From patchwork Tue Sep 11 16:26:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10595913 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3F3BF112B for ; Tue, 11 Sep 2018 16:46:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A1D029A5C for ; Tue, 11 Sep 2018 16:46:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E16529A6A; Tue, 11 Sep 2018 16:46:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, GAPPY_SUBJECT,MAILING_LIST_MULTI,NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from UCOL19PA14_EEMSG_MP12.csd.disa.mil (ucol19pa14.eemsg.mail.mil [214.24.24.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 6010129A66 for ; Tue, 11 Sep 2018 16:46:00 +0000 (UTC) X-EEMSG-check-008: 618844733|UCOL19PA14_EEMSG_MP12.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="618844733" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by UCOL19PA14_EEMSG_MP12.csd.disa.mil with ESMTP/TLS/DHE-RSA-AES256-SHA256; 11 Sep 2018 16:45:59 +0000 X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="15731121" IronPort-PHdr: 9a23:psgIXxGFJmMQPZ3LVA2oH51GYnF86YWxBRYc798ds5kLTJ7+pMu/bnLW6fgltlLVR4KTs6sC17KJ9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa/bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7Sc8kaRW5cVchPUSJPDJ63Y48WA+YcIepUqo/wqFwMohSkBQmsA+TvxiZRinLq06A30vktHRja0AA9AtkCtGrYoMnwOKoUTOu7zrTHzS/bYv1I2Tnz64bGfR4urv+RRbJ9c9fdxEczGA3KkFqQspfoPy+X2+kXr2SX8+RtWfyphmU6qw9xuD+vxsI0h4TXnI0V0U7L9CVky4goOdK4SFR0YcOqEJtUqS6aLZZ9T8Q+TG5yoyY11L0HtIWgfCcWyJQo3QPfa/KDc4eW+BLvTfqeLi1iiH15f7K/gg+//E69wePyUcm01UxFritDktTUuXAN1gDT6siaSvRm5EuuxTGP1wXV5+pZIk40jbLWJ4Muz7M/jJYesVnPEjXolEj5kqOabFgo9vCp5unleLnqu56ROotuhgz/MqkigNKzDfo3PwUIQmOV4/6z1Kf58k38WLhKi/o2nbTHv53CPsQbo7K5AxdS0oY+9xazFzem38ocnXkANF9FZAiIj5LoO1HTO/D0F+u/glSwnzdrwPDKJLvhDYnWLnffirvheLd960pExAoyy9BQ+Y5UB6kcLP/8VUL9rtzVAgIjPwCqzOvrFs9x2p4GVWKKGKCZMafSsVGS5uIoJumBfJQVtyj5K/gk4f7ukHA4lUYGcqmuwJsXbmy3Eep9I0iCfXrtgssOEWcNvgYkSuzqk0eNXSRcZ3a1QaIw/is7B56+DYffWoCth6SM3CW8Hp1QfG9GFlCMHm3ud4ifWfcMbySSIsp7nTwfSbiuVZUh1Qq0uA/90bpnIfLe+jcEupL7yNh1++rTmAkw9Tx2FcuSz2KNT3pznmMORj82wrtyoUJ5ylee3ql3mOFYFdpP5/NUSAs6MoTcz+NiAdDoRg3BZsuJSEqhQti+GTE+UMk+zMEIY0Z8B9WiiQvO3yu0DLALibOHHps08rjT33LpPcZy127G1LU9j1khWsZAKGqmhqh59wfOGYHJl0SZmr2weqsCxi7N832PzW2UvEFXSARwS7nKXWgDZkvKqtT0/l7NT6O0BrQ9KQZO1cmCKq5WZdLzllVGWO3vONLAbGKtg22wHwqHxquQbIr2fGUQxCTdCE4Ykw8N+XaJKw0+CTm9o2LEDD1jDlXvY1vy/ul4rXO0VE40zwWRYE1m2Lu54BkVheaTS/kLxLILpD8hqyloHFa6x9/XBduApw5kfKpCe9Mw+1lH2nzEuAx6JJyvNbhihkQZcwR1oUzhywl3Bp9Hkcgwo3Mg1BByJr6A0FNdazOY2oj9Or7NJWnx+xCvdrXb2lLE39aV/acP9e40q1L5vAGmDkAi6Wlo08FJ03uA4ZXHFBAdXo/rUkY26Rd6varXbTMh6IPRz3FsNrO0sjDa0dIzGOQl0gqgf8tYMK6cCAD9CckaCNa1KOw2m1mpaQkJPPtO+641IcymceeG2K+xM+p6mjKpk3hH6phn0k2Q7yp8VvLI35EdzvGD0AuHTTD8jEy9ss3sgoBEYzYSH2S6ySf+Ao5dfKtycpgXCW22Oc242s1+h4LxW35f7FOiCUkJ2Mu1eRWMdVz9xhZd1VoJrny9giS40jl0nysurqqF0yzE2/7iewYfOm5XWGliik/hIY61j9AeWEincRMpmQC/6knk3ahbo75zL27JQUdHZyL2NX1tUrOstrqeZM5C8I0osSRLX+SgZlCaUKTxrAca0yPkGWteyys2dzWrupX/hRN6kmWdIGx0rHrDdsF63Q3f68DERf5NwjoGQzF1iT3WBlinI9ml5M6UmInHsuC/UWKhS5JSfDLwzYOYtSu742xqDgGkn/ypnN3oDxQ62zfh19Z2TSXIsAr8Yo7z2qSgNuJnek1oC0Hm68VmHYF/nJA9hIoN2XcGnZWZ530HkX38Md9Dw6LxcGINRSIXw97S+AXl21NsLnSSx4/iVXWS3M1hZ8K8YmwIxiIx9cdKCL2b7LZchyt6vkK4rR7NYfh6hjod1/0u52MBjuEXvgoi0yWdDqoUHUZGISzmjw6I4MymrKVLeGavdqC91FJkktC8CLGPuR1TWHflepYiBCNw4N9wMFTW3H308IHkd8HabcgPuR2MjxfAk+9VJYoylvsKgSpoJ3nwvXgiy+41gxxhw426vJSHK2Vq+aK2HARUNjvraMMP4jvtl7pRnt6K34CzGZVsAjsLU4HuTfK0FzISsO/qNwiQHzIhrXebA6DQHReF6EdhrXLADYykN22NKHke19ViSwGXJFZDjwAMQDU6gpk5GxikxMz7bkh2+ysR6UT+qhtQzeJoLALyXX3DqwetcDs0T4KfLBVO5AFY+0jVKdCe7v50HyxA5ZKutwuBKmiaZwRTEWEJQVaIB0v9Mbay/9XA6PaXBu6/L/vIfLWPpvdTWOuIxJK1z4tm5CyAN8uVMXl+FP073UxDUWp+G8TDlDUFUzYXmD7Vb86HuBe8/TV6odqw8PvxRgLg+5CCC7xKMdpx/RC2hL2MN++UhCliLjZZ2YkAxXjSyLgQxFQSkT1hdyGxEbQcsi7AVL7QmqhSDxIBcSNzM8pJ4Lw63gZWI87bjc361r1jg/EpDFdFUEDulduyZcwWOW29Mk3IBFqTPrScOTLL2933Yb+7SbBIjuVUtx2xuS6cE0/nPzSDiyfmWguqMeFNkCGbJgJRtJu6chZ3BmjpVMjmZQGjMN9rkT02xqU5iW3SNWEGKzh8clhNo6aI7SxCmPV/GndB7mJhLeaehymW8fPUKpEMsftkGi50jf5V4Gwmy7tJ6yFJXPp1lzXIod5quFymke6PyiF7UBVUrDZLn4GLvUR4NaXf6JZARW7O/AgR4mWIFxQKu9xlB8X1u69O0djAirj8KC1e/NLU5sYTHMnUKNiaP3omPxrpACTUAxUFTDKxM2HQmVBdmumI9nKJtpg6toTsmJ0WR7BGTlM1CPIaBVl+HNEZOph3RCkkkbmVjc4T+3WxsATRRN9bvpDbVvOeG/PvJyiFjbNcfRsH3av4LZgPNo38w0FicUd1nIDLG0rWQNBMrTZsYRMzoEVI7HdxVHYz217/ZgOr/nATCea+ngQqhQtmfeQt6DDs7k8qKVXWoSswl08xmcn4jT2Kbj7+Mr2wXYBXCirzsUg9KJX7TBhpbQeqh0xrKC/ER65Nj7tnbW1rlA7cuZ5IGf5ATa1FYAQdyuyWZ/Qoy1tTsT+rxUlZ6uvZEZFijhclcYawr3Jc3AJudMU6KrLWJKdS1Fdfm7yOsTGy1uAq2gAePUYM/HmVeC4St0wCLqMmKDaw/uxw9QyCnCNOeHIKV/orvv1q9kQ9O+Cbzyz4yrBNN1q/OvCYIa6Cp2fAksuITU8q2UMTi0lJ57523tk/c0CMTUAg0KORFwgVNcrFMQxac8hS+2LPciuVrerNxpZ1P4G8Fu/2V++OqLgbjV6kHAozGIQM9MsBFIG20E7ENcfnMKIFyRI16QTxPlqFFvNJdwmQnTcbucGw1oF30pdZJjEcB2V9PiG35rfYpg8qnPqDUs05Ym0fXoceMHI5RtG6kTZDv3tcFDm3zv4ZyA+a4j7yvCjfEDn8b9tmZPeVfxxsC8q7+TQh/Keol1Hb6JLeJ3v1Nd56oN/A9fsap4qbC/NTVbR9tl3Tm5NbR3O0T27PENi1J5frZogid9P0DGq1Uli4izIoUsjxJ8yhLq6WjgH0XYxUqpWU3Cg/Nc+hETETAw9wp+YH5K1mfw0CbZ07YRrmtwklMqy/JwCY0s6wTGmxMztWSOJfzf67Z7xRwCogdOi6yGEvTpsi1em47VYNRI0WjhHZ3fusfZNeUTX1GnBHeAXCvis5l2lgNuYu2egz2hXIvkcAMzqTbuxmdHREv80gBVOVOXh2Fm04R1qHgIrf/gKs2qsd8zFbn9lKze1PqGL+sYPHYDKwRKyrro3Ysygnbdc4uKB+LJLsItCYu5PEgjzQUoTfvheDUCGkC/pQgsJQLz5AQPlUhWElPtQLuZZc5kUsV8cxPbhPBbIwqbCtbDprETQdzTQFV4+a2jwNnPu80aPAlhiMaJQiLAAEsJJaj9sFSC52fjkRq7K/V4jNjG+ETXULIB0P4gtS4gIAipVwcfrh4IbSS59M0TFWqepuUiTXDplo60f7SmaOjFfjRvWuj/Cl0ABPwP/iydQURBl/CU1ByOlMjUsoNKt7K68OsY7WqjWIb1/1vHrxyOu6I1lc0dfUeEPlA4rFr2X8TjYR+XkTRY9R1n7TC4gdkw1kZ6k1vllMJp6pelrm7Tw+24tpB6W4Vdysx1s9sXYGXTmlHMRcBOx9rVLXXCFlY4qxp5X7OpVSRWtQ94OBq1tDl0VtKSG5w4JGK85R+j4MQCRPoTKFsdu3UsJD3ct2AIEQItdjoXjyArhJOJ6PrH0qobzg1mXW+ygiv1ugwjW8BbO4RfpD/2ICAgUpO3ieqk43Ausu6GjS6FfNsktw/+hBGLiClkBxoCt5HpBSBzZGyXGlIE51THldqelaL77Vc8NESfkoeRCvIwA+FeIh30GR/0F7h3H5YyJotgtd5i/SQRI5VTUPjbfrgj0erdurOTkERJJUdT8hdTvKKxqHmSBLuxZSc0NqW5EcAtte/rEUw4tV8dTYSUatLyEFUwZuNgQm3vpDjURDqlmXeTjBDQq0cvbCqht3fcOKoc6oKvT5+R1LioLhsOA27aUMXWammRG3QdDDs4D8qsCKtlGQe6viNO28e3DBRiDWjR+snbckE4XK/y/LPQpeLJl6z2YkYZf/BmPQOBRGJrgUJ0xFWqBmZ9RGpfpaZ8x/eKoT/69iGA6HTAv1GIOztPlGMkrTRTPGIiWF6ey/pILe4KfTSef+e8OMwGzHTLhvPpdg7jn7Ganl3pNC+kbs3fdt7Ex6Q0DcMy+dtNThOh8L5M66e0vjv5wmBynZD4trnXr22E5Aa9QYTDGw/JQf0pNZ5276Sfhk3UjrrO1S675k5JEs7LBo0se1K73dKfZbsU97GhibHBhq9pE2DWdjQGBef/EeJ+3MfaQDisDusfr4G7YQ6B2P9OxTccHHKF3ZmsmjFjGcTgRJnB8bpj4GMgSc1/CEm6huScamvOT5wVwi41y/Lh4A0bBs6pyJ+rKSq+/LcxTRzbYFWq/wRsPwtLgsuF2d5ecilLEQfmx5eQqnEPISVsQF3Gfv0bgqzT4wE8PEB7/g/v9DWG4+njLkgZ99BE8aGvITHbqM5oRehXw1m+nWO9wZaKxCnXyPFRG8GL8Y1XGr8zeXIHVighzW0RHwRmOz7FnsoSBkQSvMy8rjnVdUV7m2A0dSRCmpOU5jvTORPQroqsD4uaAo40E3KGDkssyClHe5MrNNA8L/PMCcITUzpF8PjZ0xWMag2YYAFNq5Pdce7XB+bvzF62+xlC9BuahHjZLE4s6J4vXXAWWgj6qCprWP2j9YxHY4vVUk59GuLP7O4cOFQ+iy22YXUSh/pxPLXwSppbzDs1AUJUuL3V/EmIwOOdFY02c31kXi5OU4W9Iz8wNeFofcaP8YozD8Jif0y06FY90rTimezydXHlXtHFl9Gag822HwvMXSmHfS4VIoRY5wd0r5ihxxFYk4L1wi6EQPyCoZDQcNcQybDK2vBUn9NoQLS04DaQic0bihfqc32lFzwq+x5ODNcONwHa0NNuxSjgSWhlhUBooWsbECQLJ7Y1Jd+rDYpgzjC4j/QffrjnsxNfywQsBf788ZrX8i7RilSxqn85dD4K4RiIqUea5cfZjMoMd84l9p5D4XbCxNgQRwgA2iXOAZpeDj/sLbv4Sy5uapTqYtSP0d9wIoCGRmk5vwnFcjrMnQ1+dYVILYkpz/8ARXLH6RpIba0gVzKfYUK421Yrls7XMHKDYCJ3gWJ9qZd+E84zNxMDXU/1FCBsIMZdUFPMvCgAxUjkzpWKpP9srAAVKYCp18d8Yv72btzzA165Q8WP766DCqPZDf801NP/RbgSVpjt3NuOgVwfvUCCgQ+nSZdRl1wiWcxJmJCvbw+/iMyd7OW1MBBC42XJ9XJCCe9gy/Wuq1iJLpXxuW6sDpg5I+c1mfS2esnKQDrqZMEelAijj03jheCoD5nfSVvMSw6GFPrF1IDJ5z7QHZGKVYJph7Ihr4lsy3SUV9BSbyY9/UeQQ0uOqXx+YM5ON+O1H4ZYAFPhJXg479vF5ua0M6TL/wo0bcRu8aecFnVOKBq3dZ9IZtA7EAMULbp5HwqDpM7lcsD1ltIJ05qzFBPmzJhhdUQO6gursHkBEdSvZ/sEpBGCS3Im1oo3LjdoBwxP2VCfoI4nCQQ7YIXkFALCxzWVW21Y9odr/vmupI5CcOpQ41hPksziwuEACxvSzqurIlxSMr+Lb+si4I/3NCULPa2wXPCVML7vMKhKEHBnCqvV67YH9Fbozy6b98KMLI/oAn5HI+ahwnOSYBWLLkQwL9grjAKYuIs5oIhxOAo87JarybJigIMbE81BelQGJyhEyWoBt063YMChWp6tMtbNGlNMAq2yuuXGvWblAB5otI9c/2q1NNV+I1dElohmNulMqfEGlFfMXSHy4QiQ8+ZC0QaJte7TcCHrQsxzOPubNLuAoTZWGQWr+595HQkMGA4nw0SdNn1yqCvaGero87231i3dVv52iBv2pEM6SSV85qH2i22JxTxPLzY92zve0dDohr0rKsVLkFKMbpsT+y2ZN3Sgqr3bgTAVe9GPEMy62dUCq/T2CcH+ORfD7I1x89P17/9FGEKVctadZDqQdpO+fFjIRdhgTnebxxTySU41TcyTpwH/kdclcdsZyqakQxR+4YeuaYKPJmlPY3E1YdR2TCHSJrBeu7qxumlc5wPHA2shayWvjk7g2zaIjaIRIDC4OP688po6boT3+dOXJm0Bx5NVV18OGaDVkqq+tAaMzNxortv/hQisU9Xq41dyAwv8Uc3Idq6I3S1caOInSzho3qK4Tzpf6VS+ba01xsYntTB7EQeg7kz54xPtckVbneB/5StFIXAq1pJf5pLH//oYdzKg47aQvNfPKxi8juqPiMY85frmTb/3orJyfVphMHx+bxRgU9ZJev1BCQaIsoSGdnqNtgQgBjAJMJG84EqF+/BIWInaigl9Kr01h9ve4B6vKsT6qVkt++2Z50Rd5f7E2PejDcXe96i0RiiaK5hfKTt/u5BcDjfIYcXfNgCi7ea7DAF5miMD/GJM/mekBH/rLdmLJ0Wxmcfmb4CoKXvS2jM7Nv5kA2 X-IPAS-Result: A2BTBwB08Jdb/wHyM5BbHAEBAQQBAQoBAYNLA2UjXCiMZItEhGaLCohrgV0sAxABhQSDESE4FAECAQEBAQEBAgFsHAyCNSSCZwI3BgEBDCALAQIDCQJACAgDAS0UARcBBwUGAgEBARgEgwABgWkDFQOaRoocgh2CdQEBBYEEAQFqgjwDglEIF4pQF4IAgTmCPYNJAoEuARIBhXeIKIVfMI1cCYIJhDGJRh1YgTCGb4V+jiOHTiFkcU0jFTuCbAmCEINoihwBVU97AQGLJII9AQE Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 11 Sep 2018 16:45:58 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGj4h9023150; Tue, 11 Sep 2018 12:45:21 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w8BGQj8Q031871 for ; Tue, 11 Sep 2018 12:26:45 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w8BGQi4U020359 for ; Tue, 11 Sep 2018 12:26:45 -0400 IronPort-PHdr: 9a23:FTgGOBFzOGNCvit5WFXi851GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e431wKbYL33wKlvs8OP6+btVGkb7tCEuXEGNplNU0xNkt0YyionBsPNEkjnNLjydSVvF81ZWU5N5Hq7OFVbHMvkIlbb5Ha16G1aAQ3xYCxyIOm9AYvOl4Ky3uG29YfUZlBDjSGwcJtpJxW/sAvVu9NTioIkIaE0mVPSunUdXeNQyCtzIE6L2Rbx4sDl5Jl47yFZoO4s7eZbVqP7dP9gEfkCU3ItNGYu4detsBDCSU2J6yJaQ2wWlR0OCA/Av1n2XZb05zPzrfE1mDKbMsv/Ua0uVHy84r1qRh7lhGZPNzMw/GzNzM0lpLNSoBWm4Rd4xoM= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AaBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLaH8og3KIcos/gWCDBosGik8mhFFEg0ghOBQBAgEBAQEBAQIUAQEBAQEGGAZMhW4dAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxUDmg6KHG+BLoJ1AQEFgQQBAWqCPgOCUAgXdIlaF4IAgTmCPYNJAoRigleIKIVeMI1UCYIIhDGJQx1YgTCGbYV7jhiHToF2TSMVgycJghAaGoM0ihwBVU+OGgEB X-IPAS-Result: A1AaBAACrpdbly0bGNZcHAEBAQQBAQoBAYNLaH8og3KIcos/gWCDBosGik8mhFFEg0ghOBQBAgEBAQEBAQIUAQEBAQEGGAZMhW4dAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxUDmg6KHG+BLoJ1AQEFgQQBAWqCPgOCUAgXdIlaF4IAgTmCPYNJAoRigleIKIVeMI1UCYIIhDGJQx1YgTCGbYV7jhiHToF2TSMVgycJghAaGoM0ihwBVU+OGgEB X-IronPort-AV: E=Sophos;i="5.53,360,1531800000"; d="scan'208";a="366436" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 11 Sep 2018 12:26:44 -0400 IronPort-PHdr: 9a23:Y7lwThDWiLfMJLjPI7zgUyQJP3N1i/DPJgcQr6AfoPdwSP35rs+wAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6zaf9wVX2pBXsFWVyBYG4+xc4UCAuscMepBs4XxukYFoR+gCQWwAe/izCJDiH3r0q0gy+kvDB/I0gwjEdwAvnvbo8n6OqgJXOCpzqTF1ynPY+9Y1Dr/7oXDbxAvoeuLXbJ1acfc11MgFxjbgVSQtIfrIi+a1uQXvGiG4epgUfygi3Q6oAx2vjeg3NwshZfJh48O0VDL6SV5z5woJd22TE50f8SkHIJMuC6ALYd5XsQiQ2RxtSs817YIt5m7fC0Qx5QmwR7Sc/OHc4mU4hLjSeaeOi10i25ieLK6gRu57EuuyvXkW8WqzVpHoTBJnsfDu3wXyRDe6NKLR/R980u52DuC1Rrf5vxFLE0wj6bWKp4szqQumpYNvknOGDL9ll/sg6+MbEok//Cl6+T5bbXioZ+RL4F7hBvwPKkwlMGyH/42PxQSU2Wa4+izyqPs/UjiQLVFlPE2l7PWsJHeJcgBo665AgtV3p4i6xa5ETimzMwVkWcaIF9KYh6LkYfkN0vQLP36F/uyjFShnC9ux//cP73hBpvNLmLEkLfkZbty91RTyBEtwtFf/J9UEa0OIPLpVU/sutzYCgE2Mxatz+n7EtpxzJ8RWWWKAqOBKqPdrUeI5v4zI+mLfIIVoyjyK/wk5/7okH84lkQQfbWp3JQLaHC4Ge5qI0OCYXX2mNsBHmAKvhRtBNDt3Xm5dHYHY3e0QrJ5/TwwFZinEZaGQ4ehnbiM9Dm0E4cQZW1cDF2IV3DyeNPAE9UFbS+JaupmiCYFTvD1SYomzwuvryf8wr9qL6zT4CJO8drH9/xQr7nXlBcv5Xl3At6b3mWlUW55hCULSiUw0aQ5plZynBPL6oUwp/1eCMwbs+hEVgY8KI700/1xC9e0XBnIONiOVgDiCvehATd5bNUxytkVbkA1T9eljhaF3S2qCrkOmrqjD5Uy9aTd1HH1Yc16ziCCnIosgkJuacxINiXyhaNy7APUAI3hmEWDkKOraKFa2zTCoiPL8WeSp1xfGC55V6nMFSQHa03ZsNX/o0DPVbmjDZwmdw9G18PEMaJJd8fgy1NLAvX7bpCWW2usny+VAhGSy/vYdIP3f00F1TjZTU0DlBoeu32BMF56Thy9rnreATomLlfmZ0fh4KEqs3+gZlMlxAGNKUt63vy6/QBDwbTWT/IVw6JBtjwtpit5GH6j0N/MTdmNvQxseONbe9x3qAND1GTEp0lzJZCtMa1mrkARfh4xvE700RhzTIJanp5u5FouwRp/OOq011lbdiKR29ikM7HQIHPz7RmpQ6HT01Dalt2R//Fcxu4/rgDItRqkBwIZ+HVuztdR3mHUsp7DFwcDeYn6Uk8q+Rx3vfTRa2824IaChi4kCrW9rjKXg4FhP+Ai0Bv1OocHavnWHRLuE8AcG8mlIfArnF7sdB8fIeRO7/RvYpGbT9etg4WTFb842j+riH9IpoV000bK8it4GabTx5hQ5fae00OcUivkyk+7u5X8kJtJdBkJFWq21CbgCZQUbaQ0doEOWi+1O8Pi4NJ4itb2XmJAsluqBlcIwsisLBGbdFHs9RZb1U0Kr3iqg26zxnp/lDR65rGH0nnoxOLvPAECJnYNRGRmigL0JpOoitkBQEWyRxMukhquvh6mgvIE4q94KXLWWwFNdinyaWdvC+2hv7qFZIhE75Z7+SlUUeHpeVmBUfa9uBoV1Sr/AnFTjC42bTCku5j13lR6hWuRIWw1rS/xaMhwwhCZ79vZSA== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DLAwACrpdbly0bGNZcHAEBAQQBAQoBAYNLaH8og3KIcos/gWCDBosGik8mhFFEg0ghOBQBAgEBAQEBAQIBEwEBAQEBBhgGTAyCNSSDCR0BATcBNAImAkcYAQwGAgEBgx0BgWkDFQOaDoocb4EugnUBAQWBBAEBaoI+A4JQCBd0iVoXggCBOYI9g0kChGKCV4gohV4wjVQJggiEMYlDHViBMIZthXuOGIdOgXZNIxWDJwmCEBoagzSKHAFVT44aAQE X-IPAS-Result: A0DLAwACrpdbly0bGNZcHAEBAQQBAQoBAYNLaH8og3KIcos/gWCDBosGik8mhFFEg0ghOBQBAgEBAQEBAQIBEwEBAQEBBhgGTAyCNSSDCR0BATcBNAImAkcYAQwGAgEBgx0BgWkDFQOaDoocb4EugnUBAQWBBAEBaoI+A4JQCBd0iVoXggCBOYI9g0kChGKCV4gohV4wjVQJggiEMYlDHViBMIZthXuOGIdOgXZNIxWDJwmCEBoagzSKHAFVT44aAQE X-IronPort-AV: E=Sophos;i="5.53,361,1531785600"; d="scan'208";a="18078851" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa06.eemsg.mail.mil ([214.24.27.45]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 11 Sep 2018 16:26:43 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;31b95e39-43e6-442e-b851-5bf62594515b Authentication-Results: UPDC3CPA10.eemsg.mail.mil; spf=None smtp.pra=casey@schaufler-ca.com; spf=None smtp.mailfrom=casey@schaufler-ca.com; spf=None smtp.helo=postmaster@sonic304-27.consmr.mail.ne1.yahoo.com; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 41505126|UPDC3CPA10_EEMSG_MP26.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.191.153 X-EEMSG-check-002: true IronPort-PHdr: 9a23:d30PzxdEiYJdnQ4pM5MGUqSQlGMj4u6mDksu8pMizoh2WeGdxc25ZhGN2/xhgRfzUJnB7Loc0qyK6/+mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbF/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwdR2VORMZRVytGAo+ldocCE+QMMOdFo4Xku1cCsAa1CQ2yCO/zzzNFgGL9068n3OQ7CQzIwgwuEc8Nvnraotr6O7sdX++uwanUzzjOde9a1Svz5YXKdB0qvPGCXah3ccrU0UQiCRnKjk6Opo3lIjiby/gCs2iB4Op9W+Kvj3AoqxtsqTWo2sgjkJLJiZwVy13f7iV23IY1KselSE51Zd6rDoFQuziGOIRsWM8tX2ZouCMjx7AApJW1ci8KyJE9yB7ebfyKa4eI4hP/VOaRPDd3n2hpd664hxa390Wr1+7yVtGs3VtLrydJiMTAu3ED2hDJ98SKTuZx8l281TuP2Q3f8uBJLEIumabGKpMsxqQ8m5sTvEjZACP6hkr7gamLfUs+4Oeo8f7oYrD+q5+cKYB0jgb+P7w1msy4B+Q4MxQBUmaH9emzzbHv40/0TK9Wgf0xlKnZq5XaJd4Bqq68GQBV04Ij5wy5Dzi4zdgUh3kGI0hFeBKAiIjlIU3BIPf9DfunglSslilkx+zeM7DgA5jBNGXPnbbvcLpn9kJRzBc/wcpC659UBLwNOPfzVVXwtNzcAB85KQu0w+P/BdphzIweQnyAA6+CPaPJrVCI5vggI/SCZI8Rpjn9MeEp6OL0gnMjhVAdeqyp0YMNaH+kBvRmP1mZYX30j9caD2gKugs+TOr3iFyNSjNTe3azUL485jE8Eo6mC5zDSZq3jLyO2ye7AM4eWmcTLmupWSPsdoOZS7IXZSmPOM59g3kBUrS8T4IJyx6jrkn5xqBhI+6S/TcX49ar9tFw6vabsBYo7z1vR5Cf1maXVWBvtmUBQjI3mqdlrho5gnOg9Y0w1/hZE8FDovBESAE3MbbCwOFgTdP/QATMepGOUlnwBp2dLHkVT9Qs05daeEt5GtO/njjfziGqBPkTjLXNC5sqpOaU/X/xIY5fzHbP0rIsiRFyQMxPMyukga528RPeAabCmkOekaehfKBa1ynIoiPL7meDpwlzVwlzGfHGUH0EbUzRrvzy5lnFSr6zDPIgKAQXjYa+J7dRd9qhrVxASP6rbMzTZW2smmH1BhuSwL6IRIuvf2ID0WPGAUsZiQlV+3vANxBoQm+Zqn/aRBlpEkjiKxf0+PR6gGuyU0txygaNdUAn3L2wrFpdvuCRU/Me2Po/vS4lrzhlVAKm08n+F8uLpw0ner5VJ9w6/gEDnSjdtgpgLtmuNKxvmFMaWxp4slmo1BhtDIhE188wozlimA5zL7+IlV1aez6G0JTYJLLaMC/x8QqpZqqQ3UvRhpLe06MC+Pkp43nkthuoB0MkuyFu395fyXqN75PiAw8bUJa3WUEyoUtUvbbfNwI0/I7FnUZnMaCpvDvPwZp9D+I+xweIZNxfOb6KEALoVsYTQcOpLbp5yBCSchsYMbUKp+YPNMS8eq7DiPbybbRQ2Qm+hGEC27hTl0eF9i5yUOnNhsZX2PqY1xaJUzrmyVyo9MvwnNIcPG1ALi+E0SHhQbVpSOhqZ49SWTW1KM2+29t6ioSoUHce/1mmVQtfhZ2ZPCGKZlm45jV+kEQapXv8yHmjyDp1mGpx8u/Fg2rFxOL5cQBBP2dKQC9kgA6qMIG0iNdcV0+tPVAk X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AbGgA07Jdbh5m/o0JbHAEBAQQBAQoBAYIaghl/KINyiHKQKosKilEeCIRRRIM6GQYGNBQBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkgwkdAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxWaSYocb4EugnUBAQWBBAEBaoI7A4JRCBd0iXOCAIE5gj2DSQKEYoJXiCiFXzCNXAmCCYQxiUYdWIEwhm+Ffo4jh06Bdk0jFYMnCYIQGoNOihwBVR8wjl4BAQ X-IPAS-Result: A0AbGgA07Jdbh5m/o0JbHAEBAQQBAQoBAYIaghl/KINyiHKQKosKilEeCIRRRIM6GQYGNBQBAgEBAQEBAQEBARMBAQEKCwkIKSMMgjUkgwkdAQE3ATQCJgJHGAEMBgIBAYMdAYFpAxWaSYocb4EugnUBAQWBBAEBaoI7A4JRCBd0iXOCAIE5gj2DSQKEYoJXiCiFXzCNXAmCCYQxiUYdWIEwhm+Ffo4jh06Bdk0jFYMnCYIQGoNOihwBVR8wjl4BAQ Received: from sonic304-27.consmr.mail.ne1.yahoo.com ([66.163.191.153]) by UPDC3CPA10.eemsg.mail.mil with ESMTP; 11 Sep 2018 16:26:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1536683189; bh=zURbNl6VpmvtgnUOSIzJioExI/4fKFwu9E1NaQA4sx0=; h=To:From:Cc:Subject:Date:From:Subject; b=FHHwUu/BvyvAjSWRm2aWLy6vcg2ZVXMa7bdBmrJjQxXtR30EyeXPc89sxJn2RgU8hfyEauDyNRNfT40iaZpV3F9yCI8e+z/+sEDU3ip+IME5+TmcWiPULwsvzO+xvJ9m4XhqzvdbsbiDbVojEQ9j0Rl8ga5ludAen3x3brifniw40gPF6zTmmG0OiTJza9+RbBSeVJIqja9XAyPZD3SKmDWkTyZ+k/AKi1cPIpq7FCTSeNcIl88nhGcOeKk7KNLMzIQi+K61T0PsmsHay7ReWF6JW8tpPU61Tdn8qnndQkvFxX7Yg9a472QPDC1WImbpkmF3VWPdxi4ctQu1wPLzsg== X-YMail-OSG: Kf0C.zUVM1mqaDrK0RWvt2yFjvE9eN1mRrj_S1sGUBPuKjmvEVVbNiYcYMcZa5J uep7dwPiwhlaZmm0eNIoX5QnREviup7rKf6yqKf7NDV_HfwQUr3sAvI..Xei5.95IDKGGy72Fqv. 4IGz_n9PH10wOGpj1rI53gyK4JpqWMvtDNGu.GPfFq2V9HAsgIaeth.40yWNv04oz3MnQALmRPtI iZdZqKULTqZKRNXtkBFl2C_Ob1vlpP2TqfIWfDheqMNr6UPshTiRT0OZb_rL9_YcRBiC.BnFnbkX JJkTEZ_F9cHulTXvwQB8ir4b5mcVIQ0.TDweRwbw88YTsHRE6EgJjyF4oxSpOM2Z5aKi0ieViw08 2rp__6Tl1mw1qBg3Vt3e.WAC0gUy1.LIJeD6EHCgyP.0n_cud0DqdFeC3nv_Yb7dG_6ob1UEaPnb dmILtcHAprqn9DepWpLR58dTkRMtj3ATM4d_k65fxsQBXS1ZP82QUKAK2zq8Bi1pvlTE226RblgL bzE_Zq5LlBO6OQSy1QiPP1ym34Y.ZEmOqN1vZmJb8K37sBrTgRbtLpKYT2Di9yJ.aw6Hf4x_6QJ8 bw.rshDiAQkxP8gvNZ.tf51yE41SJp_xHN9vW60s52E.0NojTr9untXSCuyTpNk.SYaBCzcOJZ6h tW4VTafkN7Ah.78d16UxWud3StXGnd7iy6klAJbnx0lPqIU6Lx3epJzgTW.kIPElkxb5N4Kxo7vU EErQArHkfeY9OfF4QMcMMWd4nM4WArrsuWjUW.o5kWDZ3InRGQBjjZrYuZ2K49ts1W3JeYHH4d0E qOy98OhnFwRhqE4XzLWPBL7420L3W2y7BCKG38wboMCyBnPRmGobrbzAjWJXvUbrIsJfM4mRBMh1 im12xEEfLaNHB_9H5TRV8cWWuMmmB7wSUdOlr17Yt2ct3KWdWPZtFXoZQz.QM6f9.fhsGIcMH9qy 1zZNydBq9c3_ywhQ107iwpdBqJQKG.6WdkgGSIPt5Ks5N_66XUEfs3ZWXUkjiWIouV1LRp1HaZAj oNccI64Fjn.k.LNyaZGt.jCaQ4Me1Mxs0rwVA.e3HlAXd8DtYnrkB4uA- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Tue, 11 Sep 2018 16:26:29 +0000 Received: from c-67-169-65-224.hsd1.ca.comcast.net (EHLO [192.168.0.102]) ([67.169.65.224]) by smtp427.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID da7615c57ead9698b5b5b8ef21f732cc; Tue, 11 Sep 2018 16:26:24 +0000 (UTC) To: LSM , James Morris , LKLM , SE Linux , John Johansen , Kees Cook , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: Date: Tue, 11 Sep 2018 09:26:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Mailman-Approved-At: Tue, 11 Sep 2018 12:45:04 -0400 Subject: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: "Schaufler, Casey" Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP LSM: Module stacking in support of S.A.R.A and Landlock v2: Reduce the patchset to what is required to support the proposed S.A.R.A. and LandLock security modules The S.A.R.A. security module is intended to be used in conjunction with other security modules. It requires state to be maintained for the credential, which in turn requires a mechanism for sharing the credential security blob. The module also requires mechanism for user space manipulation of the credential information, hence an additional subdirectory in /proc/.../attr. The LandLock security module provides user configurable policy in the secmark mechanism. It requires data in the credential, file and inode security blobs. For this to be used along side the existing "major" security modules mechanism for sharing these blobs is provided. A side effect of providing sharing of the crendential security blob is that the TOMOYO module can be used at the same time as the other "major" modules. The mechanism for configuring which security modules are enabled has to change when stacking in enabled. Any module that uses just the security blobs that are shared can be selected. Additionally, one other "major" module can be selected. The security module stacking issues around networking and IPC are not addressed here as they are beyond what is required for TOMOYO, S.A.R.A and LandLock. git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock Signed-off-by: Casey Schaufler --- Documentation/admin-guide/LSM/index.rst | 23 ++- fs/proc/base.c | 64 ++++++- fs/proc/internal.h | 1 + include/linux/lsm_hooks.h | 20 ++- include/linux/security.h | 15 +- kernel/cred.c | 13 -- security/Kconfig | 92 ++++++++++ security/apparmor/domain.c | 2 +- security/apparmor/include/cred.h | 24 ++- security/apparmor/include/file.h | 9 +- security/apparmor/include/lib.h | 4 + security/apparmor/lsm.c | 53 ++++-- security/apparmor/task.c | 6 +- security/security.c | 293 ++++++++++++++++++++++++++++++-- security/selinux/hooks.c | 215 ++++++++--------------- security/selinux/include/objsec.h | 37 +++- security/selinux/selinuxfs.c | 5 +- security/selinux/xfrm.c | 4 +- security/smack/smack.h | 42 ++++- security/smack/smack_access.c | 4 +- security/smack/smack_lsm.c | 283 +++++++++++------------------- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 31 +++- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 57 +++++-- 26 files changed, 899 insertions(+), 435 deletions(-)