From patchwork Wed Sep 19 16:52:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10606135 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 759295A4 for ; Wed, 19 Sep 2018 17:39:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DD442C8A5 for ; Wed, 19 Sep 2018 17:39:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 50FB52C8A8; Wed, 19 Sep 2018 17:39:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AA82A2C8A5 for ; Wed, 19 Sep 2018 17:39:12 +0000 (UTC) X-EEMSG-check-008: 634405081|UCOL19PA12_EEMSG_MP10.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,394,1531785600"; d="scan'208";a="634405081" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 19 Sep 2018 17:39:11 +0000 X-IronPort-AV: E=Sophos;i="5.53,394,1531785600"; d="scan'208";a="18435733" IronPort-PHdr: 9a23:EnKt8xdZyBAYd177RonzM0zElGMj4u6mDksu8pMizoh2WeGdxcm5ZxGN2/xhgRfzUJnB7Loc0qyK6/+mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbF/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwUX2pBWttaWTJHDI2ycoADC/MNMftEo4X4oVYFsBmwChS2BO731DFGiHz406on3eQ5EwzKwQItEdIUsHvbsNr7O7kdUfuuwanUzzjOde9a1C3h5ITWdB0qvPGCXah3ccrU0UQhCRnKjk+Kpoz+Ijib0+MNs26G4Op6T+2vl28nqxxyojOy2Mcsi5PGjZ8IxF/a8SV5wYA1JcC3SUVmZtOkC4VftyWbN4twX8MjTHpluDo6y7IauZ67ezIGyJI8xxHFcfCHfI+I4gz6WeuXPDx2h2pldaqiixu9/kWs0O3xWtSu3FpUoSdJjMPAum0V2xDO6MWKROFx80mg1DqVygze5PtILV0qmaffLZMq36Q+mYAJsUvZGy/7gED2jKiLeUo64uWo8OHnYqn+pp+bKo90lhnyMqQwlcy7BuQ1KhQOUHKB+eS9yb3j5lf1QKlKj/IqkqnZt4rWJcIHqa6iHwBZyIMj6xe7Dzu+0dQYm2cILE5ddR6agIXkNEvCLfDlAfulnVihnylny+rbMrH5B5XCNHnDkLPvfbZn7E5czRI+zctB6JJQC7EBJu/zW0DouNPDCR85Lgq0zPr5B9VmzY4eRWKODbOZMKPVq1OI4PkvLPOWaI8avzb9NeAp5+Tygn8hhV8dYa6p0IMVaHC/GPRpOVmZYXr2jdcHCmoKvA0+TOrviFKYSj5Te2i9X7gn5j0hD4KmF4jDTJi3gLOdxCe7AoFWZmdeB1COE3fnbZmLW/QXaCKVJM9hkyIEWKOvS48lyBGvuxT1y6dhLurI5y0Ur5Xj1MJ65+fLjxE96SR0D9iB02GKV2x0hn0HSCQo06B5oEx91lCD3LN5g/NGC9Nc+elFUgAgNZ7T1+Z6Ecz9WhrdfteVT1arWsipATY3TtI33tABfUJ9G9S5gx/ZwSWqGbgVm6aMBJwu/aLWx2LxKNply3bayKkhiEErQ8VONW2ig65w6RLTCpXHk0qHiqmqcr4c0zTV9GeZymqOvl9XXxJsUanfWnAffETWp8zj5kzeV7+uFagnMgxZxM6MMKtFcNvpgklHRPf4I9neZnqxm2apCRaTyLKMd5Dme2IH3CXSEEIEiRwc/W6aNQgiASesu2HeAyZtFVLofkPh6up+p2m4Tk8z0gGGdUph16C6+hQNn/yTV+sT3q4YuCcmszh7Bkuy38jXC9WevQpsZ79Tbs844Ftd0mLZrQN9NIS6L69+nl4ebxh3v0T22hprEIpAldYlrGg2zAtyLqKVy0hBeC+Z3Z/uPL3XNmjy8wq1Z67QxF7ezM6c+r0T5/Qgt1XjoAapG1I483p6ztZYyHSc5pDFDQYIV5L+TFo3/QBgp77Geik9+5/U1Xp0PKmvvD/CwdUpBPA5yhu7ZNdfNqSEFQH3E8IAAciiMuoqlEa1bhgcJuBd6LY0P9+6d/uBwKOqMvxvnDa6jWtZ+oB9yVmB9zRiRe7SxJkF3vSY0hGAVzfmg1erqtr3lpxcZTEOAmq/zjDpBIhQZq12eYYEF3yuLtatydpgnZ7tXGRU9Fm5B1MJwMWpYwadb0Th3Q1M0kQauWGomTeiwDxuiDwmsq2f3CnSzOv4bxoHJnRHRG98glfwOYK0lcwVXFC0bwg1kxuo/Vj6x6lHq6RjKGnTW11EcDT2L2FlVKuwuaGPY8pO6JMuqypXSuO8bUqdSr7nrBsQyznjEHdGxDAnazGqvY30nxh7iGKGMHZ/tWHZdt90xRfe4tzcWPFQ0yEdRClgiDnXAFm8MMWy/dmOkZfMrPy+XXq7VpJPaSnr0Z+AtCyj6G1wBh2/m/SzlcP9EQcm1i/62cJnVT7VrBngeYnnzaO6MfhofkNwHl/z99J6Gp1ikos3nJwQ2mYVhpOO/Xcckmf8L9Nb2bn4bHUTWT4H2dnV4BLq2Ed7NHKG25r5VmmBwstmf9S6enkZ2j85789UEKeb9rpEnTdrrVqitg/RfON9kSkHyfs18nIamOYJuBc3ziqBHL8SE05YPTbjlxuW9dy+qrtYZHq3e7iqyEV+hcyhDK2FogxERnb5fIotEDRu7sV5LV3M0Gf/6of6d9nMddgTrAGbkw/cj+hJL5I8juIKijB6OWL5pnAq1+87jQBu3J2jsoiIMWNt8Li+Ah5COT3/f9kT9S31jaZCgsaW2JiiHpZhGzUPQpTlVveoEDUctfTpKQmODCE8qnecGbraAwCT8kFmoGzTE5qzLXGYOGEZzcl+RBmaPEFfjhobXDMmnp4+EwCn38Lhf1lk6TAW/F73sANMyvhvNxn9TGjQuBuoZi0zSJiFIxpc9htC6FvNMcyC8uJzGDlV/pO7rAOTN2ObfB5HDWcVWkyDHFDuJaOh6sXF8+SCAeq+NfTOa62UqeNCT/eI2Y6v0ox+8jmXLcqDOX1iD/wg2kpfRnB1Ad/ZlCsTRCANjCLCccqbpBa6+i1qocGy6+jkWQL15YuSELteK9tu9AqqgaeYMO6Qgjx1KTFC1pMD3XXI0qQQ3EYOiyFycDmgCa8PtS/CTKLXnK9aFAMUZD1oO8tJ9a082BNBOcnBitP6zrR4lOI6C09ZVVz9ncGkfc4KI2G9NVPfA0aLMLWGJSHVzMzsZKO8SKFQjP9KuBGqvjabCUDjNCyZlzb1TxCvLf1MjCaDMRxYpo6yaBJtBHPgTNLhcR27LMV4jTstwb03h3PGL2gcPiZgc0lVtL2f8TtYguljG2xG9ndlN/eLmz2H4ObCMJYZrftrDz9vmOJb+nQ11rxV7C9cRPxvhiTTrsRio1e4nemT0jBnSgZBqi5XhIKXukVvIbjW+YNeWXbF4R0N9n6dBA4Qp9t/Dd3utbtQxcbTm6LuMjdC8s7U/MsGC8jSNs2HLGIrMQD1Fz7MEAsFUTmrOHnbh0xaivGd6HuVr5k9qpX3l5oOTKJbWEYyFvMABURvBMYCL4tvXjM4jb6bi9YF5WGgoxnVRcVauI3HV/2JDPrzLzaZiKVLaAETwbPkN4gTMJP021B6YFlggIvKA1bQXcxKoiB5cwA7vEBN8H94Tm0vxk7ocR2t72EJFf61nx82jQ1+bf4r9Djy/1c9PkDKqzcokEkthdXlhiiccCLwLKe1WoFWFyr0tkgqP5zmQgZ0bRe9kld+ODfCWb1Rk6NqdXp3hw/EpZtPBflcQLVebx8UxPGYe+sn3kxZqiSnw09H4u3FBoF5mQQxcJ6jtXRA1xttbN4oP6DQIrRGzkRIjKKUoiCozvwxwBMZJ0sV62ydZigItVcSObY7OSqn4PZs6ReYlDtZeGkATf0qouhl9kklIeSP0zrg06JfKkC2L+GfNaWZu2ncms6IRVMw0lgImVFc87Zry8kub02aWlszw7uWEhQGKdDNKRpJb8ZI8njcYzqOu/3XwZ1pJ4W9CvzoTeiWuakIgEKrBhomEp8Q4cQGGpms1EDYItn9LL4Z1xoi+ATrKE+CDPRTdxKBiC0HrN2nzJ9rwYldISkQAX9nPiWt4bbYvRQngOaZXNgsfHcVQI8ENnMwWM21ny5ZvntADDmr0uIX0geC9Tr8qj7WDDbic9ppfO2Uag90CNGq5TU/9LC7iFDN/prCJ2H6NNFiut7V5uMZvJuHCu1bQqdjvEvGnIlYXXOqWXbVEdGpP5jwd5UsbdvsB3a/SFO/kTE1QNntPNasKKiIjhrlRIhOv4mdwD8jMci9FiwDFBdrve0D4rxzZREbaZohfRHorxg+N7C4IAqAytWuRGKtJiFMT/hRyuW6Y7JXwjEpbu+9z3sgVY81wPWt8U4KX5EKlRDexfCsZ4VEVijzAHNdcR3VpSUlj2hhKvoywuAnzRzSq1kcLjaLePZqaGFfvtE8BFKSIWltBWYiQV+Tk5bD6Ba2378O5ytdg8pU0epdvXjiuZ/fZSmhWLC3pZXQqCUsd94mrLNtMYb7OMuJqIveniDDTJnXqgCFUim6GORBl9dNPi1YW+dHmXs5OcMYpIVN80wxWdkiJ7ZXEqkjuqiqaSZ4DS4V1SIZS56P0yEDguim37vXjQufcJMnMBMYqppCmccdXzRwYiwAuK+pT5/WmHOcSmgXPAcT6hxB5Boblo9sZO/q/ZbIQYRXyz5RvvJ0SDfEGYdu91vnUGGZm1z4RO+mk+yz0gJY1Ojs3cUDWB5jFUhdwP5bmVAmKL5rN6UdvJPGvzGTeEzmu2LtzfepK0NKyc3IbVH4CpTKtXbkWC0G5XIUXZNPyG3YFZkKiQp2drskpFVWL4C6YUv+4zskx5p3ELWmSc+rwEsqomgcSyesDdVBF/lssEjLVz19f5CrtJLlNo1OQm9K5pKStUpWnV5wMy691ZpcMdtC4iANXDhIpTWSoseyRNdE2c9sAJ8GOs1/tGvlGKNYJJiRpGU7urn1xX/d/zAzrku6xCmpFKCiVO9Z+XMRGhkyJ2uCsEYvF/Uj/n3U8l/TrlB+5/1bCaSXjUVtvDZ9GYhDBjRT2nC/KFRzV31GvP9EKKnOdsxcXv0yZQOuOxMiFP4pxUqJ/VpukXf+eSxyuRNQ+zrBUAksSSkVnrDtlCUcqs69Pz8aRYhIbTI8YCjbMA+bhTpYvBBEa0FtQZwZBMhK+60D14tO4sXCUVqsKT0CXBF6OQI4zPtflUpHsEqGfCDQFheneujUvR12Z8iRqtSlLPPj/AdIkonnqvw3970fR326ng2gWdLer475ttCRs0uBaqf5PPOmYX/ASjjMggq8hbE6AJnW5yLTKhZUK4FmyXo4ZpjsEWjLPRBdKqIaIUpbULp2adRAouBUfc9rYr0J+bN3BhKaWhzvBJGvrONYIVrJQjTeNSqB+PSloY3P9bzdVfTgZsuUynbCRKJ3OIt66TblFLrx1I9e+1D52vFz+UNmR1nGNDqBrNf6Jg8R4smtaFfitIUzHTzKGJdwjGbtxkZYesoTWC2q9ZQVxYhX6HnuVO141VLzv/dK97l+7ok34a5mxtuoJavILvRaq0BnCACOBgp27pUtHHR/R2dJb+8QKfbeZ74Wgtz1puDsCaMX9AOa9PBDZdvAPUHBldG1CiuARhxcgAcBtTkaIxOH2P6EgK91R9yqper42kIx+1ixNAMGzLR26IiY/aqHufHYYAHMzbgeXajqXNn8oq4ru0OI6v0ujKQOdXBtYw27DOgdUdYQxn/6wqA20S0sE83CH7X6+P5ATn45hSzvm5R8H1UQB/MVEqGG/ZxEkWckh+PZNtMXcqdYmmaMDxKkEaENyWSt6ySJJGlpmBbO0wv/QWmr9l/5sTd4QTfQz9fkikdVWae4BUFOXyquPk90tyiPMxTstNr2v6Q18U43P3fgtN2TjmugOKlYE9f5JNOCPSk+vEgXg4EpRtyzxYAbHsKwINEQ8H5iafve73mkkzRbr6dGgIre5dqV+u7MEHmlgKCbpK+BxDdCyng3pVs/8MyvNunS592WRPSlz2kRQDtkuwvaRhK7t7PVoVYVOUyNzUfKl5cHPt5c3XYi0EHp+vIvQNUp9AVRDozAfe8NpSjvODvoxlaSe9A3Vi6e0ztRBF76DVl4GKwh2G3tvcPJlHHQ+0YrRolxbEHnmx13D5siJkIp9VcXwzAPEQ4TZhCHFLuoH1jqLZMYVUgfbhSKxLm6erkt0k112b6v4PLTYvF9B6oKLfZRlAmOnEJUGpgOq60RXKp8e0NB9K7QvgXiCZboX/bolXo0LvC0TNpV8cYHuHs++Aq/QQSv6Ytb5bYBlJ+IbrJEYYTLvM1k4Edn4TkPdyJTjxh7ixO0SvscpOfl4tjarJWk8OCuW7gxR+8P7Rg7G3x+j4fsgFAkudzX0uZcSo7WiYT46w1NIWSFuIXd0xl6N+UOLZinfLB++HUbPyIePW4BPcKKa/kg5C9gKC7c6EJEAsMQft4YJ87NmQdIik31RrFc6NfUFkWfC4dpeMAi93D3xywt8ZsgTubg7ye7JZ7B4FFJPvNDlDtjmcnDpegUxPrSDTYY4WOdaxdr2C+CzIONC/no9+WW1N7UT08GHjIxU4pFKjuC4RanRuupm5r3SQ6U787zgI4kdE2OXHCxm74FsqlUG+5alir7xiReFpzyh/+NtNqs7HVYu0ZfEIZ39xLFA7lfPpRnNhTkjMmkWFZzCjH5eM7KahokoPCWyfsU4+ViK0v+YpcWIhYFy7L89HpUQRJiSLr3vlaCQeIRf8BrSPLeoXBT7oJsMagPPEKSpJbytDdHtEg2ABM1aL83tjFac1PBkxFVW6b1vr4AjRARUcB4uU9KB22wPGM+5zzaVaValqWRD+YV8jqLRKwUT0poKj9+Qw+y2Jh2ebumh/NHsmRdkS5mvfgq1SBmRBu7uS3xqKIN2S4g9Ku+tDofpXxPVv+enDvQCVVf0PQKir8RC3Tn6Vy7enkDdory4KJ8KMTm74Yh5mowYRQ5cy0BR+SgBDn6j7mUDYyXrNJcmBmNtd3Vbb+9KCgdKrUwxBH4SnhjzAfehhdo8WoMQjWm9tMkIpuyOdp2jhavTFDSaVJEx6ROqsa54UYCUe8ecVp8xCBm1c+dS2sGQ8mZXy4OkgU8aWhCOKlG4BseGrhg1i2EpYFa7woUZ3HSCY3j9Y7Oy4OA9GM8Rp9Sz3jXveXRi4sjynx+s8t99C+VoHAbfOGeVNVjVCvJ259b2ND5MsmkqOkcAKhhzri7WeMDL8rrrXe/25JsVlWs7r8fBFG+duQEw+GIfT2iTDikUP6CaCCvmDA1KEfu5ASrZkM2YY9xoks8NPbSzspHmgngV65kbjmBrl/cimo4OKUVcBxg69TvQBADUONEP7vUHuMp2vBrTQJVN3I= X-IPAS-Result: A2AeAABTiKJb/wHyM5BdGgEBAQEBAgEBAQEIAQEBAYFQgV4qgQhcKIwIX6QrFAyBURQYEwGHfSE0GAEDAQEBAQEBAgFsKII1JAGCZgIkExQgCwMDCQJACAgDAS0VFwEHCwUWAgSCQT+CAgOmQTOEaIUpFIZDhBYOCYIAiGsEARIBCYVuAo4tjiwJkBcLF48ZAZRIAhEUgUI4ZHErChgpDzuBMxqBH4IlF44Xb3sBAYoZDxeCJgEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 19 Sep 2018 17:39:10 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8JHcSoA028930; Wed, 19 Sep 2018 13:38:41 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8JGqvqU023212 for ; Wed, 19 Sep 2018 12:52:57 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8JGqu7H023818; Wed, 19 Sep 2018 12:52:56 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AHAAD/faJblywaGNZcGgEBAQEBAgEBAQEIAQEBAYFQggWBZyiMCF+WSI1jgXoLgTGDO4M9ITQYAQMBAQEBAQECFAEBAQEBBhgGTIVyGQEBNwGBPQESG4MGgXUNA6RagWozgnUBAQWHDQgUhkOCe4EbF4FBP4c/AoEqIYVunFsJkBcLF48alEgCERSBQoINcBWDJ4IZDA4JEYM0ilJvixaCTAEB X-IPAS-Result: A1AHAAD/faJblywaGNZcGgEBAQEBAgEBAQEIAQEBAYFQggWBZyiMCF+WSI1jgXoLgTGDO4M9ITQYAQMBAQEBAQECFAEBAQEBBhgGTIVyGQEBNwGBPQESG4MGgXUNA6RagWozgnUBAQWHDQgUhkOCe4EbF4FBP4c/AoEqIYVunFsJkBcLF48alEgCERSBQoINcBWDJ4IZDA4JEYM0ilJvixaCTAEB X-IronPort-AV: E=Sophos;i="5.53,394,1531800000"; d="scan'208";a="373577" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 19 Sep 2018 12:52:56 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AFAAA7fqJblywaGNZcGgEBAQEBAgEBAQEIAQEBAYFQggWBZyiMCF+WSI1jgXoLgTGDO4NeNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSQBgwwZAQE3AYE9ARIbgwaBdQ0DpFuBajOCdQEBBYcNCBSGQ4J7gTKBQT+HPwKBKiGFbpxbCZAXCxePGpRIAhEUgUKCDXAVgyeCGQwOCRGDNIpSb4sWgkwBAQ X-IPAS-Result: A0AFAAA7fqJblywaGNZcGgEBAQEBAgEBAQEIAQEBAYFQggWBZyiMCF+WSI1jgXoLgTGDO4NeNBgBAwEBAQEBAQIBEwEBAQEBBhgGTAyCNSQBgwwZAQE3AYE9ARIbgwaBdQ0DpFuBajOCdQEBBYcNCBSGQ4J7gTKBQT+HPwKBKiGFbpxbCZAXCxePGpRIAhEUgUKCDXAVgyeCGQwOCRGDNIpSb4sWgkwBAQ X-IronPort-AV: E=Sophos;i="5.53,394,1531785600"; d="scan'208";a="16019397" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uphb3cpa05.eemsg.mail.mil (HELO USFB19PA19.eemsg.mail.mil) ([214.24.26.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 19 Sep 2018 16:52:55 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;4ec5919f-992c-4455-8d52-9742d6fa4b26 X-EEMSG-check-008: 31849865|USFB3CPA06_EEMSG_MP28.csd.disa.mil X-EEMSG-SBRS: 2.8 X-EEMSG-ORIG-IP: 173.37.142.95 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0ALAACCfaJbgF+OJa1cGgEBAQEBAgEBAQEIAQEBAYFQg2wojAiXJ41jgXoLE4EegzuDPRoGAQQwGAEDAQEBAQEBAQEBEwEBCQ0JCCclDII1JAGDDBkBATcBgT0BEhuDBoF1DaRpgWozgnUBAQWHDQgUhkOCe4EbF4FBP4c/AoEqIYVunFsJkBcLF48ZAZRIAhEUgUKCDXAVgyeCGQwXg0WKUm+LFoJMAQE X-IPAS-Result: A0ALAACCfaJbgF+OJa1cGgEBAQEBAgEBAQEIAQEBAYFQg2wojAiXJ41jgXoLE4EegzuDPRoGAQQwGAEDAQEBAQEBAQEBEwEBCQ0JCCclDII1JAGDDBkBATcBgT0BEhuDBoF1DaRpgWozgnUBAQWHDQgUhkOCe4EbF4FBP4c/AoEqIYVunFsJkBcLF48ZAZRIAhEUgUKCDXAVgyeCGQwXg0WKUm+LFoJMAQE Received: from alln-iport-8.cisco.com ([173.37.142.95]) by USFB3CPA06.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 19 Sep 2018 16:52:52 +0000 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AkAAA7fqJb/4ENJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYFQggiBZCiMCJcnjWOBeguEbIM9ITQYAQMBAQIBAQJtKIVmUoE+ARIbgwaBdQ2mSDOKERSGQ4QWF4FBP4hrIYVuApxZCZAXCxePGQGUSAIRFIFCOIFVcBWDJ4IlF44XPzCLFoJMAQE X-IronPort-AV: E=Sophos;i="5.53,394,1531785600"; d="scan'208";a="173406054" Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2018 16:52:50 +0000 Received: from sjc-ads-7132.cisco.com (sjc-ads-7132.cisco.com [10.30.217.207]) (authenticated bits=0) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPSA id w8JGqn6s011483 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NO); Wed, 19 Sep 2018 16:52:50 GMT X-EEMSG-check-009: 444-444 To: Paul Moore , Stephen Smalley , Eric Paris Date: Wed, 19 Sep 2018 16:52:48 +0000 Message-Id: <20180919165248.53090-1-takondra@cisco.com> X-Mailer: git-send-email 2.9.3 X-Auto-Response-Suppress: DR, OOF, AutoReply X-Authenticated-User: takondra@cisco.com X-Outbound-SMTP-Client: 10.30.217.207, sjc-ads-7132.cisco.com X-Outbound-Node: alln-core-9.cisco.com X-Mailman-Approved-At: Wed, 19 Sep 2018 13:38:27 -0400 Subject: [RFC PATCH] selinux: add a fallback to defcontext for native labeling X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Taras Kondratiuk via Selinux Reply-To: Taras Kondratiuk Cc: linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, xe-linux-external@cisco.com MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP When files on NFSv4 server are not properly labeled (label doesn't match a policy on a client) they will end up with unlabeled_t type which is too generic. We would like to be able to set a default context per mount. 'defcontext' mount option looks like a nice solution, but it doesn't seem to be fully implemented for native labeling. Default context is stored, but is never used. The patch adds a fallback to a default context if a received context is invalid. If the inode context is already initialized, then it is left untouched to preserve a context set locally on a client. Signed-off-by: Taras Kondratiuk --- security/selinux/hooks.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ad9a9b8e9979..f7debe798bf5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6598,7 +6598,30 @@ static void selinux_inode_invalidate_secctx(struct inode *inode) */ static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) { - return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); + struct superblock_security_struct *sbsec; + struct inode_security_struct *isec; + int rc; + + rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0); + + /* + * In case of Native labeling with defcontext mount option fall back + * to a default SID if received context is invalid. + */ + if (rc == -EINVAL) { + sbsec = inode->i_sb->s_security; + if (sbsec->behavior == SECURITY_FS_USE_NATIVE && + sbsec->flags & DEFCONTEXT_MNT) { + isec = inode->i_security; + if (!isec->initialized) { + isec->sclass = inode_mode_to_security_class(inode->i_mode); + isec->sid = sbsec->def_sid; + isec->initialized = 1; + } + rc = 0; + } + } + return rc; } /*