iHgofY/g6sxaod/zVDkNZQ0O1Ftnf+vpveYDKjWKyrtZvVvDA6bdgjuaFxN5?= =?us-ascii?q?LsIteevpPEgjPfVIXQshGCUCOiGftWgMRfICJZQPlNmGEqI88GtJFA6UUvSM?= =?us-ascii?q?gxOaZDCK42prClcTBkFzIdzTcFV4Oc2zwPmuK81KHAlheTbpsiLB0EsJNNgt?= =?us-ascii?q?YGXS95eCUeq7OnV4XRim+LV3MLLB0V7QtS+AIKjpVwcfz94IrUUJ9MzCZbrO?= =?us-ascii?q?huUivWEJlk7Vj7R3qXgVj5SfWhj/em0RhUzP3yztkRQAR/BlRFx+ZKiksoL6?= =?us-ascii?q?l6K6gWvo7WrDCIcV31vGfzx+u6PllQydbZd1rgDIXbs2r8VzcT+XwQRYBUz3?= =?us-ascii?q?HeGo4ekw1jaKYkvF9MOpypel7i5zw4wIRkB6W4Vceux1s+sXYKWyKqHMFbB+?= =?us-ascii?q?Fgrl3XRCVvY4q3p5X9J5VSXmhQ9YWdq1hDikViKSq5xodHJs5Q/DEMRCBPri?= =?us-ascii?q?uZvNSsUs1Pw8h2D4UDIt1noXfyBLtEOISNo30xorHvyHjZ9C4nvVin2jqzAL?= =?us-ascii?q?G3T/hF/2IABwolPWKepVczD+E06Gfd7kjNskxo/+dcHrWPkVh+ryt8Hp9UAj?= =?us-ascii?q?ZEzmyqL1N2THZaqepaM7jVf9ZaQ/YseR+lIwY+GuI+30yV4UF0mm/0bDd8tg?= =?us-ascii?q?RG5yzQXRQ4WCcOj7jxnj0er92oNiUBS5JUdzkhaTnKKx6DkyBNoBlfc11qW4?= =?us-ascii?q?weAttd4bEUw5Zb/srYRkawMiwFWBtiNhwm3vZBiUFDt1iXdj7HAQqua/nPrg?= =?us-ascii?q?V9fd2No86xMPT54ABHh5v/sOAj66UMXWCpmRG2TNDFqI/8q8eKuVeQe6f+L+?= =?us-ascii?q?28e2XOTDzWgRC3n7ckAIHA/zLPPwpDN5l61X0kbID9CW7RIxtJOb8UKlFGVa?= =?us-ascii?q?B+ddVGuPpVZ9FleKYO/a9iGA6HSgnoGIy1o/lMNkzTSijGLyWd7uy/ppre7b?= =?us-ascii?q?7HRuj6YcyM3HLHTLhpPpph7Dn7BrPq0ZNf+kXq2/di7EV6SUPcPyCGttThKR?= =?us-ascii?q?sB5NO+eUv6op0pATTWDY9ykHX3wEFAedAXQyq3/5sG055Z9Gz/SeRj0kj0qu?= =?us-ascii?q?FS8adr6ZUv6bBz1ci0PbvSKehdsUJ/BBiUAh5n9pQrAGh6XWxRY+kRKPnLfa?= =?us-ascii?q?sDlsDut/r3F7EL5x2J5uxZc8XIK1vGmsmlBTGWUQZEkxsZqT4GMguc0OaIm6?= =?us-ascii?q?l1Scm5ouj53lgi40OkIh4Hy7Bt4pyE+rGTqe/SYBbQwqIIWq/wRsP8tr4soV?= =?us-ascii?q?+d5eU4lL4SfWx4exGoH/IZVsED3Wfg0aArzSU3HsPYA73g+eBMV3QlnjLhgZ?= =?us-ascii?q?9xBVMWFe0IHbCT54RRgn84m/DFNt0Raq1Cnn2PFRukH7IZx36k9TaYIG5/gh?= =?us-ascii?q?7UyxHwW2Sz7F3ooiBkXSvA1dDjklBaVrOvH0ddQzKpOVNksDOIJAfottv3ua?= =?us-ascii?q?Eu4UEzLGPltMyClHGgOLNREM3zPtqcLjcopFgPlp0+WsSv2ZwHGdq6ONoR8X?= =?us-ascii?q?B/YeHE5Gy3iCJBuLlIh5bA7c6J4PnXGmOgj6KCobWX2D9Y0mQ4vU046t24Lf?= =?us-ascii?q?7O5saKQvqy2GYTTid/pxPBUASoqrzftF0bJUuL31rVl4MQI9FZx3441lv86+?= =?us-ascii?q?Q5R9Iz7gpeHJ7aZ/wevTDzJCf0wVGHbtIvTCaezydYHlL7EFl/Aqg823v8vN?= =?us-ascii?q?nXmnfU+l0oQJRwdkP8iBxvFYo4NV4i6FgZwyoECwgNagqXDLK2CkT/K4sLS0?= =?us-ascii?q?wDZQ6A3Ligdac9xVdzza+35O/Pcex8ALIANvlHgQ6UgldbBpIWvLYaQLJ9Z1?= =?us-ascii?q?9S6q7XqRL/C4j8RfTmk2Q/NeGtSMBA7c8Zr2ci4hq4Rxe45pdM8bAbiIyPdq?= =?us-ascii?q?5DZpTMp95z70Nm5T4JayxMjwNyjxenXuAGpOHs+MLXsJy25eayTKwtXfkY9w?= =?us-ascii?q?AoB2RiiJv9mEwsodPN2OhAUYDalYP/8ARJI36LponayQV8JvQSJIKrZrpg8G?= =?us-ascii?q?8HJycGLXIUIdWWc+U84zNqMDjL4lxCBcUMZc8XPMXTgg1Uj0zpV6tV9sXFBl?= =?us-ascii?q?+ZBYBzd9or72rs0jw194UzUvr44j+sOZ/f901NP+9EjCh0m9LNuPMVweHLBC?= =?us-ascii?q?YK7neXbRl1wiWfy5iCEPvw8uCMx8vSV1wYBCI2VJ1dJDWa8wy9WuW1jInpUh?= =?us-ascii?q?+T6sLrgpI+c0KQRnqrkKsZsqZMFfNAhTj63zhfEID1nPGVs9u35WtJt11HDp?= =?us-ascii?q?x87RnYF6VeJJl7Pwr3ltWzTEhmGiT/YN3UdgYpuOeOx+cM/f9xN03laI8fPx?= =?us-ascii?q?IL1rP66X1OTgd0T772pFmZV/oLZNR6UPPEsmxV6YV4Jq8NIledqpLqrjNTpV?= =?us-ascii?q?E4GgApbqE/riBAeknIggJVR77+uKQchQsETd55pUhMFHq/OGI64DrGW7pajK?= =?us-ascii?q?2VCPEO6TWTSaoOU0R0PS9kRRO6xolucaOznf9bqmNGgj99oP8y3jxjRRu8ui?= =?us-ascii?q?7sp6UW1DIi4r64tzIBuXpbQeWYiSvID0tMzOgSh6cGF3ni8UC8YGUEbIbq+7?= =?us-ascii?q?ZoO8Lg9ZU67nQkZRUjeDEGXfi+Cy7ukqyEGIuPsMhThBSVosXBcaezLTQONr?= =?us-ascii?q?Q60R/jX3990gzEkxZy/moLRTGg7NE/KYW4PsYlwTGoFnbHe1YW5aNJq9DxtV?= =?us-ascii?q?8NTOs5c19hx39j0sefTC0XWMPPA3o1jhQjaWhcfpJM9xsaF6gwgjmWpaRH/w?= =?us-ascii?q?AUYDLREou74InQmdnH1WM6TddwyWLcvreFiY8y0H15h9N06TaDuXoKd+zCUs?= =?us-ascii?q?9jHmb825xayez/e/WtqP4IRJFhyLS7X/8IKtOj9neu2JV2Rk+lwawTH129MO?= =?us-ascii?q?Ad3brbSyOlRneDWeSXcmiDgyo5MlTs6ha2NFE3btlFr1MlOOvYmpFcjxHhUa?= =?us-ascii?q?9zRiiIoV/bzWojMf4Vdg4vvIenehcKTPIKZ+WHJOgh2vs+CFwWY3/OByt2BP?= =?us-ascii?q?e8sUSxk4hjJ3Vg/UL6bPzo8g/8LNSSGhgEEYjdrpNq5/y6R2SBNmFkzB1zOk?= =?us-ascii?q?l06ujeG042tu9GfJabhcLQiMhj0e4Za/dtNjUwutwJlYJg7omby9yHcQzXzp?= =?us-ascii?q?buJdHVpeWYA/Lfz0Q2YG1aVKQWYR/t7YUgItE5Q6HTHadevRkEB6g6RZshN3?= =?us-ascii?q?3r9KF1NwN+aQjRa66xgsb0p+KHfJxUp2XZ7lgoNifTpwUDyuCoTQx8d52qnH?= =?us-ascii?q?vyIJUsST9ArNBgEQVmE5VVG8MBrgunBJiUlLu9i9Cv50Mp89MN5IP0B+DHxZ?= =?us-ascii?q?ya2Il4WZVErRiCODvBCbgtgUNph+K/nN/HyJD6Dc6kctQBArtVWGnAP4fPA4?= =?us-ascii?q?H3DzWJIM+0L1ZP7rq0yLtkVlCUYyfjUuyNsyjyZ6Ys2lky1oEtJLmb9zcq9b?= =?us-ascii?q?yOnYKrPzsB9C6+sX6EMode51XWBOvYGghZUueB7H08RfxFcJP++L5fKdV6mp?= =?us-ascii?q?6R7gxo43JH2cqBZa2gqhypuAp3dpPeeVPgwD1xGZILLxK2LVY2jCfHp27cD3?= =?us-ascii?q?VRIonBS4Ftjd+ZAwar5hxZgWgwYitEHW3ySJKaPm1dgZrnOVXUrlkNAN8bh/?= =?us-ascii?q?WsfFIg8Ka1TOQ=3D?= X-IPAS-Result: =?us-ascii?q?A2DWBQBubfRa/wHyM5BcHAEBAQQBAQoBAYNAA2F7KAqDZ?= =?us-ascii?q?4hhjA+BeXUajxSFQQNMKgcMAYdCITcVAQIBAQEBAQECAWscDII1JAGCTgEBA?= =?us-ascii?q?QECAQECIAQZAQEHMAECAgEJAQEKCw0CAiIEAgIDAR4SAQUBHAYTBRaDCoF3C?= =?us-ascii?q?AOgETyKGG2BaTOCbwEBBYVMgkAIEneEeIIkVIE/gQ+CDEo1hE2DJoJUmC8Jh?= =?us-ascii?q?WeIaF5Yg2GHTiuQHDCBBDIigVIzGggbFWwGggwJggsMFxGDNIRZhhVTAXkBA?= =?us-ascii?q?RmMXoEtAYEXAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 10 May 2018 16:06:11 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4AG60tx024239; Thu, 10 May 2018 12:06:01 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w4AG5pqA006378 for ; Thu, 10 May 2018 12:05:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w4AG5wFU024237 for ; Thu, 10 May 2018 12:05:58 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CCAgAubfRalywbGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNAZHsoCoNnlHCBeXUajxSFQQNTKg2EQAKDACE4FAECAQEBAQEBAhQBAQEBAQY?= =?us-ascii?q?YBkuFNAEBAgIBIwQZAQEHMAEECxYNAgImAgIiEgEFARwGExuDCAKBdwgDoA08i?= =?us-ascii?q?hhtgWkzgm8BAQWFTIJACBJ3hHiCJFSBP4EPggxKhQKDJoJUmC8JhWeIaF5Yg2G?= =?us-ascii?q?HTiuCAI4cMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSMXoEtAYEXA?= =?us-ascii?q?QE?= X-IPAS-Result: =?us-ascii?q?A1CCAgAubfRalywbGNZcHAEBAQQBAQoBAYNAZHsoCoNnlHC?= =?us-ascii?q?BeXUajxSFQQNTKg2EQAKDACE4FAECAQEBAQEBAhQBAQEBAQYYBkuFNAEBAgIBI?= =?us-ascii?q?wQZAQEHMAEECxYNAgImAgIiEgEFARwGExuDCAKBdwgDoA08ihhtgWkzgm8BAQW?= =?us-ascii?q?FTIJACBJ3hHiCJFSBP4EPggxKhQKDJoJUmC8JhWeIaF5Yg2GHTiuCAI4cMIEEM?= =?us-ascii?q?4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSMXoEtAYEXAQE?= X-IronPort-AV: E=Sophos;i="5.49,385,1520913600"; d="scan'208";a="273862" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 10 May 2018 12:05:57 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AMorXjhcV4GKlWaEXOpVZJUOYlGMj4u6mDksu8p?= =?us-ascii?q?Mizoh2WeGdxcS/ZB7h7PlgxGXEQZ/co6odzbaO6Oa4ASQp2tWoiDg6aptCVh?= =?us-ascii?q?sI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFR?= =?us-ascii?q?rhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahb75+Ngm6oRnMvcQKnIVuLbo8xA?= =?us-ascii?q?HUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLn?= =?us-ascii?q?s65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD?= =?us-ascii?q?+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQds4YS2?= =?us-ascii?q?VcRMZcTzFPDYy9b4QNAeoPPehWoYrjqVQStha+GRWgCfnzxjNUmnP736s32P?= =?us-ascii?q?khHwHc2wwgGsoDvm7Oo9XoMKcZTOe7zK7PzTXZcfxdxDDw6JDSfRA8pfGBRq?= =?us-ascii?q?pwftDMyUkrDg/Fi1KQqYv/PzyLzOgCr2+b7+95WO+plmUppQZxoj21ycctjI?= =?us-ascii?q?nEnpoVxUrZ9SV92Yo1INq4SElhYdG6CpdfqyaaN45wT8g/QG9ooD43xqMbtZ?= =?us-ascii?q?O0ZiQG1psqywTBZ/GFaYSF7R3uWP6QLDp7nn5pZbCyihSo/US91OHxUtO43E?= =?us-ascii?q?tJoydKitXAqGwB2hjJ5sWESvZx5Fmt1SuP2gzJ6uxIPUY5nrfBJZE72L4/jJ?= =?us-ascii?q?8TvFzDHiDonEX2i7ebeUs+9Oam9enqbKvrqIWAOoNoigzyKLohldK6AeQjPQ?= =?us-ascii?q?gCRW2b9v691L3n50H5RbRKjvkunqnYtpDVO9gbq7anDwNI3Ysv8QizAji83N?= =?us-ascii?q?gGn3QLNl1IdR2fg4jsIV7OIfT4Dfmlg1SrlTdm3+jGMaf8ApXJNXXDiK3ufa?= =?us-ascii?q?t560JFzQozytdf54hKBb0bPP3zXUrxuMTCDhAlKwy03/rnCNJl24MFR22PBq?= =?us-ascii?q?6ZMKXPsV6H/e8vP+mNa5MVuDb6MfQl4eXugmUjlV8Seqmpw8hfVHftN/BrM0?= =?us-ascii?q?iIKVnrjt4HHHlC6gM6QfznmRuBVjJaYXusd6Um7zo/BcStCoKVFa63h7nU5C?= =?us-ascii?q?6mGtVzYWdcBxjYCX71c62cUuoILSeVJdVs1DcDUO7yGMcayRiyuVqimPJcJe?= =?us-ascii?q?3O93hd7Mq7joIn7vDPlRw06T1/Btic1GfIVWxvg2cUXGZugfJiuUZxkwab2P?= =?us-ascii?q?AixfFVEMdcofZAUwN8MJ/YnKR2CNH3DxrIZczBCE2nTdOvHSwrQ5ovzsUPbU?= =?us-ascii?q?dwF5Tqjh3K0yewRb5Av6SCGZhx96XbxXW0LMF4jSyejfR50QN9BMRGLXW9na?= =?us-ascii?q?tj707YAIvE?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D7AQBubfRalywbGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNAZHsoCoNnlHCBeXUajxSFQQNTKg2EQAKDACE4FAECAQEBAQEBAgETAQE?= =?us-ascii?q?BAQEGGAZLDII1JAGCTgEBAgIBIwQZAQEHMAEECxYNAgImAgIiEgEFARwGExu?= =?us-ascii?q?DCAKBdwgDoBE8ihhtgWkzgm8BAQWFTIJACBJ3hHiCJFSBP4EPggxKhQKDJoJ?= =?us-ascii?q?UmC8JhWeIaF5Yg2GHTiuCAI4cMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFm?= =?us-ascii?q?GFVMBgRSMXoEtAYEXAQE?= X-IPAS-Result: =?us-ascii?q?A0D7AQBubfRalywbGNZcHAEBAQQBAQoBAYNAZHsoCoNnl?= =?us-ascii?q?HCBeXUajxSFQQNTKg2EQAKDACE4FAECAQEBAQEBAgETAQEBAQEGGAZLDII1J?= =?us-ascii?q?AGCTgEBAgIBIwQZAQEHMAEECxYNAgImAgIiEgEFARwGExuDCAKBdwgDoBE8i?= =?us-ascii?q?hhtgWkzgm8BAQWFTIJACBJ3hHiCJFSBP4EPggxKhQKDJoJUmC8JhWeIaF5Yg?= =?us-ascii?q?2GHTiuCAI4cMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSMXoEtA?= =?us-ascii?q?YEXAQE?= X-IronPort-AV: E=Sophos;i="5.49,385,1520899200"; d="scan'208";a="13143093" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 10 May 2018 16:05:56 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;df4f4733-acd3-45f1-b1e0-db50d817d94b Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC02.oob.disa.mil (Postfix) with SMTP id 40hdNx2llrz2Sj4J for ; Thu, 10 May 2018 16:05:37 +0000 (UTC) Received: from UPBD19PA02.eemsg.mil (unknown [192.168.18.3]) by UPDCF3IC02.oob.disa.mil (Postfix) with ESMTP id 40hdNw6Ww8z2Sj4B for ; Thu, 10 May 2018 16:05:36 +0000 (UTC) Authentication-Results: upbd19pa02.eemsg.mail.mil; dkim=pass (signature verified) header.i=@paul-moore-com.20150623.gappssmtp.com X-EEMSG-check-008: 296907926|UPBD19PA02_EEMSG_MP2.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.85.215.50 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CIAgBJa/RahzLXVdFcHAEBAQQBAQoBAYQkeygKg2eUcIF5dRqPFIVBA1MqDYRAAoMAITgUAQIBAQEBAQECFAEBAQgNCQgoIwyFKAEBAQECASMEGQEBBzABBAsLCw0CAiYCAiISAQUBHAYTG4MIAoF3CKATPIoYbYFpM4JvAQEFhUyCQAgSd4R4giRUgT+BD4IMSjWETYMmglSYLwmFZ4hoXliDYYdOK5AcMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSMXoEtAYEXAQE X-IPAS-Result: A0CIAgBJa/RahzLXVdFcHAEBAQQBAQoBAYQkeygKg2eUcIF5dRqPFIVBA1MqDYRAAoMAITgUAQIBAQEBAQECFAEBAQgNCQgoIwyFKAEBAQECASMEGQEBBzABBAsLCw0CAiYCAiISAQUBHAYTG4MIAoF3CKATPIoYbYFpM4JvAQEFhUyCQAgSd4R4giRUgT+BD4IMSjWETYMmglSYLwmFZ4hoXliDYYdOK5AcMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSMXoEtAYEXAQE Received: from mail-lf0-f50.google.com ([209.85.215.50]) by upbd19pa02.eemsg.mail.mil with ESMTP; 10 May 2018 16:05:31 +0000 Received: by mail-lf0-f50.google.com with SMTP id z142-v6so3732852lff.5 for ; Thu, 10 May 2018 09:05:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=V6PlBQslvi/q906Xbu9nieRGN7JziGU3EbXNmzTouog=; b=zzfxQsJMoDiFt66KgrvqvsvBlFYt/209MH/flmbizatC5AHjSnGBjzh7FwZAhGlxGn o7uRedECCdZ6infoKEkzY+4SOwfPwqoT5cHZcSNkmLlWAi6+wAJ9yKZDjHQZZZDC7Umt KiGLVXbX7zJhgAJg2Qq+75G/WQy6B5YVXNrKlGeznXCk8JcbvTDN9d2LzGeeZzjPosEx D87+9eqyLeliNvjnK5+SXiS5CP20L8L8ER1by8vwYtedm1KrQDNOmE4HTLO3/dX1DvEr UCO/BY2RL1r+uJwz59726EMCd2P38QhlJjfziiOZoeOqp/01tj4UQIZT/XiTAsRj4//Q gARQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=V6PlBQslvi/q906Xbu9nieRGN7JziGU3EbXNmzTouog=; b=ZYwCXXHc2nxiS5N39CzIQRRJvxEDmKbZSJczzwmJtt/k51vcpXPp7Sb78kY9xJiOce NfR8HR4+K9CDRQAr95yjOiJEWxkUjop2yq3FwuRt6YFO6ugkA1tGH9rEGlrYdxXiYsIT /P9TRmetdPgQ6ygv3xFAtkuHIcdotKseQ8gyRbSrS3I5Dvdnxv8DNheM/fEMVkXD0spO J3ELvaOxcCcbov7KRsRMTsIrMrM3gqa3azsDwiBZKOD5W6PPIt7HMOyav1QKiAsOufMR ltvECGPq7igvuWnAQl5GaLu5RckeASFc6ZfuECvApXcm6C2GBaRbPNTlbAGYCF5IWkoq o0Gg== X-Gm-Message-State: ALKqPwc1m2k8XYcYSeUDBxuksq4ek41vE8qS8gBUe9KUWNO//I+3n7/R OzfUVM++xShT5oUxWrAhV2xRSc8BN5wkDVwEpiRB X-Google-Smtp-Source: AB8JxZpbWfl+Z+mNEvEJFhf9AguEYaJET69QD711NhpvMOAI9mnFfD0krb+0dyaEmtUBAJaS6yvv5T2ZcC1MBtaXSBA= X-Received: by 2002:a2e:8858:: with SMTP id z24-v6mr1661652ljj.106.1525968330677; Thu, 10 May 2018 09:05:30 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a947:0:0:0:0:0 with HTTP; Thu, 10 May 2018 09:05:29 -0700 (PDT) X-Originating-IP: [68.177.129.184] In-Reply-To: References: <1525788303-23244-1-git-send-email-alexey.kodanev@oracle.com> <1eb10913-8802-e2dd-68f0-9483435cd949@tycho.nsa.gov> <7fdbaf13-fea2-4a2c-213d-fa291db67081@tycho.nsa.gov> X-EEMSG-check-009: 444-444 From: Paul Moore Date: Thu, 10 May 2018 12:05:29 -0400 Message-ID: To: Alexey Kodanev Subject: Re: [PATCH] selinux: add AF_UNSPEC and INADDR_ANY checks to selinux_socket_bind() X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: netdev , linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP On Thu, May 10, 2018 at 5:28 AM, Alexey Kodanev wrote: > On 10.05.2018 01:02, Paul Moore wrote: > ... >> I just had a better look at this and I believe that Alexey and Stephen >> are right: this is the best option. My apologies for the noise >> earlier. However, while looking at the code I think there are some >> additional necessary changes: >> >> * In the case of an SCTP socket, we should return -EINVAL, just as we >> do with other address families. > > Right. > >> * While not strictly related to AF_UNSPEC, we really should be passing >> the address family of the sockaddr, and not the socket, to functions >> that need to interpret the bind address/port. > > That looks like a correct solution. I guess we need the same fix for > sctp_connectx(), in selinux_socket_connect_helper(). Yes. I think we also need a small change to selinux_sctp_bind_connect() to both not error out on AF_UNSPEC, and to return EINVAL on a bad address family (some of the callers pass on the return value, some don't). >> I'm waiting for my kernel to compile so I haven't given this any >> sanity testing, but the patch below is what I think we need ... >> >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >> index 4cafe6a19167..5f30045b2053 100644 >> --- a/security/selinux/hooks.c >> +++ b/security/selinux/hooks.c >> @@ -4576,6 +4576,7 @@ static int selinux_socket_post_create(struct socket *sock, >> int family, >> static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, i >> nt addrlen) >> { >> struct sock *sk = sock->sk; >> + struct sk_security_struct *sksec = sk->sk_security; >> u16 family; >> int err; >> >> @@ -4587,13 +4588,13 @@ static int selinux_socket_bind(struct socket *sock, stru >> ct sockaddr *address, in >> family = sk->sk_family; >> if (family == PF_INET || family == PF_INET6) { >> char *addrp; >> - struct sk_security_struct *sksec = sk->sk_security; >> struct common_audit_data ad; >> struct lsm_network_audit net = {0,}; >> struct sockaddr_in *addr4 = NULL; >> struct sockaddr_in6 *addr6 = NULL; >> unsigned short snum; >> u32 sid, node_perm; >> + u16 family_sa = address->sa_family; >> >> /* >> * sctp_bindx(3) calls via selinux_sctp_bind_connect() >> @@ -4601,11 +4602,19 @@ static int selinux_socket_bind(struct socket *sock, stru >> ct sockaddr *address, in >> * need to check address->sa_family as it is possible to have >> * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. >> */ >> - switch (address->sa_family) { >> + switch (family_sa) { >> + case AF_UNSPEC: >> case AF_INET: >> if (addrlen < sizeof(struct sockaddr_in)) >> return -EINVAL; >> addr4 = (struct sockaddr_in *)address; >> + if (family_sa == AF_UNSPEC) { >> + /* see "__inet_bind()", we only want to allow >> + * AF_UNSPEC if the address is INADDR_ANY */ >> + if (addr4->sin_addr.s_addr != htonl(INADDR_ANY)) >> + goto err_af; >> + family_sa = AF_INET; >> + } >> snum = ntohs(addr4->sin_port); >> addrp = (char *)&addr4->sin_addr.s_addr; >> break; >> @@ -4617,15 +4626,14 @@ static int selinux_socket_bind(struct socket *sock, stru >> ct sockaddr *address, in >> addrp = (char *)&addr6->sin6_addr.s6_addr; >> break; >> default: >> - /* Note that SCTP services expect -EINVAL, whereas >> - * others expect -EAFNOSUPPORT. >> - */ >> - if (sksec->sclass == SECCLASS_SCTP_SOCKET) >> - return -EINVAL; >> - else >> - return -EAFNOSUPPORT; >> + goto err_af; >> } >> >> + ad.type = LSM_AUDIT_DATA_NET; >> + ad.u.net = &net; >> + ad.u.net->sport = htons(snum); >> + ad.u.net->family = family_sa; >> + > > May be we could move setting ad.u.net->v{4|6}info.saddr here as well? I looked at that too, the problem is that if we set the IP address here it will be reported in the audit record for a name_bind failure, which is a change from the current behavior. One could argue this is the correct thing to do, but I would like to limit the number of changes for patches that are destined for the -rcX stream. Let's leave them separate for now. > Will send a v2 of this patch so that SCTP socket returns EINVAL with > AF_UNSPEC. Should I prepare a patch with correcting 'ad.u.net->family' > and sel_netnode_sid()? Please, that would be helpful. I think all of the issues we have identified in this thread should be fixed during the v4.17-rcX releases, so if you don't do it I'll need to do it :) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5f30045b2053..a8bac9b37ee7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5277,6 +5277,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int> while (walk_size < addrlen) { addr = addr_buf; switch (addr->sa_family) { + case AF_UNSPEC: case AF_INET: len = sizeof(struct sockaddr_in); break; @@ -5284,7 +5285,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int> len = sizeof(struct sockaddr_in6); break; default: - return -EAFNOSUPPORT; + return -EINVAL; } err = -EINVAL;