From patchwork Mon Jul 16 18:22:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10527545 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8D9A9600D0 for ; Mon, 16 Jul 2018 18:41:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6917028F8E for ; Mon, 16 Jul 2018 18:41:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5D0F428F6D; Mon, 16 Jul 2018 18:41:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, NO_RDNS_DOTCOM_HELO, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48F2628F9E for ; Mon, 16 Jul 2018 18:41:18 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="555035038" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA10.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:41:15 +0000 X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="15798602" IronPort-PHdr: =?us-ascii?q?9a23=3AJ1cvoRVp9p8XLTyO2G6KPAudt37V8LGtZVwlr6?= =?us-ascii?q?E/grcLSJyIuqrYYRyBu6dThVPEFb/W9+hDw7KP9fy4BypYud6oizMrSNR0TR?= =?us-ascii?q?gLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ?= =?us-ascii?q?/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLRi6txndutULioZ+N6g9zQ?= =?us-ascii?q?fErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKG?= =?us-ascii?q?A1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVT?= =?us-ascii?q?mk8qxmUwHjhjsZODEl8WHXks1wg7xdoBK9vBx03orYbJiIOPZiYq/ReNUXSm?= =?us-ascii?q?RbXsZVSidPHIWyYYUSBOYFJOpUspXxq14IoBS5BwajHuPvyjhPhnPvxKE3z+?= =?us-ascii?q?osHADb0AA5A94CrWnfoNHrOKsOVOy4yrTDwzfeYPNMwTrz9obIfBAir/+CU7?= =?us-ascii?q?1/fsjex1Q3Fw7Hk1mdp5DqMTyL2eQWqGWb8+htWPizh2I7pQx9vD6izdoshI?= =?us-ascii?q?nTgYIVz0jJ+Dtjz4YuO9K5SFNwb8O4H5tQrS6aKoV2Qsc8TGFypS03zaEJto?= =?us-ascii?q?SgfCcUyJUq3AXfZOCHc4eS/xLjWuKRLilihH58ZL2wnQy+/lSnyu35T8S51k?= =?us-ascii?q?tBoCldktTUq3wA2BPe5tKHR/dg5EutxzmC2x7J5u1ZOUw5lKjWJ4Q8zrMxkp?= =?us-ascii?q?cfq0XOEy/slEnokqObeUMp8fWy5ev9eLXpvJqcOpdxigH5L6shhNSyAf89Mg?= =?us-ascii?q?gSR2ib/vm81KH78U35XrpKivo2n7HFsJ/AP8Qbp7O5AxRP3oYi7Ra/ATCm0M?= =?us-ascii?q?8GknYbNl5FZBKGgJTpO1HJOvz4C+uwg0+wnztxwvDGP7nhDo3MLnjFjrjhYa?= =?us-ascii?q?5w51NTxQc819xS549YBqsfLP/8REP9rsHUAgc8MwOuwubnDNt91pkZWWKKGq?= =?us-ascii?q?KZK73dsVuJ5uIpPumNa5YZty36K/g44f7hkWE2mUQGcKm13ZoYdHC4HvN8L0?= =?us-ascii?q?WfenrjmM0NEWgNvgogVODqkkGNUSZPZ3auWKIx/jM7CIWgDYjZWoCtgKaO3C?= =?us-ascii?q?GgE51UYWBGDFWMHm3zd4WYRfgMcjmSLtVmkjweWrirU5Uh2g22tA/m17pnKf?= =?us-ascii?q?LZ+i8atZ35yNd15PbTlRY09Tx1EcSQyG+NT2VpnmIHXDA2waZ/oVBgyluZ1q?= =?us-ascii?q?h4mfNYH8RJ5/xVSgc6KYLcz+tiBtHyRwLBZMuGSFahQtW8GjwxU9Exw8UUb0?= =?us-ascii?q?Z7BdqikgjJ3zC2DL8Ni7yLGJs0/7rE33fvPMly1XDG1Kg9j1khWcZPNHOpib?= =?us-ascii?q?Bh+ATJAI7JiUqZnb6wdasAxC7N6HuDzW2WsU5FVw5wV6PFUm0BaUvSrNT0/V?= =?us-ascii?q?nNQKG0CbQgKAdBztSCKqRSYN3zkVpGXOvjOMjZY2+phmiwGQyHxqmXYYX2fG?= =?us-ascii?q?Ud2TnSB1IfkwAP53qGMxYxBju5qWLEEDNuDU7vY1/r8eRmtny7VlU7zxuLb0?= =?us-ascii?q?16zLe14gQaheadS/MIxrIEvD0upClqE1qn2NLWEdWArRJ7fKpAedM9/EtH1W?= =?us-ascii?q?XBugx8OJygM75thloAfARyoUzuyw93C4VbnMgttHMl0gxyKaeC31NAczOXxp?= =?us-ascii?q?fwO7LNJmn15hCvZLbc2kvC39aO5qcP9PM4pk3tvQGoEkoi9mto08NO3nuS+J?= =?us-ascii?q?rFEQ0SUYjrXUYv7Rh6oLPabTch6IPIz3FsNrO0sjDa0dIzGOQl0gqgf8tYMK?= =?us-ascii?q?6cGg/yCdcVB86yJ+wrgFikdRcEPPhT9KItJMOneeCG1LSsPOZ6kzKslX5H75?= =?us-ascii?q?xl0kKQ6yp8TfbF35UfzPGb2QuHSizxjFS7vcD0noBEeCseHm2lySjrHIRRfL?= =?us-ascii?q?F9fZ4XCWeyJM263s9xiIP3W35Z6lGjHUgL19W1dhqXdVD92hdQ1UsPq3y9hS?= =?us-ascii?q?S41yB0ky0urqeHwCPB2eDiewQcOm5XRGhiikzhIZOogNAbQkeoaRQplBq/6k?= =?us-ascii?q?rgwahUurh/JXHJQUhUZyj2M31iUqyou7qYfsFA9YglsSpSUOWze1yaTKDyow?= =?us-ascii?q?cC2SP5A2Re3Cw7dy2tupjhhBx6hnidLHForHrFYsxw3hHf5NvSRP5UxDUGQj?= =?us-ascii?q?N0iT/JCVigJ9Op58mbl4/fsuCiUGKsTpNSfjPvzYOcqiS7/3ZqDAahn/+tgN?= =?us-ascii?q?3oChU60Srh29ltTyXIow72YpP32KSiLeJnYk5oCUf668p7HoF+lpU/hIoL1H?= =?us-ascii?q?cAmJqV530HnX30MdVB1qL0dGANSiITw97J/Ajl31VuLmyIx43lSnWdxdFha8?= =?us-ascii?q?OmbWMW3SI96c9KBbyQ7LxFmyt6uEC4rQXLbfh6hDcdxuMk6GQGjOERpAot0i?= =?us-ascii?q?KdD6gWHUlZJizsiw2E78ugo6VTZWavd6Ww1UVlkNC6FLGCowdcWHfldZc5By?= =?us-ascii?q?Nw6NtwME7U2n3p9o7kYMXQbc4UthCMiRfAiOxVKJYvmfoQmSVnPmz8sGY+y+?= =?us-ascii?q?4mkRNuxou2vI+dK2Vi5Ki5GAJXNiXpZ8MP/THglaVekdiQ34C0BZhhGSsEXJ?= =?us-ascii?q?3zTfKuDj0Sqe7rNwGUED0zsn2bA6bQHReD6Ed6qHLCC4irOGuKJHkd09piXA?= =?us-ascii?q?OSJEpDgA8KRjU3hYM5Fhu0y8z7a0d1/CsR5lnlqhtW1u1nKRf/UmDFpAendD?= =?us-ascii?q?g4Up6fIwRK7gta/UfaLdSe7v5vHyFf5pChsgqNJXGAagRWC2EGR0yEC0rlPr?= =?us-ascii?q?aw+dnK6/KYCfamL/vSfbWOrvRTV++SypKy1otr5CqDNsSTPnhiFvE71FBMXX?= =?us-ascii?q?ZjF8TegTUPRDQdlzjRYM6DuBe85ip3o9i88PXrXALg+5CCC75VMdVh9RC5n7?= =?us-ascii?q?uDN/KQhCZ+LDZXyIkAxXnWx7gDxFQSkT1hdyGxEbQcsi7AVKzQlbVRDx4HbC?= =?us-ascii?q?NzMdBF76wi0QZQPs7bkMn61qZijv4yCVdKS0Dumt2zacwNOWG9O0vNBFyXO7?= =?us-ascii?q?SeOT3L38b3bLuySb1KkupbqgawtiydE0//OTSDjCLkWAqzPuFJli2bOwZeuI?= =?us-ascii?q?6leBZ3FWfjVM7magG8MNJvljI52ro4hnfLNW4HLTh8aFlBrqaO4ixEmPl/AH?= =?us-ascii?q?JO7n5kLemChiaY4PLVJYoWsPtxHyR0jPhW4XogxLtJ9yFEQ/p1lDHVrt50rF?= =?us-ascii?q?GsivOPxSZ/UBpStjZLg5qGsl5jOaXW8ZlAX23J8w8T4mqLChQFvd1lBsfou6?= =?us-ascii?q?BKxdjFjLjzJyta89LI4cscANDZJ9iIMHU7LxrmBiXZDAwdTTG1M2HfglZSkP?= =?us-ascii?q?CW9nKOqZg7pYLgmJ0USr9UTFY1DO8VClx5HNweJ5d6Ri8kkbmejMIS/3q+qx?= =?us-ascii?q?jQS9tcvp/cTPKSBuvgKDWCgLZYYBsIxK/3Ip4INo3nwUBibEd1nJjSEUrKQd?= =?us-ascii?q?9NujFhbhMzoEhV8nh+Tm0y21riagOp4X8TCeC7kwUzigt/feQt7inj700wJl?= =?us-ascii?q?rQqys6iFMxlsn9gTCNbD7xK7+9XYdIBCXus0g8KZD7QwFubQ2uh0NkMizER7?= =?us-ascii?q?FQj7d6c2BklhPcs4NVGfFAVa1EfAMQxfaPavUyz1tcsTuoylVd5eTZCZtvjx?= =?us-ascii?q?AlcZ+2r31d3AJjYsY1JbbOK6tJ1FRQgLyBvjOw3OAr3AAeP1oN8H+VeCMQpU?= =?us-ascii?q?MHLKcmJyu18ex38gGNgSFDeHILV/skufJl6F8yO/mazyLhz75CKlq9N+qBIK?= =?us-ascii?q?OFo2LAj9KHQkss1kMUkElI5bx20cA5c0WKUUAuzbyRGg8GNcrENAFZdc1S9G?= =?us-ascii?q?LcfSyWq+XC3Yp1P5mhFuDvVeKOr7gbgkalHAYvAoQN4d8MEYWr0EHdMcjoNq?= =?us-ascii?q?UFyQk36ATtOlqFEOxDeAiXnzcfv8G/0Jh30JFAKT4BBGV9NiO35qrKqgIxnv?= =?us-ascii?q?qMQs02YnYbX4sDMHI6Qsu6lDBFv35YFjm4zvoZyBSe7z/7vinQEDj8b99kZP?= =?us-ascii?q?eIZRNtCMq79ig+86m2k1HY6Y/SJ2fkOtR+otXP8/8Vp46bC/NISrlwq13Tm4?= =?us-ascii?q?1ZR3O2TWHACdu1Jpj2a4kra9z7EG23XUe+iz0vScf9JditLrWSjQHuW4lUrJ?= =?us-ascii?q?GR3Co/Os+lCjEeBxBwqvkY661iYw0OeIA0bgP2twsgLay/Ox2X0s+uQmq3Lj?= =?us-ascii?q?tWVfZfx/2gZ7NL1yoscvO6yHw4Q5Egyem38FICRJENjhHa3vatf5BQXzXpFH?= =?us-ascii?q?FBfAvCvjY2l29kNuku2Og/2w/IvUMaMz+VaOxjcHZEsM0kBVOOPXV2DXI1SE?= =?us-ascii?q?OejYXZ/gGhxKwd/yxZn9ZQ0O1KrmL+voPBbz2wWKyns5LVszAvbdI+ua1+LZ?= =?us-ascii?q?TjIteatJPZhjHfVoPfsheCUCGhDPdahsJQLzhGQPZWnWElOMoGuYVF6UowWc?= =?us-ascii?q?c+J6BPCKc2qbCwbDpoFygSwjEFV4mYxjwNnv+826fGlheXaJkjPgYIv4lCgt?= =?us-ascii?q?scVi52YzkRpKy4WoXXiWCLVHYELB0U7QRW6wIKjpVwcfz94IrUUJ9MzCZbo/?= =?us-ascii?q?duXSvRFZln6Uf7SmCQgVj3U/ignfam3QROw/Lo1dkbRQNwCVNHy+ZQiEQoNK?= =?us-ascii?q?l9K7MMsY7Srj+IaUT6sXr1yOuhIFle09fUdlP/DIrBu2rxSSgc+XoTRY9U1n?= =?us-ascii?q?7QCY4Skw1iaKYwpVVMJo+mdlz55zw+yIRjB6O4Wtyzx1Y5sXYGQD+nHMBbC+?= =?us-ascii?q?F7tlLbQj5lbouqqJXkOpVSXnRf9Iebq1hHjEVnKzS5xoZEK8FR/j4MWyBCoS?= =?us-ascii?q?mavNu3U8BDxdN6D5oXLdtlvXfyBr9EMoCLo3Iqorzv1mPZ+zckvVe4wzW8Bb?= =?us-ascii?q?S1QP9H8G0FBAopPXiepVcyAOc29Gfd7EzNuEhu/+hHHriPkVlxoDFlE5BSGz?= =?us-ascii?q?lGyHGlIE53THRdr+paL6HVfNBGTPkpeR+jIRo+GuA630aR50F7gW/5YzButg?= =?us-ascii?q?td4y3dRxI0VTUPjbjwhT0TsdqnOTgHS5JScToucSHFKx6BmS9NuBZTcUZqW4?= =?us-ascii?q?oWAtxd4bEUwZNU/tbeSUarMSwKRxJiOR4k3fddiEJOvl6VdjzaDQqtafnAqA?= =?us-ascii?q?Z3fduLoM6vMvv54B9Nipn7v+Ag66UDW3qmlBW3Qd/AsoD8tseFtleVeaf8NO?= =?us-ascii?q?28f2HOQCbQghC3mLgrEYPG/y7NPwpHM5N602YrYYD9CW7XOhRLP74bJ1BFWq?= =?us-ascii?q?9kdNpLuf1aZ8t4eKYT46BtGBOHRhTrGIOxsPlKNFHTRS7RLy+Z6OywvZrT7a?= =?us-ascii?q?DBSejnfsGMwmzIQ6ZzPphk9Tn7B63l3pVF90rwxPht6lh6RkTcPCCZstvtPA?= =?us-ascii?q?UL69e+dkH6pJ0mASvWAItskHrq3kxAddAYQzet8JQDzJNW8mjwRPl90kjutO?= =?us-ascii?q?1S67hk5pU2479zz8e0Pr3eKfNAsU9oGhKUHBll9o0xAGhjQGBceu0RJ+3Xfa?= =?us-ascii?q?QXl8DurP34GLIM5R2J4eNZb8DHJ0bblsm5FD6cVQROnB0dpj4CMgucy/mFlr?= =?us-ascii?q?d7Sca4pOj53kYt7Ea7LhMd0b9i+5yL+quSq+/RdRfRyqIEWqfyTMPpsrsso1?= =?us-ascii?q?+S5eEjlLMWeGx1YginHfMYVsEDxmbv07oqzSMqE8PMBb7g/uBMV24hlDL6h5?= =?us-ascii?q?99B0kWGu8THbeT+4Remnw1m+3fNt0TaKxCm2CPFRC+ErAY0n6r9zGXIHR5jR?= =?us-ascii?q?HSzhHwW3284EXxrS9iTivG183jnVZNVrmrGUdSWDKkOUp/sDOJIArou8T4tL?= =?us-ascii?q?8w7EE3KGPkssyClHevObNQBc3/J8ecLTMypF0JkJ07Xsav1pwDGdqhPNcR92?= =?us-ascii?q?lzbv/F62OukyJMuKlHiJTD7cGS4PXYB2Ggj7edq7WP2j9X1mQ4sUs46tC6Of?= =?us-ascii?q?HE/8eKTOiw12YNUyd/vBPMXx+0q7PBtV8bJVeG0FzVl4wWIN5WwWM01kb85O?= =?us-ascii?q?gsWNgz7hlRFp7cZ/MeojD+ICD7wVeEY9M5TCae0TpXHk7tEVZiBag83Hn9s9?= =?us-ascii?q?7OlXjN5VInXJRwd1bghRxtFYo0M0Ut6EIYwiAbCwgCdQibDK20BUTiNYYETV?= =?us-ascii?q?IMaQib07i6dKY32ldzwrC26O/Ic+N8A6sNNvBAjg+Bh1VbAogZsbECT7J8dV?= =?us-ascii?q?5d87TXpgv4B4jkQffmj3wwOuOxQsxA9sAZrXQi6B6lRxW88ZdD86obiJeQe6?= =?us-ascii?q?5Lf5fMutx870Bg5TIIbSxCnhx/jxK/UeABq+Hu+dzbv4Sy6ueuTqkhXeMX+A?= =?us-ascii?q?YoB25mlZv/nEgjoc3L1+dbUoDVj4X//xxKI36OoonayANwKesJK4KsZ7Zg7G?= =?us-ascii?q?4KJy0RKnMBJ9aWbOM84yB1OjXJ+1NCGt8MZc8fPMfVlgBbllbpWKpK+sTGFV?= =?us-ascii?q?GWDYZzd8Y172v40z01/p48Xfzm6DCoP5zf6EtNP/xbhiV2iN3CvPQVwebVCC?= =?us-ascii?q?UP43mZbBh1wiWYx5aRC/bw+fiMx8zVVlMHGC42SIRdJDuZ9Ay5R+q1io/mUg?= =?us-ascii?q?eJ5c/ymp4+clyfRmCplqQfrqlMCfJAijn83jVGF4D1meias9y35WtTq11IDY?= =?us-ascii?q?dz7RreGKlFOZV7Ixv4nNGxRkdgHiv/ZN3Udh02teqU2OgM7et+N0/laI4VOB?= =?us-ascii?q?0Ezaz16WZPQgtoVrH2ok6TXfgNa9t+VPPEsndV5JpvK68LO1icqoLlrjNMqF?= =?us-ascii?q?0tGw8pb7kwrj1GeUXUmg1aRbr0sqYaigQASd55pVNMGWWoNWI75jrHVqdVjK?= =?us-ascii?q?6KBfwX6DqTTasOU0N2PSN4WR+13othe6exl/BdrmxGhj99oOQt0zF+XxSzpy?= =?us-ascii?q?vsp74W1DI7/LG4sykBuWBbTuqAjijEE1JDzO4Fja0EEXbt9US8YGUfbIv1+L?= =?us-ascii?q?RnK9rv9Y0g43QnfxouZCwHXeWlCyH1kayIGIiPv8xGiB6KosXOYqe5LTIOOb?= =?us-ascii?q?Ql1RLjW3993xDQnRZw6msLQymv48E/KYW4OMYl2jCoFnbBeFYL+KNJv9P7tU?= =?us-ascii?q?QXQ+sudVNh3GJj39CARi0JWsPCAH41jgw+ZmVfbJJD6AMVF7UygjmWoKZK5A?= =?us-ascii?q?cUbynIEo694Infgd/I2WUhTddt3m/WoqyFhpU30Hxqgt906i+OuG8Od+zDSM?= =?us-ascii?q?JsA2L81oFYyeDkYPWtqO8HQpN8yLu9SP8CLtWj+Wyu1ZVvQECq2rQeH1u/MO?= =?us-ascii?q?8E3brbTSalSWuGVuSPcmiMmSs5M0Ho6RmvNF03Z99Ar1UhPevamp5ciwrhXK?= =?us-ascii?q?t2RiqKpl/by3csPPgHdwIwpIenewsKTPMeZ+icOegi2vs+B0UQb3XRByt5F/?= =?us-ascii?q?e2sUKxnIh8I3hg+kv6YeHx/Q3nM9afAQcEHpDArp5w+P26QWSBNWVmzBJsIE?= =?us-ascii?q?knv9vYQnAKk6cId5eXgMiVnNlwzPQEa+YoNCoxp9oespxs5JPS08qQdxzViJ?= =?us-ascii?q?HoKoeR6ty7J9iXm0ArfHxKF7kUewX4460kMdMjHb7eB71UuVIbH6dsBNQZPn?= =?us-ascii?q?r1vIRzKxl+OlrJbamwqtHju+bOY5xTvXKQ5VU1emOUgAEO0vy5S0RAapmug3?= =?us-ascii?q?jjaMQrSilps8xmChwgGpBGXcwHsVzjS6W50IW6jcKhsxdhtusLt7fgIuzb39?= =?us-ascii?q?S+mYNqVt5V4lLdeH6bP4xCqWcgguWpierbybH1CNj+YpVcDa58WGGPIuv9O6?= =?us-ascii?q?yUCXeCO9n3ZlVd27qdy65iFE3IIifjUPzC/A+jNPMsw0I7w4pjceybmD4q77?= =?us-ascii?q?ed2tzybmdAqyGLpnePM51e51XOQ+fZWkQQAdmI/X0tNqoQbsOg9+oDKtclx9?= =?us-ascii?q?u06Alp6zFDzc7DJLKu+AuE5k9nbo/cZGvg3SowEd0SLRKwLEoqxGzUsHLQBV?= =?us-ascii?q?xda8yjN8Qrm9+WEwbkoU9832M1MCoJOGPtSMzZHG8BwcOlLFmI8QVRFdcYt+?= =?us-ascii?q?i+fEM58KqoRr87FI9CnLCBva4KgJ5SICHGWcZeMjuYeLR/JTdAJv7EpFE1bB?= =?us-ascii?q?oJqf0+U8E+Yp3YcxBPC1uJ1S6nlViK6kbzbdH5kffRenxE+2hbz7/DzTlHrh?= =?us-ascii?q?W4vvDcmMD4TbTFd8uqB6zvCAYODRqibG1oV0uk/Eyr/f8Nvf7eJGYb8TV2Kj?= =?us-ascii?q?mKBls1oaZi5cPVEneVgfdqKZYDn/2Lczv7SCRlmq4/HGNAvAaHRP9QcGuedG?= =?us-ascii?q?fv1UxbvgHqPfpQ5TTgZrycyLBSXrkdC5BBY9WCSNvRZP5aKi1tnTxfM+G5LL?= =?us-ascii?q?i+560h3AfuSm0UW7LN6EXYTEOSRamEwCn3WIwOo4UukjEv/NPbxXcnVv2Veb?= =?us-ascii?q?2YoSWr6Mi9hSec/+LHDy88akwyh6QJB2zSpXsIJGIFDoQNsVr2Cu6bZklK3W?= =?us-ascii?q?40k+8mxRIWeQpyX3Evmn1blfqwAItYHHYFhWOpR7sNa1V6?= X-IPAS-Result: =?us-ascii?q?A2C9BwB25Uxb/wHyM5BcGwEBAgMBAQoBAYNHgQlKEiiMX?= =?us-ascii?q?409CIJ4knmBYicUhQSCQDgUAQIBAQEBAQECAWwcDII1JIJeAwMBAiQTBgEBD?= =?us-ascii?q?CALAQIDCQEBQAgIAwEtFAERBgEHBQYCAQEBGASCf4FoAxUDnkSKG4FpM4JxA?= =?us-ascii?q?QEFgQIBAV+CNQODJwgXh1SDLYERJwyCMIR2ARIBhXWHZ4RyPS6MGgmFWIlJa?= =?us-ascii?q?odVhSyMP4JahFMhYXFNIxU7gmmCJReDRYocAVVPfIpggjkBAQ?= Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 16 Jul 2018 18:41:13 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIfCF6023577; Mon, 16 Jul 2018 14:41:13 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w6GIMVfm024331 for ; Mon, 16 Jul 2018 14:22:32 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w6GIMZoO020682 for ; Mon, 16 Jul 2018 14:22:41 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1CpBgCx4UxblywbGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YNGgWUog3yIY4tdgWAIgniUX4R3AkKCHyE4FAECAQEBAQEBAhQBAQEBAQYYBky?= =?us-ascii?q?FQwMDIwQZAQE3AQ8lAiYCAkUSBgEMBgIBAYMcgWgDFQOePYobbnszgnEBAQWBA?= =?us-ascii?q?gEBX4I0A4MnCBd0hmCBF4IWgREnDIIwiCqCVYdnhHI9LowaCYVYiUlqh1WFLIw?= =?us-ascii?q?/glqEU4FzTSMVgySCGQwOCYNFihwBVU+OFQEB?= X-IPAS-Result: =?us-ascii?q?A1CpBgCx4UxblywbGNZcHAEBAQQBAQoBAYNGgWUog3yIY4t?= =?us-ascii?q?dgWAIgniUX4R3AkKCHyE4FAECAQEBAQEBAhQBAQEBAQYYBkyFQwMDIwQZAQE3A?= =?us-ascii?q?Q8lAiYCAkUSBgEMBgIBAYMcgWgDFQOePYobbnszgnEBAQWBAgEBX4I0A4MnCBd?= =?us-ascii?q?0hmCBF4IWgREnDIIwiCqCVYdnhHI9LowaCYVYiUlqh1WFLIw/glqEU4FzTSMVg?= =?us-ascii?q?ySCGQwOCYNFihwBVU+OFQEB?= X-IronPort-AV: E=Sophos;i="5.51,362,1526356800"; d="scan'208";a="324696" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 16 Jul 2018 14:22:40 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Avjj5lh8smry0D/9uRHKM819IXTAuvvDOBiVQ1K?= =?us-ascii?q?B+0esSIJqq85mqBkHD//Il1AaPAd2Fraocw8Pt8InYEVQa5piAtH1QOLdtbD?= =?us-ascii?q?Qizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBB?= =?us-ascii?q?r/KRB1JuPoEYLOksi7ze+/94HSbglSmDaxfa55IQmrownWqsQYm5ZpJLwryh?= =?us-ascii?q?vOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3?= =?us-ascii?q?o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RS?= =?us-ascii?q?qt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaM/hxcbndfdMdQm?= =?us-ascii?q?pNR99dWjBPD469cocDFvYNMftFpIX5uVcCsR6yCA+xD+3t1zBInGf707Ak3e?= =?us-ascii?q?QvEQ/I3wIuENwBv3vWsNr7O7wfUfy3waTS0TnPc/1b1DX75YPVch4hu/aMXb?= =?us-ascii?q?dofMfP00YvDB3Kj1WNooL4IzyV1v4Cs3WV7+pkS+2vkXMspgZtrTe13ccjlI?= =?us-ascii?q?nIi5kOyl/Y9SV22ps1JdO8SEFle96oCYdfuDuAO4RqRcMiRnhltSAnwbMFoZ?= =?us-ascii?q?62ZDYGxIkoyhLFdfCKfJKE7gzhWeqLLjp1i2ppdbO9ihqo7ESty+nxWtO13V?= =?us-ascii?q?tKtCZJjMfAu38L2hfO8MaIUOF98V2k2TuX1wDc9OVEIUcsmKXVMZAvzKA9m5?= =?us-ascii?q?QNvErZAiL6hEX7gLWIeUo6/+io8Ovnbq/jppCGNo90jhvyMqEvmsy7Geg4Mw?= =?us-ascii?q?4OUHaH+emkyrHv4EL0TK9UgvA5iKXVrpLXKd4Uq6O2GwNV15ws6xe7Dzeoyt?= =?us-ascii?q?QYmnwHIUpZdx2dlIjmJVHPLevjDfijg1Sjiiprx/7CPrL/GJXBN2TMn637cb?= =?us-ascii?q?lh7E5czRI/zcpD6JJMFrEBPPXzV1fqtNPGCh85Mgq0w/voCdhmyoMfWX6AAq?= =?us-ascii?q?+eMK/It1+I/fggL/ODZI8SpjauY8QistrVqDdtnV4bYLnsxpYcdWq5AuUjJk?= =?us-ascii?q?KVfH7hqskOHH1MvQckSuHuzlqYXmgXL1KRe4d0sjU6Dp+2SITOXIaghJSf0y?= =?us-ascii?q?qhWJ5bfGZLDhaLC3i+M828UuoIIAeVJdVs2mgcXKWlY5coyBXrsQj90bchJe?= =?us-ascii?q?3RrGlQjo7uzNh44aXokBg28TFlR5CG33qlU3B/nmROQSQ/mq94vxo5gmyumY?= =?us-ascii?q?x5heFIXYhI6vdIVBoqHYLNxOx9TdbpU0TOecnfDB7sefCPKhJ0QtMqyMIVeG?= =?us-ascii?q?55Gs6+lVabhmytGbBf3+iwIbUf0efQ3mP6Ot1m43LHz7U6yQF/BMxVOjvizo?= =?us-ascii?q?x49w6bJYnJmkOCmqDiIaYb3CiL9mCDxGyVsUdwWwd2VqPEVnkbIEDRqIK9rm?= =?us-ascii?q?DPQqTmIrMgMUMVysOPMaBNbd7BhlVcQ/LiJdGYZHi+zSP4ORuU3a6LJKrjfW?= =?us-ascii?q?kUlHHFBU4LjgEVuHWLLw4zAg+g5mbZEjEoDlvsflnlt+9z7nGjGAt87QiPYl?= =?us-ascii?q?Yp8r2v4B8OzaieTvQJxLMfkCEorjh1WlGn0ISFJcCHol9Kdb5RcJsG61dOyG?= =?us-ascii?q?zduhY1apepNK1zrkUVcw1qsUfjzVB8A8NLls18/yBi9xZ7Na/NiAAJTDifx5?= =?us-ascii?q?2lf+2PcDOg9Q2za6PQxlDV2cqX/aFK8vkjtlH/p1vySxgfy1lMiPJt+iLGoJ?= =?us-ascii?q?jHCREdF5f4U0Jx8hl+9PnBeidowYTS2DV3NLWs9CfY0ociDfAo2z67dNdWLa?= =?us-ascii?q?2AGRW3GMRcDM+re6Qxg1b8SBUCMahJ8bIsecavdv+Iwqmuae1phz+3pX9M4I?= =?us-ascii?q?lg3EaB7W93Q6jD2JNWi+qA0F6hUDHxxEykrtixmY1AYmQKGXGjzCH/GINLTr?= =?us-ascii?q?Z1e4cAUj/+ZpTqgN55gYXoQThd/V+nQVwfgYm4cBqVaBr22ggDnUgUoHnygS?= =?us-ascii?q?Kj1HQ0iDAmqKODwTbDi/rvbhsJO2NHBSFigF7gLJLyjoUyTUGoaA9vnxyg6A?= =?us-ascii?q?=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AqBgD44UxblywbGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYNGgWUog3yIY4tdgWAIgniUX4R3AkKCHyE4FAECAQEBAQEBAgETAQEBAQE?= =?us-ascii?q?GGAZMDII1JIJeAwMjBBkBATcBDyUCJgICRRIGAQwGAgEBgxyBaAMVA549iht?= =?us-ascii?q?uezOCcQEBBYECAQFfgjQDgycIF3SGYIEXghaBEScMgjCIKoJVh2eEcj0ujBo?= =?us-ascii?q?JhViJSWqHVYUsjD+CWoRTgXNNIxWDJIIZDA4Jg0WKHAFVT44VAQE?= X-IPAS-Result: =?us-ascii?q?A0AqBgD44UxblywbGNZcHAEBAQQBAQoBAYNGgWUog3yIY?= =?us-ascii?q?4tdgWAIgniUX4R3AkKCHyE4FAECAQEBAQEBAgETAQEBAQEGGAZMDII1JIJeA?= =?us-ascii?q?wMjBBkBATcBDyUCJgICRRIGAQwGAgEBgxyBaAMVA549ihtuezOCcQEBBYECA?= =?us-ascii?q?QFfgjQDgycIF3SGYIEXghaBEScMgjCIKoJVh2eEcj0ujBoJhViJSWqHVYUsj?= =?us-ascii?q?D+CWoRTgXNNIxWDJIIZDA4Jg0WKHAFVT44VAQE?= X-IronPort-AV: E=Sophos;i="5.51,362,1526342400"; d="scan'208";a="15797474" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 16 Jul 2018 18:22:39 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;fabb7ac9-9ea2-46e4-ae5f-dba0e8b5f668 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC08.oob.disa.mil (Postfix) with SMTP id 41TsG71GXmz34qRb for ; Mon, 16 Jul 2018 18:22:39 +0000 (UTC) Received: from UPDC3CPA12_EEMSG_MP28.eemsg.mil (unknown [192.168.18.23]) by UPDCF3IC08.oob.disa.mil (Postfix) with ESMTP id 41TsG62GkLz34qRN for ; Mon, 16 Jul 2018 18:22:38 +0000 (UTC) Authentication-Results: UPDC3CPA12.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic308-15.consmr.mail.gq1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 35991216|UPDC3CPA12_EEMSG_MP28.csd.disa.mil X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 98.137.68.39 X-EEMSG-check-002: true IronPort-PHdr: =?us-ascii?q?9a23=3A1Px7XxQ0/icH+DpWaYCRZYhc4dpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa67ZhePt8tkgFKBZ4jH8fUM07OQ7/i+HzRYqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjWwba9zIRmssQndqtQdjJd/JKo21hbHuGZDdf?= =?us-ascii?q?5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXM?= =?us-ascii?q?TRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlD?= =?us-ascii?q?kIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94VQmhOUdxRVyxGBYOw?= =?us-ascii?q?dpIDAvYPMOtZsoXxvkcCoQajDgWoGu/j1jpEi3nr1qM4zushCxnL0hE+EdIAsH?= =?us-ascii?q?rar9v7O6kdXu+30KbGwi7Ob+9U1Drn9ITEbh4srPOKULltccTR004vFwbdg1iO?= =?us-ascii?q?s4PlJC2a1+QQuGaG8+VgVfigi3MpqwF1vDev3Nonh47ViY0P0VDL6yV4zZ0uJd?= =?us-ascii?q?KkSE50e8OkEJVUty6ELYt6W98tTHtytCkmzb0GvIe2cS4Xw5ok3x7Sc/iKfouS?= =?us-ascii?q?7h7+WuucIy10iXNmdb6liRu/9VCsx+z+W8WuzVpHry5InsPNu30NzRDf9NaLR/?= =?us-ascii?q?R780y8wziAzRrT5ftBIU0slarUNZohwrkom5oItkTDGC72l1n4gaOKdUgo4/Wk?= =?us-ascii?q?5uT9brr6oZ+cMZR0igTkMqg0n8ywG+U4MgwUU2iU4OSwyafv/E3jT7VKif02lb?= =?us-ascii?q?PVv4zdJcQevqK5AglV3Zg/6xunCzqr084UkWQJIV9HYh6KjovkN0vALf38Ffu/?= =?us-ascii?q?hk6jkDZvx/DIJL3hBZDNI2Dfn7j7ZrZy9U5dxREozd9D55JbEKwBIPz3WkDvrt?= =?us-ascii?q?zUFwM2PBauz+n7D9V905sSWXiTDa+BLKPSrViI6/o0I+aSYI8VuTD9K+Uq5vP1?= =?us-ascii?q?kX84mUMSfamu3ZcNbnC4Be5pL1+WYXrrnNdSWVsN6y4FaaS+jFyETC4WfHu5Qr?= =?us-ascii?q?g9+iB+DYWqEIPObp6ijabH3yqhGJBSIGdcBQbIWVPLU6DMD/MNbj+CZ8xsiDoJ?= =?us-ascii?q?UZC/RII7kxKjrgn3z/xgNOWCvmUgvI/nnP1y4Pfe3UUq/CFwJ9yUzmXISmZzhG?= =?us-ascii?q?5OTDgziuQ3mlBw0leO1+BDhvVcEdFCr6dSXhwSKY/Xz+s8Dcv7HA3GYIHNAG2L?= =?us-ascii?q?CvGnBywhBoYqztsPZVttM8mzhRDEmSyxCvkakKLdQNR+yYf19Fu0K8dmwGvdz4?= =?us-ascii?q?EljkI6WY0XbCuhnKE1v1zoIqfisACVlr2haL8H9CrM73uYizLX+kZCX1g0GYfC?= =?us-ascii?q?XXZXREzWpNLi60WKG72pCbJhMAxBwMiZJ61iYdTvilNHT/7nft/ZZjT100S9CA?= =?us-ascii?q?3A7bSLb8K+eGgQxy7aD0ssmAAJ+nOHKA14AT2u9SaWMDFyDk/oK2Pl9+V34Cej?= =?us-ascii?q?Q0k70gCMKk5szby4/jYUwPibVf5VxbsHpT0o7TN5WlSliZaeKdOFqhEpWaJGe9?= =?us-ascii?q?ImqANF0GXDrQ1mFpqpKq1jwFkEfFIkkVnp0kBcA55NgIARp3Mj0QR2JLjQhFhI?= =?us-ascii?q?bD6J9Yv7OrTKJG3/5lWkYujd3VSIg4XewbsG9Plt8warhwquDEd3tiU/iogH4z?= =?us-ascii?q?6n/pzPSTEqf9f0W0cz+QJ9ouiKMDI254rJ23lhK+y/u3nJ3Nd7XLJ5mCblRM9W?= =?us-ascii?q?Nea/LCG3C9cTXpj8M+cqkkWnah8eeetbsqUzOpH+LqbU6OuQJO9l2QmeoyFH7Y?= =?us-ascii?q?R6iRPe7C16S+WTh8ZAmqze1QyBTDLmylKos8SxlpkdIyAbHm24jyPjAdwJaw?= =?us-ascii?q?=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C9BACx4UxbhidEiWJcHAEBAQQBAQoBA?= =?us-ascii?q?YUrKIN8iGONPQiCeJRfhHcCQoIfGQYGMxUBAgEBAQEBAQEBARMBAQEICwsIKSM?= =?us-ascii?q?MgjUkgl4DAyMEGQEBNwEPJQImAgJFEgYBDAYCAQGDHIFoAxWeQIobbnszgnEBA?= =?us-ascii?q?QWBAgEBX4I0A4MnCBd0hmCDLYERJwyCMIgqglWHZ4RyPS6MGgmPIWqHVYUsjD+?= =?us-ascii?q?CWoRSgXRNIxWDJIIZDA4Jg0WKHAFVHzCOFQEB?= X-IPAS-Result: =?us-ascii?q?A0C9BACx4UxbhidEiWJcHAEBAQQBAQoBAYUrKIN8iGONPQi?= =?us-ascii?q?CeJRfhHcCQoIfGQYGMxUBAgEBAQEBAQEBARMBAQEICwsIKSMMgjUkgl4DAyMEG?= =?us-ascii?q?QEBNwEPJQImAgJFEgYBDAYCAQGDHIFoAxWeQIobbnszgnEBAQWBAgEBX4I0A4M?= =?us-ascii?q?nCBd0hmCDLYERJwyCMIgqglWHZ4RyPS6MGgmPIWqHVYUsjD+CWoRSgXRNIxWDJ?= =?us-ascii?q?IIZDA4Jg0WKHAFVHzCOFQEB?= Received: from sonic308-15.consmr.mail.gq1.yahoo.com ([98.137.68.39]) by UPDC3CPA12.eemsg.mail.mil with ESMTP; 16 Jul 2018 18:22:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1531765355; bh=VJOCPQMTEYQm67ck+9F1t1RAIwD4HTh7On3EH5YMUtQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=VSd+dls8QnsEZYr49uz7PTVcmEhMb/MSR869/X6USDdg/7ouJa6BbTDYH6JMRIMfttuaEU3iXqKBHZ/H3YgErTKkwWbc+Alot1MHliJy5BdcC4Q6ipmwyFYlTO7wfkOUp1TgApTOy8jWzG01wIckGLDvBmg0O7I+C4os7DSWU1dFd4E8hH5OxAGkB0IH18w0PIO57eCYWWh9hUrFcxzfgCoG0jovm4BHS+FNQQW1+/ELxHEKO9MXIPDgCzERmBP6NGWH9Dn3m6rrXwW6z2ElEhywor8QiNmRQ20QJAIcFzqG3fvELLxJB7OdJ4kO4ndgbBt4F6z4yX1QIukzjKXGVw== X-YMail-OSG: _jIizTYVM1nFMCKkIq9yzzzKRtqRgU7OEYL8WdZGAd7jDzPRBLG3zfE_ZPTF9p7 jMW0UwnJ1dSXoabnTH3lvGQUC1ofq3_8FLv0vUauh4a50XFymS2_so_tDuloywBAWOoMf0cYfiUk w1fZG6vIO4CxS52oSkfXuj.2gAOJ6Hw5R2DiurA3k4ctyUR9em2_QTJ_ffSnT0GHXs84k2KQV8DS si8Zz.mXjArb9E5Ys.hyTH0m1T5yQG2IVJkjtzoxz94va1ObExeEjMJtfIGWSajjo6ZFi_TkS0RX wXMAwXInMumLb8zO.g95iyAYtJVcSPff25DdPqmbnK2NWafCpSPtfhoZhXmJ0MAnvOhvKiKJXyW8 .vmweZ8PkOn4CyKB.P5aX0oFfl.jVvUoSi9jpVQ_63oF_dMjQO0SCJQH7JwYG4s8uCas3RkiEfcB ENvePL2OI2x.eYiHtkqOEP4EWNJp0jEicrD3VszRhyLQaSaf1SET6CI116vqDlfIahAkgZhJnYV8 lPHDgP.qHC4U6ioG_eRKRciUwxl7emYjC9ANzuYm9Q3BDB6JeLAgjA2_us_xYbpID7GvwUJEakaN c8mBVmrUKaRBxbos5UOOrWOGIGpCpFD6g4jcfcEqH3qQWQOT68gHOsFegxswWGS8FqXWbGpbuhGA Q9Vd1Qd1o955iE60SJtkUC3KD_I5LmQ4rSo7iUVOo15l6N0fMLv8LX4MIEZLWStZEDfCdHrXZWse M4cRjxTacKa6_WfyVQzaRBp3XtXZLFGc1weILpTqNFl8PhSzI_eGHCMumZl6L4.TmKAKid0k1UTJ pNUexvhtWcXklmdim8JdYo5ScqVslf8p7.LhwSuLh4VXfuxqU.S1ciiLDheDXzuodtlC4PfqFyWy QAZEdGz_sYfus_LB8eBC_chOsCKWy.ix1CTjmJO5mj7Bsl2fAlKIcD15fKws5SAcX2ktrTLanJVV UpOq90CwbbUcs1DexZmakS2AVz2Or_oKsrNh.5C23WzrVTdtuLwgp_EkJ2Sdyla4c5cFxrJNhVac hM1hpY4pP2tgqPG7XmeMJ Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.gq1.yahoo.com with HTTP; Mon, 16 Jul 2018 18:22:35 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.100]) ([67.169.65.224]) by smtp417.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID a43baab117ee84b77206ca47b1bef048; Mon, 16 Jul 2018 18:22:31 +0000 (UTC) To: LSM , LKLM , Paul Moore , Stephen Smalley , SE Linux , "SMACK-discuss@lists.01.org" , John Johansen , Kees Cook , Tetsuo Handa , James Morris References: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Mon, 16 Jul 2018 11:22:28 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8a325db8-e7eb-9581-2b77-fc987a165df7@schaufler-ca.com> Content-Language: en-US X-Mailman-Approved-At: Mon, 16 Jul 2018 14:38:37 -0400 Subject: [PATCH v1 03/22] SELinux: Abstract use of cred security blob X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP SELinux: Abstract use of cred security blob Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey Schaufler --- security/selinux/hooks.c | 54 +++++++++++++++---------------- security/selinux/include/objsec.h | 5 +++ security/selinux/xfrm.c | 4 +-- 3 files changed, 34 insertions(+), 29 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2b5ee5fbd652..4479c835c592 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -228,7 +228,7 @@ static inline u32 cred_sid(const struct cred *cred) { const struct task_security_struct *tsec; - tsec = cred->security; + tsec = selinux_cred(cred); return tsec->sid; } @@ -464,7 +464,7 @@ static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, @@ -483,7 +483,7 @@ static int may_context_mount_inode_relabel(u32 sid, struct superblock_security_struct *sbsec, const struct cred *cred) { - const struct task_security_struct *tsec = cred->security; + const struct task_security_struct *tsec = selinux_cred(cred); int rc; rc = avc_has_perm(&selinux_state, tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -1951,7 +1951,7 @@ static int may_create(struct inode *dir, struct dentry *dentry, u16 tclass) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; u32 sid, newsid; @@ -1973,7 +1973,7 @@ static int may_create(struct inode *dir, if (rc) return rc; - rc = selinux_determine_inode_label(current_security(), dir, + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, &dentry->d_name, tclass, &newsid); if (rc) return rc; @@ -2480,8 +2480,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) if (bprm->called_set_creds) return 0; - old_tsec = current_security(); - new_tsec = bprm->cred->security; + old_tsec = selinux_cred(current_cred()); + new_tsec = selinux_cred(bprm->cred); isec = inode_security(inode); /* Default to the current task SID. */ @@ -2645,7 +2645,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) struct rlimit *rlim, *initrlim; int rc, i; - new_tsec = bprm->cred->security; + new_tsec = selinux_cred(bprm->cred); if (new_tsec->sid == new_tsec->osid) return; @@ -2688,7 +2688,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) */ static void selinux_bprm_committed_creds(struct linux_binprm *bprm) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct itimerval itimer; u32 osid, sid; int rc, i; @@ -2991,7 +2991,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, u32 newsid; int rc; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); @@ -3011,14 +3011,14 @@ static int selinux_dentry_create_files_as(struct dentry *dentry, int mode, int rc; struct task_security_struct *tsec; - rc = selinux_determine_inode_label(old->security, + rc = selinux_determine_inode_label(selinux_cred(old), d_inode(dentry->d_parent), name, inode_mode_to_security_class(mode), &newsid); if (rc) return rc; - tsec = new->security; + tsec = selinux_cred(new); tsec->create_sid = newsid; return 0; } @@ -3028,7 +3028,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, const char **name, void **value, size_t *len) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct superblock_security_struct *sbsec; u32 newsid, clen; int rc; @@ -3038,7 +3038,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, newsid = tsec->create_sid; - rc = selinux_determine_inode_label(current_security(), + rc = selinux_determine_inode_label(selinux_cred(current_cred()), dir, qstr, inode_mode_to_security_class(inode->i_mode), &newsid); @@ -3500,7 +3500,7 @@ static int selinux_inode_copy_up(struct dentry *src, struct cred **new) return -ENOMEM; } - tsec = new_creds->security; + tsec = selinux_cred(new_creds); /* Get label from overlay inode and set it in create_sid */ selinux_inode_getsecid(d_inode(src), &sid); tsec->create_sid = sid; @@ -3920,7 +3920,7 @@ static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp) */ static void selinux_cred_free(struct cred *cred) { - struct task_security_struct *tsec = cred->security; + struct task_security_struct *tsec = selinux_cred(cred); /* * cred->security == NULL if security_cred_alloc_blank() or @@ -3940,7 +3940,7 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, const struct task_security_struct *old_tsec; struct task_security_struct *tsec; - old_tsec = old->security; + old_tsec = selinux_cred(old); tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp); if (!tsec) @@ -3955,8 +3955,8 @@ static int selinux_cred_prepare(struct cred *new, const struct cred *old, */ static void selinux_cred_transfer(struct cred *new, const struct cred *old) { - const struct task_security_struct *old_tsec = old->security; - struct task_security_struct *tsec = new->security; + const struct task_security_struct *old_tsec = selinux_cred(old); + struct task_security_struct *tsec = selinux_cred(new); *tsec = *old_tsec; } @@ -3972,7 +3972,7 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid) */ static int selinux_kernel_act_as(struct cred *new, u32 secid) { - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -3997,7 +3997,7 @@ static int selinux_kernel_act_as(struct cred *new, u32 secid) static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode) { struct inode_security_struct *isec = inode_security(inode); - struct task_security_struct *tsec = new->security; + struct task_security_struct *tsec = selinux_cred(new); u32 sid = current_sid(); int ret; @@ -4532,7 +4532,7 @@ static int sock_has_perm(struct sock *sk, u32 perms) static int selinux_socket_create(int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); u32 newsid; u16 secclass; int rc; @@ -4552,7 +4552,7 @@ static int selinux_socket_create(int family, int type, static int selinux_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); struct sk_security_struct *sksec; u16 sclass = socket_type_to_security_class(family, type, protocol); @@ -5430,7 +5430,7 @@ static int selinux_secmark_relabel_packet(u32 sid) const struct task_security_struct *__tsec; u32 tsid; - __tsec = current_security(); + __tsec = selinux_cred(current_cred()); tsid = __tsec->sid; return avc_has_perm(&selinux_state, @@ -6367,7 +6367,7 @@ static int selinux_getprocattr(struct task_struct *p, unsigned len; rcu_read_lock(); - __tsec = __task_cred(p)->security; + __tsec = selinux_cred(__task_cred(p)); if (current != p) { error = avc_has_perm(&selinux_state, @@ -6490,7 +6490,7 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) operation. See selinux_bprm_set_creds for the execve checks and may_create for the file creation checks. The operation will then fail if the context is not permitted. */ - tsec = new->security; + tsec = selinux_cred(new); if (!strcmp(name, "exec")) { tsec->exec_sid = sid; } else if (!strcmp(name, "fscreate")) { @@ -6619,7 +6619,7 @@ static int selinux_key_alloc(struct key *k, const struct cred *cred, if (!ksec) return -ENOMEM; - tsec = cred->security; + tsec = selinux_cred(cred); if (tsec->keycreate_sid) ksec->sid = tsec->keycreate_sid; else diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index cc5e26b0161b..734b6833bdff 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -158,4 +158,9 @@ struct bpf_security_struct { u32 sid; /*SID of bpf obj creater*/ }; +static inline struct task_security_struct *selinux_cred(const struct cred *cred) +{ + return cred->security; +} + #endif /* _SELINUX_OBJSEC_H_ */ diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 91dc3783ed94..8ffe7e1053c4 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -79,7 +79,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, gfp_t gfp) { int rc; - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); struct xfrm_sec_ctx *ctx = NULL; u32 str_len; @@ -138,7 +138,7 @@ static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx) */ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) { - const struct task_security_struct *tsec = current_security(); + const struct task_security_struct *tsec = selinux_cred(current_cred()); if (!ctx) return 0;