From patchwork Fri Aug 3 09:36:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10555071 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6B2E815A6 for ; Fri, 3 Aug 2018 12:30:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52CF42C668 for ; Fri, 3 Aug 2018 12:30:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4611C2C687; Fri, 3 Aug 2018 12:30:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id DA7692C668 for ; Fri, 3 Aug 2018 12:30:32 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.51,438,1526342400"; d="scan'208";a="748040985" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 03 Aug 2018 12:30:28 +0000 X-IronPort-AV: E=Sophos;i="5.51,438,1526342400"; d="scan'208";a="16580700" IronPort-PHdr: 9a23:HQChxRT6DIp+FeS8uW6pWws+HNpsv+yvbD5Q0YIujvd0So/mwa6/YRGBt8tkgFKBZ4jH8fUM07OQ7/i+HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9zIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94VS3BBXsJMXCJfBI2yYZYEA+4YMepFs4Xxol0Dpga8CwaxHuPi0jFGiHz50qM9zeovDBnG0Q49E98AsHrUtsn6OqgMXuCu16TI0TfOYulK1Trn9ITEbBYsquyMU7JqdsrRzFEiGQffgVWWr4zuIjGb1uMXs2id8uFgS+OvhHQ6oA9svDevwsYsio/UhoMa11vJ8j55z5gxJd25Tk57fNGlHYBMtyCaK4R2QsQiT3tuuCYh0LIKo5G7fC8UyJk+wRPUdv+Jc5CQ7x7+W+ucLi10iXJ4dL6lmRq//lasxvfhWsWszlpGsi5InsPPu30NzRDf9NaLRudn8ku/xTqDyQbe4fxeL08uj6rUMZshz6Y1lpoUrEvMADf7mF7zjK+KbkUk/fWo6/j/brXmuJCcM4h0hxniMqs0gMy/APk4MhMUU2ia/+S82rrj/VbnT7pWlPE2jqnYv4zaJcQcvKK5BRNa0p0/5BqlCjem0dAYkWEGLFJDZh2Hk5DkN0zBLf33F/uyg0mgnC11y/3JILHtGIjBImDGkLj7fLZ970BcyBA0zdBa/59UEa8OIPbyWk/3qdzZAQY1PBezw+b6DtVyyp0RWXmUD6+FMKLdrV+I5uU1L+mKf48aoizxK/ci5/7wlXM5g0MSfbG13ZsLb3C1BvZmI0KfYXX2ntcBEX0FvgwlQezoj12CVztTaGypX6Ig+D47EpmmAZ3ERoC3j7yLxD27EYFOZmBaFlCMFm/ld4eGW/gWdC2SIdRhkjsCVbigVY8szh+utAvny7toNeXU5ysYtY7+1NRv4O3Tjx4y/yRuD8uBy2GNU310nmQQSj443aB/pUl9xUmZ0aVjjfxXC8Fc5/RTUgggLZ7c1et6C9LsVQ3dYteFUlGmQs+pATspVNI+38cOY1phG9Wllh3C3zeqA6UJmLyLA5w06LnR32XyJ8Zn0XrG0rcuj0U+SMtVKWKmnrJ/9xTUB4PRjkqWi6OqdaMa3C7R6WuO1nSOs19CUA5xUKTFWnYfalHQrdvn+kPIV6WuBqg/Mgtd1c6CLbNHZcD1jVpcXvfuI8jRY2W0m2isHxmI3a+MYJDse2oDwCXXEFIEnBwL/XaaKQg+AT+so2HEAzxtElLvfljh8epkp3O4SU800huGb0p717q64hQVn+CTS+sP3rIYvycssy97E0un39LXFdWAvRFsc79AbtM4+ltH0njZtwNlNJy6M69inkIecxhwv072zRV4F5hPnNMlrHMvwwt+M6SY301ddzmAx5D/JqXXKnXu/BCoc6PWwV/e0MyR+qcU9PQ1sE7jvAeuFkss9nVoyd9V32Ga5prUEAoYSYjxXVov9xhmu7HaZTEw5o3O2n1oLam7rCXC28kyCes71BmgZcxQML6BFAPoFM0aHceuIvQwm1e1dhIEIPxS9KksMsOgdvuG3KqrM/h7nD+9l2tI/pp90kWW+yp7UO7I0I4Pw+uE0QufSzf8kFChv9jpmYBFeT4SAm2/yTL+CIFNZq1yeoALCWi1Ls2zx9V+gYTiW2Rf9FK5AFMGwsCpcwKIb1PhxQ1QyVgXoXu/lCu8zjx0iC0porOE3CPQx+TidRwHOnNERWR5llfsOYm0j9YbXEe0dAgljh2l6ljmx6JDvqRwM3HTQVtUfyjxN2xiSKywtr6GY8FR8pMnrSJXUeqnbFCBV77yvwAa3znkH2tEyzAxbyuqtYnhnxxmlGKdK25+rHnHdsF23hfS/9/cSuBX3jodQil3lyXXCkK7P9mz8tWej43DvfymV2K9Sp1TdjHmzZuauyum4W1lHwW/kOq1mt37Dwc6yzT218RxVSrWthb8eZPn17+9MeJ6ZElnGEHz68R9GoFknYs/mosc2X4EiZWJ5XAHi3v8Mc1H2aLia3oAXSALw9jI7wX+xk1jKG+Gx4LjWnWb3MRhe8GwYnkK1SIl88BKFKCU4aRcnSRvv1q4qRncbuR8njcByfoi8XAajPsPuAY3ySWdGL8SF1FCPSPwjxSI88y+rKJPaWaha7ew0lZ+ndekDLyZrAFTRmv2epA4HSBq9sV/KlXM0H/t5Y74ZNncd9UTtgebkx3YlehaNIoxluYWhSpgIW/9uGcqy+o/jRNwwZG6oJKIJH928aK/HBFYKib1aN8J9TH1k6lShMCW0J6zHp95ADUEQIPoTe60EDIVrfnnORyOHyMhpXeAA7XfGxOf6EB9r3/UCZ+kK3SXKGMezdV4SxmXPFZfjxwMXDUmgp45ERinxNT/f0hi+D8R4F/4qgdLyu9zNhnwTHnQqxmyZjczUpifIwJc7hte6EfNLcye8uVzEjlD8ZK6qwCNLm2bZx9UDWESQECEHE7sMaW06dnb7eeYAuu+L/3TYbSBsuFRS/eJxYiy0ot95TqNON+APmV5D/083EpPR3d5G97Wmz8XUSwYizrNb9KHpBe74iB4tcG/8PvsWALp/oaAFqVdPs5u+x+sh6ePLemQhDx2KTxAzJMD2WfIyKQD3F4VkyxhbTatHq4etSHTV6/QnbdXAAAdayN2LsRI7qY80RJKOc/UkN/10aR4jvEtAVdfSVPhgt2pZdANI2ylKFPHA0OLOK6cJT3MwsD4f6W8RqZKjOVTqRKwui2WHFPkPjSGizbmTQuvMf1WgCGdIhNepJm3cgxxBmj7UNLmdhq7Pcd1jT02wbw0nnTKNWodMThgbUxAtbiQ7SJEgvVlBWNN9H1lLfOLmyyB9enXNo4Wsed3AiRzj+9a43Q7y79L4yxfQfx1nyXSrtBwrFG6jumPyj1nUB9QpTpRgoKEo1liM73D9pZcQXbE4A4N7WKIBhQMudRqENnvtrtTytjIj6LzNC1N89TP/csfBsjYMsSHP2Q9MRDxAj7bEBMFTSK3NWHYn0Fdiu+d9maLoZcgsJjjhJoOR6RAW1w0DPMVF0NlHNIaIJdtQDwlkaSXjMgW6nqitBPRXtlVvojbVvKOBvXiMCuWjb5CZxsO3Lz3M4ATNozg1kN4dFZ6hoPKF1DXXdBXrS1rdhU0r1lV8HhiUm0z3FroZR63738NFP67gwU2hxBkbuQ37jfs5Fk2JkHUqyQsjUkxg9TlgSyRcTLrKqe/Q51WATLut0ctKpP7Xxp1bQqqkExgMzfEXaxej71hdGBskwLctp1PGeNGQa1Deh8QyumdZ+803lREtiWn2UhH6PPeCZR8kAsqcJisr29P2g94cNE1IqnQK7ZTwVhLmqKCpCmo2f4twAUGPUYC7HuSeDIUuEwPLrQmOyuo/ulr6QyemztCeHMBWOcrovNq7EwyIP6MzyT+3L5fMkqxLfCQL7uFu2jcks6FWkk/1kcJl0ZZ47d5ycIjckqSV0AoyrueDQ8EOtHDKQ5Pacpe7XbTfTuUveXL3511I523Fvr0Qu+WqKYUnkWkER4yEIsS6MQMBYOj31zGLcj5Nr4F0g8i5B7rJVmfC/RJYh2Lmi8do86j1J93wZVdJjYFDGVyLCW357LXpgs0j/qGR9o5f2kVUZAFNn0sXs22gSlZv25PDDOvyOIW1BCC7yPgpiTXFDT8ddxjZPaIahNsD9G2/S4//bCvh1DK6JvTO2b0OM9+td/I7OMVu4yIC+hITbVntUfThZVYTWSwU2HTCd61O4Twa440YNzuEHm6SFu/hCkuQsftJtaiNLaIjh/sRYZVtomb0zQjNc6yFjEeBxdwqfsM5Lh5ZQEZZZo0fwLovRwkN6OjOAeYzsmuQ2G1JDpYVfVQ0eW6Z71SzyotdOC6y2AtTpAkwOap70EBXpYKjgvRxfy7fYlRTTDzGmBBewXIvSc5knJuNvwxwugh3BPIsF8cMz+Qee1ncmNEuc0zBVeVIXVrF2U4XEWQjYzd7Q6wx7oS5TdSn85I0e1Zt3jzpoXQYCixWKyts5nVsDEtbdkno61wLYzsOdGKtJXAkTzDVJPQqBGKUDamF/pGndhdOCNYQP9UmW47PcwJp49B5lQtVsckJ71CE64spqi0ZjpiCC4d1y4ZV4eb0zwFjeawwbzalg2fcJ46KhwLrI1CgscBUy5xei4euKijV4DNmm+YVmQLJRwc4R5K5A0eio96Zvrl75bQTJ9Q1z5WpOp5UinMFpZ27Fb0V3+ZgUPmR/W7j+ymwx9dwOjq0tYFRB51EVJdyPpOlks0NLF3LLEdvoDQsjCSc0P1oGPtyPC9KVlU0c3UdkT0DJHLtGrnSCEc/mcURYBXwnHFCZsSixZ5aLospFhUPICpZ1vx5z0+yIRtBLS3Scerx1M5onkcXCeqD8BNC+d4v1LLQDdleYykqI35O5VORW9d4IWdq0xFkEp3LiG51YFRK9pK4j4RRjhAvSuSvN2uSM1Zw8B2C4UAItBlu3fyAKlEIoSeo2UqurzzzX/U4yszsFmmyzmvGaK0UuxU8nYCFQUuImSRtlMgD/Aw8mvI9FDCrEx09f9BBreTlUVxvCp9HpdWCzZTy3+qMlRzQ2Nas+hBLKTVdNJcTOcsaRCzPBwxCOAp01aP/U5qgXfzezZyuRdC+yDBQwk0UjEYgqv3mTIAtM6oJCQXS49MbTU9dSfKMRybmSFQvBZbdU5qR4oVAtFf+7EUxYFU5NbNSV6wKSEZWxxvLgA43uBFlU5Eq0WYfTrSDRSzePbKrx13eduRrM+1I/T45ghHjJjnvPo/96UZSH2sgRetTszGr4/gqt2KsVODdKXiPO26b3/BVj/Mgg2uiro/E5nF5S7TMBFcK5Vgz3orf4ThA3bRPRtaP6IbO1ZbVadiZNVApuBXfM5keKAM+aN3BxKHQB3vGJa1o/ldMlbTXyneIDmd8uyiu4Lc86bRSe/6ZsyD33zHWb54Po9m6TnnHLfnyYle+kvq1fdq8kN1U0PGPzqArNTmIQML/9Kie1DnvpAmEjLaGpBwkGDixktYbcoYXzWq8IgEyJNe8Hv/Vfh30kztv+1J67ll6Y437qtyycioJKfdN/JasVNmAheOHAlq8IsiAHRnTWBLfuARMOvRfbgejc32r+D3DKkX5R2O9uxXd9TIOkbBmtOlBTGEUxxEmwUBpiAGIQuAzfKFnLV0Scm9r+jjxk0t+0S+LgIBzL1154eE+6+IqfTSbxTPzbkLRLLqRsL1rrQjoU+S4+MrlKIWcGxvfwKnCPQdVtIaxmr4zKArzDgjHNnfEL/74/5MSW45kSz8lJxnGFUWAPwUF6KR/YtChmc4h/DZNtoOf69Zm2aPDhClHaUAyX6q9yuXOHNqggzK0xzrXWyz60L5ojFiTivR1dfjlVBVWaOtCUdVRSqpNldysCmTMwrwqNr3paM14VkuMmP+qNKCiGuhOb1QH83lJ9yQODI0q0wTjJ0wQNyvxI8aFMGlINgL7HFxcvve6m2sky9boKdLnYne7d+P+vXRA3agi7eWq7KXxDBX0nI4p00w6si8NvHS4N2HW/uo2HgXTydjvAvBWBm5qqfFoFAQOEyL1lrLmYMRM9Fdw3Y4zEHn6/I5TNI16gpeCp7KZ+keqjDrJDv03VGfbsorWSmcyTRYAkn4HkV/GKg43GLwvdzGlW3M+1I2WoZwd1brhRttD4U3MUgt8kQYwjIfEQgRbhCWFLSoBUPjLYsYWkgMdw+K3L27eqgt20183K+v5eHUbexmBKoNLexRjgiQk1hHApgWq7ERQKpge19B867avgfiBJT8X/j9jHY+KPK7TMZb8cAfqnsj7R2yRxWl6ZhZ6bYUloqEdqleYZjDpMp89Vto5SYTdixRhxhylxG5UeccpODl+NTUrJqo6uKzVKkwRuQX9h40B399j5vxm10jv9DX1/lGRY3RlIv/8RpBI3iUt4bGyxN8M/YBK5q3fLZ88HUKPykeJ2wUMtqQcPQ85zJtPyjS51xFGcMAf9QYPNDCmQpMkE3mRKlT9tbHGl+fE4pzdd4n72T5yDAx6pY9XPzv6DmoKpDD9V1NOe1MjDl0ntLYuOcV2ebSCDQQ4XSBZBh1xiSCypeTBPb0+eWB08rUV1QAHi43T4hRPjyC9hK7RuCtjpXmThuU6tPvgJI5bE+QQ32xnKcGsqZLCuNAiD/03jtZFoDzmf2VtcCg6G1JuV1bCIxz9wHKGL1DPpVnPhT1jtKkSVZ6BivjY8zUbR4uuO2KxucQ/eVxKVbxaZUcIhIexLLw8WBVQRd2SL7qolaZWvocZMNhSPPAtH9V84xhK6gLPFiTv5HqqzBIqFctAAA3dLAwtDtadlLVnA1UXab0t6QMigwGUd52oUVMA36/OHoi5zrbUqRYlKeRB+IR8jWSVqwBTV5lMyJ/QxOw3ZVhZaGpnfRZvW9cmSN9uvcq2SR8RBSgoS3su74N2TU49bC2rDUBo31FQfmAnCrTDFVDzegKjb0CBHr47ly8enYDZpPo4LZ7PcTg6ZUh43MnbBUkey0JQ/+tCzn0j6ySGYyPrNNciwKRuMXUc7C8MzIeNrIjxhL/X3J9yBTRnA508GsXRTWt9NskJIS7OcY4ySukAGzbdFcX4qNVq8v8rl8LQ/EwaVNm2mlj1dKHRiIVTszVB2k1lhQkaXlDcJ9b7B8VDbUngjaJvqlA+QEZeynUEoWj+obOmcfI2H89Tcplx27Moa2FnJwq2mV/m9xo9i6OpGgSd+vAXs9uGHfz1YBfxvflavWwtOAHVItmyLO8UP8NMsmj5XG62JN0VU+53r4eBUa2MPcfxrfHVCeoUXaYWeqOc2eQnjs0MVX/5Qe2IV0tacdLrkg9Mu3Yip5aiQLhTeA8eiLFnVbGyCQGNuQAekpioI66fyQSRfMVIu2bIvIjhvY5DQ1IJ0TVEDN2Bun+ilukmIx2Kj00+knhSfj8+QDhdt2JE18LFpCM6tZc4/2xDlqII357hEl/JEBu9vz3D10rt/REd5+akJ7XndstlaYeevNsNzAtksICkYJkr4+P2YGFdg+VhpT7I9fVivefBPLbwgIhfWQJaLcBZRLJ4NAYN9g/E53UB70R6RYVA646aJMmMGj1+ed/KwYlISDLY7HhoMDsoKqrYYFS72HX5xoLISPdvQATgqivQAh6aY26r2njK5A3ADRapptiDQUwT9gHIN8JswfyW83co6q8kdLkvhoj4+I= X-IPAS-Result: A2ASAgAVSmRb/wHyM5BcGgEBAQEBAgEBAQEIAQEBAYMkgTBKEiiMZp8PhEIUDIEEA0kVGBSHbjUXAQIBAQEBAQECAWwogjUkAYJkAjcUIAsDAwkCEi4ICAMBLQMBBQELFwEHCwUYBIJAP4IAA6cCPIw4hE+GBxKJBAmCAIESh1kEARIBhXUCh3OFO3KMDQmPOQuOGAErkhwPIYEiAzMzLnErCAIYCCEPO4EyGoEdkFVtfYw2DxeCIwEB Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 03 Aug 2018 12:30:28 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w73CUKOd003645; Fri, 3 Aug 2018 08:30:25 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w739aJwY021037 for ; Fri, 3 Aug 2018 05:36:19 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w739aGqv013322 for ; Fri, 3 Aug 2018 05:36:18 -0400 IronPort-PHdr: 9a23:t7G7+hxrPrVAqcHXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZhOEt+htjVuQDJ3Ss64ChufTqK+mXGUB5dCEsXRROIdUWUojjsMb1xclHNbDEVfyefzjaSo6NMtFU1Bh8jewNk0GUN3maQjqq2appSUXBg25MAN0IurvHYuH1O+m9eON5KDwSVVhnDWhfbV3MQiztwaXt9QNkIh4LbppkQmVo31VPfhHyiVtOAu7kRLx9oL1/pdl9SQWsfU88cVNSuP1eKM3SbEeBzMjYCgu/MO+kx7FQEOU42cEFGUblh0dGw/e8BTzRYv8qAP/v+t5nTCZZYj4F+huHzul6KhvRVnjjyJUfzI68WSCksVrl+obuxOuoRVj3pTZKJ+YLvtwf67RPJsaSGNNU9wXVnlpDYS7YI8CSeEGOOs= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DWAADgIGRblywVGNZcHQEBBQELAYNLgWUWEoN+iAmMRJMqhEKBJANehGgCgwshNBgBAgEBAQEBAQIUAQEBAQEGGAZMhWwdAQE3ATQCJgI2AQUBIgESgyCCAAOnHjyKG2+BLoJ0AQEFgWSFbggSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhkrkhwPIYEga4EfMxoIGxWDJIIZg2iKVG2NM4JJAQE X-IPAS-Result: A1DWAADgIGRblywVGNZcHQEBBQELAYNLgWUWEoN+iAmMRJMqhEKBJANehGgCgwshNBgBAgEBAQEBAQIUAQEBAQEGGAZMhWwdAQE3ATQCJgI2AQUBIgESgyCCAAOnHjyKG2+BLoJ0AQEFgWSFbggSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhkrkhwPIYEga4EfMxoIGxWDJIIZg2iKVG2NM4JJAQE X-IronPort-AV: E=Sophos;i="5.51,438,1526356800"; d="scan'208";a="338612" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 03 Aug 2018 05:36:17 -0400 IronPort-PHdr: 9a23:nfE2NhQp7+GvJDq7Oqtm5Lfhe9psv+yvbD5Q0YIujvd0So/mwa6zbBaN2/xhgRfzUJnB7Loc0qyK6/6mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbJ/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRcDI2ybIUAAO0PM+ZGoYbhvFYOsQeyCBOwCO711jNFhHn71rA63eQ7FgHG2RQtEdYUv3TSqtX+KaUcUeevzKnO0D7OaPFW1i376IjOchAsuv6MXbV3ccrezUkgCRnJgUmXqYzgJj6Y0PkGvWuD7+d4S+6jlmEqpxtvrjWg3MsglJTFipgax13L7Sl13po5KNmiREN4YdOoCoVcuz+GO4dsXM8uX39ktSAnwbMco5G7ZjIFyJE/yh7fdfOHd4+I7wrtW+iTIjl2gnxodayliRuu7UStyvfwWdeq31ZPtSpFncPAtnUX2BzS7siLUP59/kal2TqX1gDT7P9LIVwsmKbFNpIszaQ8moQcvEjZACP6hV/6gaCZe0k8/+in8eXnYrHopp+GMI90jxnzP6owl82/Beo4MQgBXmaV9uq5ybDu/lH0QK1Fjv0qjqnZtpXaJdkGpq68GQ9V0Zwv6xeiDze90NUYnmMHLFVZeB6bgYXoOl7DIPH+DfeimVisjDdqx//cMr3kH5XBM2POkLnlfblj5E9Q0RM/zdJF6JJSDLEBIOj/VVT2tNzFCB82LxK7w/39BNVy0YMeXm2PAquHP6/IrVCI4ecvL/GWZIAJoDb9N+Ql5/n2gH8ih1Adeaip3Z0KaHG3BflmP0WYbmbsgtcGC2sKuBE+Q/bwhF2NVj5TeSX6Y6Vp3jgmDMqDCoDZS8j5mLWc2A+jF4BSI2VBDUqBV3zvctPAE8wQZTqSL8kpqTkNUbysWsd1zh21nBPrwLpgaOzP82sXsoy1kJBY/ezY3Sk77z1vR5CQy2iXTnpchmoSRiQu2Kl0rAp60FjVleBjjvhZE8FDz+9YWQc9c5jHxqp1DM62EgDIeNGJYFmhRdqiDHc6Sddi7cUJZhNfEtOkxjDExSziV70ckbqLLJMz9a3Y0j76IMMrmCWO77Uok1RzGpgHDmahnKMqslGLX9STwUyEi6anc7gd1yfR9WCFiHCDp1xcTBUqDv6XQHAeYhKHtd2hugXPQrq1BvIiOwpFj8uDLvgCccXn2HNBQvqrI9HCeySpgW7lBx+OwLOkY43tdGEQmi7aDRtMiBgdqE6PLhN2HSK9uyTbBT1qG0joZha32vhcq0ykc2wenyiSYFF90b+o5xsPhrqdVugC3agDpH96uWl1Gkv7w8PZTd+d/iJveKhMJJY/6VFB1STTsBF7NZG7aa9lgVEafkJ8uEa9nw5vBNBmls4n5Ggv0BI0Ka+c1wZZcCiE2JnrJrDNAmz7/RTqcq2On1+EiIzQ9aAI5/A17V7kuVLhGkkj9iB/2sJOmzuH55rMBRYPS5+5TEst9hZ7qr2bKikw7o/ZzzttZIG7tTjN399vD+wgxw== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CpAAAOIWRblywVGNZcHQEBBQELAYNLgWUWEoN+iAmMRJMqhEKBJANehGgCgwshNBgBAgEBAQEBAQIBEwEBAQEBBhgGTAyCNSQBgwYdAQE3ATQCJgI2AQUBIgESgyCCAAOnHjyKG2+BLoJ0AQEFgWSFbggSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhkrkhwPIYEga4EfMxoIGxWDJIIZg2iKVG2NM4JJAQE X-IPAS-Result: A0CpAAAOIWRblywVGNZcHQEBBQELAYNLgWUWEoN+iAmMRJMqhEKBJANehGgCgwshNBgBAgEBAQEBAQIBEwEBAQEBBhgGTAyCNSQBgwYdAQE3ATQCJgI2AQUBIgESgyCCAAOnHjyKG2+BLoJ0AQEFgWSFbggSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhkrkhwPIYEga4EfMxoIGxWDJIIZg2iKVG2NM4JJAQE X-IronPort-AV: E=Sophos;i="5.51,438,1526342400"; d="scan'208";a="16574405" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa05.eemsg.mail.mil ([214.24.21.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 03 Aug 2018 09:36:16 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;057e428d-2316-48e9-9d5b-d0be8564a308 X-EEMSG-check-008: 300082125|UHIL19PA04_EEMSG_MP2.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 209.85.220.202 X-EEMSG-check-002: true IronPort-PHdr: 9a23:tBhhhR+G0Aa27f9uRHKM819IXTAuvvDOBiVQ1KB21uIcTK2v8tzYMVDF4r011RmVBduds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+55zebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMNboRr4oRzut86ZrSAfpiCgZMT457HrXgdF0gK5CvR6tuwBzz4vSbYqINvRxY7ndcMsUS2RCUclfUDFPDIOiYYQTFOcBIfpUopPhq1YUsRezBw+hD/7vxD9SgX/22LU33eA7HgHA2gwrAtAAsHPOrNXzKawfVuK1w7POzTXFb/Nbwjj96I/PchAupfGDQ6h8ftbWyUkqDg7IiEibp4/9Pz6NyOgBr2yW4/BjWO+vkWIrtR99riS1yssyloXFmIQYwU3e+ypj2oY6P9i4RVZ7YdG6FJtQsDmXN45sTcMjR2FkoT86yr4atZKicigG1ogrywDFZ/yIdIiI5R3jVOKPLjtimH1lf7e/iw6z8Uim1OL8StG53EhWoidBiNXBtXAA2wbN5sSZVvdx5Fmt1SqR2wzL7+FLO0E0la7VK547xb4wk4IevErdEy72nEv2j6+Zd0sq9eat9unqYanrpoeTN49olgH+NKEumtGiAeQ9KAgOXHKX+eWh1L34/Uz5Q69KjvoqkqXFvp3bJMsWpq+/Aw9IyIoj9xa+Dzi83NQdgHkLMUlIeByDj4f3NFDCOen0DfWljFSqljdrx+rKMabmApXQKHjMjKnufa1n505Tzwozyt9f55ZKBb0bPP3zXUrxuMTCDhAlKwy03/rnCNJl24MFR22PBq6ZMKXPsV6H/e8vP+mNa5MVuDb6MfQl4eXugmUjlV8Seqmpw8hfVHftJv17Jw28Zn32j59VCW4XuiImRfHuzViFViReIX21WvR4rgonBZqmAIGLfYWkhLiMzW/vBZFNTnxXAVCLV3HzfsOLXOlaLGq/OM5q2gQNT7m6A9sszRi0tRTS07N9L/HM/iQTuNTkztcjo6XImBUz8yFkJ9iM2GGKCWdvlyUHQCFylKJ2p0p94liE1qd8jrpTEtkAyelOV1IYPJjah8x9Eda6DgDIeNGJYFmhRdqiDHc6SddnkIxGWFp0B9j31kOL5CGtGbJA0uXTXMVloJKZ5GD4IoNG81iD0aAgi1c8Rc4Ubz+ogqNvsk3RDojPkwOTkLusfqkHmiHK82iHwCyFu0QKCVcsA5WAZmgWYw7tlfq8/lnLFuX8BrMgPQ9Mj8WFL/kSM4C7vRB9XP7mfe/mTSexlmO3X0jaw7qNaM/zeD1Y0n+FUg4LlAcc+XvAPg87VH+s X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0C6AACHIWRbh8rcVdFcHgEGDIUwFhKDfpRNkyqEQoEkA14ThFUCgwsZBwEEMBgBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkAYMGHQEBNwE0AiYCNgEFASIBEoMgggCnITyKG2+BLoJ0AQEFgWSFbwgSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhgBK5IcDyGBIGuBHzMaCBsVgySCGYNoilQ9MI0zgkkBAQ X-IPAS-Result: A0C6AACHIWRbh8rcVdFcHgEGDIUwFhKDfpRNkyqEQoEkA14ThFUCgwsZBwEEMBgBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkAYMGHQEBNwE0AiYCNgEFASIBEoMgggCnITyKG2+BLoJ0AQEFgWSFbwgSeYd9F4FBP4EShi0CgSqDOIJVh3WGLYwNCYRtikwLjhgBK5IcDyGBIGuBHzMaCBsVgySCGYNoilQ9MI0zgkkBAQ Received: from mail-qk0-f202.google.com ([209.85.220.202]) by uhil19pa04.eemsg.mail.mil with ESMTP/TLS/AES128-SHA; 03 Aug 2018 09:36:13 +0000 Received: by mail-qk0-f202.google.com with SMTP id t81-v6so4701768qkt.7 for ; Fri, 03 Aug 2018 02:36:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=gKam9WaYXvtGukQ1JMxYeC89hlAklM7RuKowpz4IWCY=; b=nDh3VpuNFqN5fsEaRxn7r/FpNqaGr06hrmG9q7R2N01ogPF9FL/c84pQB0dZEgK4Qg pqAFk9+P6KcOYWcNUCkKF41Xy+t3d40mcQzmoQRJRDq4CMNOFWecBwuaETZh7AD7htku hmAOXlOPdZYk4hM/RvShK9CsAxVcg3BUnqlO48CGDAGbEzZyI1y8Jx7B9Wz6V3sUHj5w Sd3ULfKxh9fust7oBVNa+UUthj1tLFa7p7/TQNjSkSSy+uLOPAkLq5ZMWDRrNKdTgRa3 RDstxOPF8Fa95CZWv0tqceWLil9vqS2lJyhfQJu+EdkIFwyHI0OMZm9jqAsrBfwuP2rN 73Hw== X-Gm-Message-State: AOUpUlFZny0AZJ1tV47aHdVvvyDtV7UvVw2SG+/h3M+ofikVY3zsC5wX SkpAb87CYkV/gaWzC/HeyPm1ttkVVw== X-Google-Smtp-Source: AAOMgpd1k5tas7kSjFbEj5zQSMmxweGcg5QVx7HyvV7lX36a+VEaslYsfPMUd807C87+qsfiIAif5sEZoQ== X-Received: by 2002:ac8:1019:: with SMTP id z25-v6mr3481000qti.14.1533288971594; Fri, 03 Aug 2018 02:36:11 -0700 (PDT) Date: Fri, 3 Aug 2018 11:36:04 +0200 Message-Id: <20180803093604.38254-1-jannh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.18.0.597.ga71716f1ad-goog X-EEMSG-check-009: 444-444 To: Paul Moore , Stephen Smalley , Eric Paris , selinux@tycho.nsa.gov, jannh@google.com X-Mailman-Approved-At: Fri, 03 Aug 2018 08:26:11 -0400 Subject: [PATCH] selinux: stricter parsing in mls_context_to_sid() X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Jann Horn via Selinux Reply-To: Jann Horn Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP mls_context_to_sid incorrectly accepted MLS context strings that are followed by a dash and trailing garbage. Before this change, the following command works: # mount -t tmpfs -o 'context=system_u:object_r:tmp_t:s0-s0:c0-BLAH' \ none mount After this change, it fails with the following error message in dmesg: SELinux: security_context_str_to_sid(system_u:object_r:tmp_t:s0-s0:c0-BLAH) failed for (dev tmpfs, type tmpfs) errno=-22 This is not an important bug; but it is a small quirk that was useful for exploiting a vulnerability in fusermount. This patch does not change the behavior when the policy does not have MLS enabled. Signed-off-by: Jann Horn Acked-by: Stephen Smalley --- security/selinux/ss/mls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 39475fb455bc..2c73d612d2ee 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -344,7 +344,7 @@ int mls_context_to_sid(struct policydb *pol, break; } } - if (delim == '-') { + if (delim == '-' && l == 0) { /* Extract high sensitivity. */ scontextp = p; while (*p && *p != ':')