From patchwork Thu Mar 8 01:53:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 10268019 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1C819602C8 for ; Thu, 8 Mar 2018 13:02:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C5C8298E8 for ; Thu, 8 Mar 2018 13:02:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 003202990C; Thu, 8 Mar 2018 13:02:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, NO_RDNS_DOTCOM_HELO,RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from USFB19PA14.eemsg.mail.mil (uphb19pa11.eemsg.mail.mil [214.24.26.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A5AB8298E8 for ; Thu, 8 Mar 2018 13:02:06 +0000 (UTC) Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by USFB19PA14.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 08 Mar 2018 13:02:05 +0000 X-IronPort-AV: E=Sophos;i="5.47,441,1515456000"; d="scan'208";a="9484235" IronPort-PHdr: =?us-ascii?q?9a23=3AkqRfoheAtgsSyJm6LryWl+VhlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxcm9ZB2N2/xhgRfzUJnB7Loc0qyK6/umCTBLu8bJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanbr5+MBu7oR/Su8QZjoduNKU8wQbVr3VVfO?= =?us-ascii?q?hb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnY?= =?us-ascii?q?UAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhS?= =?us-ascii?q?waLDMy7n3ZhdJsg6JauBKhpgJww4jIYIGOKfFyerrRcc4GSWZdW8pcUSJOApm4?= =?us-ascii?q?b4ASEeQPO+hWpJT5q1cXsBeyGQygCeXoxTBKnHD23ao60+M4HQ3fwAEtEdMDvG?= =?us-ascii?q?nNoNnpKasZTOS5wLfUwTnGaf5dxDXz55XSch05v/+MU7J+f8nfx0YhGAzKjEmf?= =?us-ascii?q?p4P4MTON1OkBrmaW4PR7Ve+0l24qqRt8riSzysoiiITEgJ8exFDe9SV+xYY4Pc?= =?us-ascii?q?O1R1RgYdG6EJpbqjyUOJd2Qsw4XmFotiI6xaMcuZWmeyUF1I4oxwXBZP2HaIWI?= =?us-ascii?q?+Q7sVOaLLjdlinJlfKywhwyr/Ue80OLwTNW70FFPridclNTHq3MD1wTL58SaRf?= =?us-ascii?q?Zw8V2t1DaS2wzJ9O1JLl44mbDGJ5I5w7M9l4AfvVnCEyL4gkn6kaubelg+9uS1?= =?us-ascii?q?6+nqbbPrrYKGOYBukAHxKKEul9S6AeQ/LwcBQXCW+f+51L3/5U35R6hKjuEunq?= =?us-ascii?q?nZrp/aIcMbq7alAwBPyIYj6gu/Dyy83NQEnXgIMFJFeBWdg4jvJ17OO+z3Ae26?= =?us-ascii?q?g1StlDdn3/HGPrv/DZXRNnXPjbjscLln50Nc1QY/185T6p1KBr0bPf7/Qkrxu8?= =?us-ascii?q?bZDh89PQy02eHnCNBl24MFR22PBq6ZMKXPsV6H/+4gOO6MZJITuDnhNfcl/OXj?= =?us-ascii?q?jWM5mFABfamp2oEbaHajHvt8OUmZbn3sgskZHWcQogU+VPDqiEGFUTNLZXayWK?= =?us-ascii?q?Q86SsnCIKmF4jDQJuggL6G3Ce9G51ZfHtGCkySHnfybIWIQfAMaDidIsV5iDwL?= =?us-ascii?q?SaChS5M91RGprAL6ybhnIfDI9S0brpLj09515+zNlRwp+zx0C9md0m6WQGFpmG?= =?us-ascii?q?MIWyI20Lp4oUxnxVeJybJ4jOBAFdxP+/NJVR83NJDdz+x+DtD9RBjBc8yHSFm4?= =?us-ascii?q?X9qmBisxQcgpw98UZEZ9GcutgQzf3yawBL8VjbOLDoQu8q3Ax3jxO9p9y3He2a?= =?us-ascii?q?Y8k1YmR8xPNWu6hqJi7AXTGZDGk1+Yl6ercqQc2jTB9GGdwmqSpEtYShJ/Ub3Z?= =?us-ascii?q?XXADYUvbtcn25l/YQL+0ErkoLgxBycueJaRQcd3pkU9KRPH9N9TCe2ixgXu/BQ?= =?us-ascii?q?6UxrOQa4rnY2Uc3STaCEgCiA0T+HKGORE/BienuW7eCiZhFUjsY0Pt7+lxtmm3?= =?us-ascii?q?TkkqwAGWd0dhzaa6+gYJhfyATPMexqwLuD87pDVuHVa9xMnbC8KaqAp7faVces?= =?us-ascii?q?s94FNd2m3FqQNxJJugL7pthlQGaQR4o1vu1wlrCoVHicUqomkqwxB0Ka2E0VNB?= =?us-ascii?q?bCiV3ZXoOr3WM2Xy5x6ua7XM1lHZytaW9b8F6O4kpFX7oAGpCk0i/m1k09ZP0H?= =?us-ascii?q?uc4YjKARERUZ3rUUY38AV6q6vdYikn6IPezWdsPrWssj/ex9IpA/MoxQy9cNdF?= =?us-ascii?q?MaOLChXyHtYACMeyLewmgV+pbggLPOpK7q47I9umd+ea2K6sJOtghi+pgnlc7Y?= =?us-ascii?q?By10KN+DBwSujW0JYZ2/uYxBeIVy/gjFe9tcD6gZtEZT8IHmq40ijkGJVcZrZ0?= =?us-ascii?q?fYYMB2auJte4xtNki57rRXFY6EapB0ka18+xZRqSc1v90BVe1EsNpXynhTW3zy?= =?us-ascii?q?ZvkzwysKqQwjbOzP//dBoCIGJLQ3NijVj0K4iuk98aRFSobxQulBa940b6xqxb?= =?us-ascii?q?pKBhIGnIWkpHZTb5L3tlUqeqsbqCecFP4osysSpLSOS8fUyaSrnlrhsE0iPsA3?= =?us-ascii?q?dexDchdz2wppr5nxt6iGSSLHtoqHrZeMdwyg3F5NzbX/JR2SAGRCZggznNGle8?= =?us-ascii?q?J8Wp/cmTl5rbtuC+VnmhVoFKfSnw04yAsCq75Wt3ARywhP2zgcXnEQk80S/6y9?= =?us-ascii?q?ZqTj/ErBDibYn3z666K/5oflF0BF/g7Mp3Apt+kow0hJEUx3canIma/X0JkGro?= =?us-ascii?q?KtVbxL7xbGEXST4M2d7V7xDv2Fd/IXKR24L5SnKdz9NiZ9akZGMWwTkw78NUB6?= =?us-ascii?q?eS97xEmzV6okaioQLWe/h9kS8XyeEy534Cn+EJpA0twz2FAr8IAElYOTLjlwyS?= =?us-ascii?q?4NC4sKVYenyvfKOt1Eplg9+hFqqCrhtHWHb+Z5ciBzN/4dtxMFLLyn3z5Z/rdM?= =?us-ascii?q?PWbd0Nqh2eiw3AgPRNKJItivoKgjJqOXz7vXI40OM7kxpu0oy6vISdLWVi4r65?= =?us-ascii?q?CAZCNjLpf8MT5i3tjaFGk8aYxY+vGIlhGjIOXJbzQ/KnDi8dtfP9NwmUCD08sH?= =?us-ascii?q?CbGbjBEgCD9EdqtXXPE4qkN3uPPnkW0c1iRAWBJExYmA0UWS81npo9Fg+02Mzh?= =?us-ascii?q?bF126SoK617+tBRM1vloOAXlXWfHugikcDE0R4aDLBBO9AFN+1/VMdCC7uJ0By?= =?us-ascii?q?xY8IehoxKQJWyAfQtIC30JWkufB134JLah+dzA//KfBuqkIPvEea+OpvBGV/eU?= =?us-ascii?q?2ZKv1ZNr/zCWNsqVJnliF+Y22kRCXXBjAMTZhzsPSy0Rly3Xac6UuBa89Tdzrs?= =?us-ascii?q?yl9/TrQg3v75OVC7ROKdVv5wy2gaCbOu6Imil2MihX1pUNxX/Uz7gSx18ShD9w?= =?us-ascii?q?eDazC7gAsjTNTK3IkK9NExEbcz9zNNdP768kxQZCIsnXitf01r5jkv41EE1JVU?= =?us-ascii?q?f/lc61f8AKOH+yNFfGBEaNKbSHKibGzN33YKOmVL1Ql/9YthOqtjaHCE/jOTKD?= =?us-ascii?q?myPuVxC1PuFGlDubMwBGuIGhbhZtDnDuQ8nnah20N993iyY7zqAqiXzRNG4TKz?= =?us-ascii?q?58f1lKrr2K4iNSmu9/FHBZ7np5MemEnD6U4PPXKpkMr/tkHD95l+VC4HskzbtV?= =?us-ascii?q?6TtLRP1xmCTJqd5vrEuqku6VyjpoSBBOsCpEhJqXvUV+PqXU7oVAWXHB/B4X92?= =?us-ascii?q?WQDBULqMVjCtL0oaBQzcbAlKHoJThe9NLU+NcTCNLPKMKbKnYhNwTmGCLMBgsf?= =?us-ascii?q?UTGrLX3fh1BakPyK9H2Vrpg7qoDrmJoKS79bSEI6G+gfCkRkANwCOol4Uikjkb?= =?us-ascii?q?6Bg84C/WC+owXJRMVGopDHUeqfAfbvKTadk7ZJfB4IwbT2LYQdKIL7x1Biall9?= =?us-ascii?q?nITPBUXcR9ZNrTN9bgUsukVC7GB+TnEv20Licg6t5mEcGuSwnhMtiQt+Zv8t9C?= =?us-ascii?q?v27FcxPVrKpyownFM3mdr7nTCbaCTxI7uoXYFKFyr0sFA8MonlTAZucwK9h1Zk?= =?us-ascii?q?OyvER79KlLRgdHprhxLbuZtBAf5cV7NLYR8KyfGRefoozUxWqj+7yk9f+evFFZ?= =?us-ascii?q?ximRM3fp6rqXJA3R9sY8AxJazRP6dG1EZfhriJviOy0eAx2gAeLV4X8GyOYC4I?= =?us-ascii?q?pFAINr4+KiW15ONs9w2ClCZYeGUXTfUquOhq9kQzOuSb0S3vz6NDKlqwN+yDL6?= =?us-ascii?q?KVoW7AmtCUQlkozEMHi1FF/aRq0ccka0eUU0cvzKGPGBQPNMvCLhpYb8VU9HjO?= =?us-ascii?q?ZyqOtv/NwZ1tNYWnCu/oVfOOtLoTgk+8BwYmAYAM7sUHHpmx30DVNtvoLLkAyR?= =?us-ascii?q?ox/gvrP0mFAO5PeB2VjDcNu9u/w4Nv3YlBOjEdBn1wMTm25rbSoQ8qnPqDXdct?= =?us-ascii?q?b3gHX4sFNmg5V9agly5foXtAECG90vgFxwia8z/8uiPQASHmYNpnZfebeQ1jB8?= =?us-ascii?q?mz+TQ/9ai2jljX/Y/FKm7hNNRtoNnP5foUp5aaEf9US6dys1vEkYlCW3OqS3LP?= =?us-ascii?q?EcKyJ5XocIYjc9r0B22gXVOilTI6Ud3xPM23IaiSgQDkX4FUsJOU3Do7L8+yCi?= =?us-ascii?q?keGwtsp+EE/K98ahADY5s/YR7sqQs+MreyLxqG3dq1QmaiMz1WQ+NYzeWgaLxd?= =?us-ascii?q?1zAsYfOiyHs8UpE6yPG68VQLRJELkh7exfGjZ41FUSbrA3JTZh/BqDY+mWV6Ku?= =?us-ascii?q?kyxeI/zw/SvlkHLzCHbuppZ3JYv9skH1OdPW12CnYkR1+blYfD+BSj36oV/yRG?= =?us-ascii?q?hNtUzfdFv2LgvpDBZDKsWaqrqZrRsyohYtgmo7FxMYL5LcucsZPShDrfQ4fMsg?= =?us-ascii?q?edSi61C+JamsRMICJfWPRJl3spNtAGuYpA7EoxV90xJ79UBaktuL+ldyRrATQV?= =?us-ascii?q?zS8DWIOKxCYCjfuk27vGiheQd4wvMBkev5VYgdsSTTJ2YiIYpK+sTIjXmXWLSm?= =?us-ascii?q?4XLwcX6gRM+R8PlpRqcuDj/oXIUIdGyyRKrPJsTivLCp5o+kPhRWGMnFj4Tu+t?= =?us-ascii?q?k++y0AJTzfLs08UbVwVlBUhb2elWilMiKKtrJKkIoo7KrjiIeFv7vGLr1OupOl?= =?us-ascii?q?1RxtPRd1LmEIrFr2r9XzYb+X0MW4BPznTfGo4Tkwp9c6kro1pNLJqhekbk6Dwu?= =?us-ascii?q?355pEKWgVcC321Ylqm4LRzutE9pEEOxmrE7bWDh+bJyxrpXqJYlSSHdK+JKBs1?= =?us-ascii?q?dZjFltMymhxJpcMc5N+CQDXDxSrjiGodS9VtVD2ddoAJ8IPNh/oW3xGKReOJie?= =?us-ascii?q?u3c2oKDgymfF+zAgt1e33DezG6imQO9C4mIRBB4pKHqEqkkzEeQj733e8lbTvV?= =?us-ascii?q?Bo5+1bHKSAjV1toDZhGZBDHipJ2m24IFRyVnZGt/5XJ7jSc8xZX/Y9fwSvOwAk?= =?us-ascii?q?Gf4gwUOJ4Vl+nW3lbCxqqgta5yfdUhEvWikbnrjhhT8TptypNDIBV51IajAhYD?= =?us-ascii?q?vfJAKAhSBbphBfZF92W5oBGNZK56kb3ZdI/srFUUusMz8KUwFiNg0izfpSjkpD?= =?us-ascii?q?sEKGeS/DEwanafHPvQBpcsuLqs6mMuj59h9dioz7qOA467kDR3q+lA21WtDes5?= =?us-ascii?q?XzucCWtkaVb6f4NPC8YWXdQzfSixCwma0kAIPO/yTJNwpbMZZ6w2I+YZf9EW7L?= =?us-ascii?q?IQhGJ6UDKkpHT6B1d8tJrf1Bas95fKYJ5bVtCQiZRhPuH4yvqOdJLkrJSTTZNS?= =?us-ascii?q?WB/fS1oZjP4rzFVejgesuMym7FQ61tJJd67iL7G7Pw3o9A4Uf23+pt9kdmSVjH?= =?us-ascii?q?Ly+Brc7uJgUQ5MW4cUvipJIpFyvMAJhsiHrt2l1Ad80PTi2o6psYzp1Z6Gz3Se?= =?us-ascii?q?1lzEf+q/FS+KNi6Yks5LBl08G0KrnOKf5Cq09oHgCUBhl29pUqGGV/QWRRb/QQ?= =?us-ascii?q?KPfXeKQVl8Huq+b5F6wN8hKV4PBZacHaJ07dhsm/FyucRgJekAcGsz4aIROW1+?= =?us-ascii?q?SZlK9sVcalue/511or41i/MhEGy7Rt6p2f+qaSpe/XaBzRzaMfWqXxQ8P+obst?= =?us-ascii?q?t1mV5f0+m74EYnZ1bBG/EOgBSs4dwX/twrwwwiIoDczDBK7g+f5EV38ihTLvh5?= =?us-ascii?q?F9EEsQGvMIHLqE555SnmEmlOzFLtcWaLxNmn6TFR64Fb8P0Xqr6zCSIGRlmRzO?= =?us-ascii?q?3Q//Tn607F/styB4WTHMz9DhkkVLSra3GV1eXy2zOU93qDmPJhbntMLruaQp60?= =?us-ascii?q?E7Km7ktNOIlGa6PbNYAc3+K8KGISk1olIXg4c9Rtqx1oAHAdC9Osse8GlibvvC?= =?us-ascii?q?7GOmiy5BoqZdiIXE/s6Y4e7XEme8j6KEt7qB3jdYymI3vVsn8NCvKunO58GWQ/?= =?us-ascii?q?Svz2seVCZ/uxDPXhGvqLzbrkwUOVSR30fWnIwHJc1W3X4l2U74/ucjXcgz9AJE?= =?us-ascii?q?Fonaff8CoirzODTsy1aFf903TjWe0ydQHl/tCVl3ArQ8137wvMPHknfQ4V4oSp?= =?us-ascii?q?Brd0P5gRx3DoM4KV8i6VUM2ioMCxQNZgybDLCmAkTlN4gEWVIAaRuZxri6fLk4?= =?us-ascii?q?3UlpzrOo/u/TYvR2B7AROfZFkg6OgF9bF4oZsaIEWrJzZUNd9K7MqwjmCojnQ+?= =?us-ascii?q?bplXoqOv2oWcBW68YZuGU+4gynXRqv9Y9D76oHiJCPbqNEbobDvMZg70dg4j4D?= =?us-ascii?q?cTdNjwZ7jxO4V+Acue/i78PfsJW28OavVLwiS/8R9xcqG2R0l4Hwj0w7odHLy+?= =?us-ascii?q?dcTZXYhpj98A9XP3GHo5rV0x54KeoKKoKkYqxg92kZKCcCJ3ICJ92Wa+Mz4yV1?= =?us-ascii?q?KjXc+0RCAt8QZdMfJMfNnAdUikv1WLFc6MXWAVqYC4ZpeMAu8WX31D408ZwmUu?= =?us-ascii?q?bj8z+6P5bf4E9RP/lbliVjiMrCpPQJwfrVECUX7mWWawNuwi+b1peDBPD+/eSK?= =?us-ascii?q?yNHJWFILBSE2U4JHKzqE5wOrXO21lI/mUgmM8M/8nIo+dF6MRny2hKkFsKFMEe?= =?us-ascii?q?5GiinhwjdeFoT1h++IvNut6WtXsEZHEIVy7RDeBqVfP4t7Ng78lsa2R0hwHC3/?= =?us-ascii?q?d9/IdhA2ouqZ2v8M4/liN0v5fYIbIwwExKj86XdOSgtuVaP5vleeXeIKftdmT+?= =?us-ascii?q?nErn9N44J6N6APJESdpIDtrjpQqlA5HgEpaLE0rjFBeEjBhgtVVLjouLIajAsT?= =?us-ascii?q?T8J5s1dWGW2sIGI++ybHVaNNgameDPwV9TuSQbIKU0VsKS5+WBS12JNve7S1h/?= =?us-ascii?q?xHtH1Jnj9lqvgwzzNmXAe8uTHrp68VxTIg+bS4uS4duXxEUuqekDnHCVFZwPQM?= =?us-ascii?q?k6gcF27o6Uagb3kbcIvy/L5nKNzl9Ykg4HQ/YhIjcjYEXeu6CCHwiKWIDZKJsN?= =?us-ascii?q?5Ggh6CptnOZ6epLScOLrQ91Q7jR39l3wfFghlo9ncLTy677N8gI4W9JdolxjS2?= =?us-ascii?q?FmfGbloM5blJsMTpv14RUOQ2cU9hwHlk0sWfXi0NQ8jPFHwvjgkqbmVEdJxD5A?= =?us-ascii?q?QfF6kvhTaIpbdJ8R0OYDfTCYSl4YjQncHH2XUnStdq3G3WrLWfhpw2yH1lh890?= =?us-ascii?q?7imWtXQcaePYV85sAmDt2YpEyO3+ZvCtsuUZR4t8zLSuTuUOMs65+Wu5wJ9qQF?= =?us-ascii?q?OqxqwCH1qlN+8O3rnaUz+/SW2ZReuEbXOBnzM4Mk7u/xmnMEc7aMBQr08yKuHC?= =?us-ascii?q?nIJTlxX9UbNoQSWdvVjbzGg9Pu4BbwI2vJ2oexcWTO4Qe+ecOfIuz+MgB1cWaX?= =?us-ascii?q?/GAzd2AfessVGxhIh7J2lg4ULibOTp8wDmNsaSGxYdHY7er55x4uC6RnmaNH9h?= =?us-ascii?q?1hJyOk50+/3YF1Qrue9Wa4yRksTIh9Rnze4FcO9gMSgntdEPmoJj6I+U0MCRfB?= =?us-ascii?q?HPz5byI8/aovyZA/3Z0kQrdXtWUr0DYQP6/486JMI2W6XPHbtFuhQRHao6T4Yi?= =?us-ascii?q?N2f27655Nx5zcgjNZLS0hcnqu+2LZptIp3PM6FI/MjvcsQUZyvOoVQx7c4yqh3?= =?us-ascii?q?LqLZArSDJBqsFiBxplEYZUBcMPsRCnA5+VmaG8jd+94UV6tPEWsfm4Nvef8O+c?= =?us-ascii?q?l9F1Xp5H9QmQMT3MHqh3kwFgieivhvrozJb8E4XhdMkCWew9RXTKPPuOPIy6Jy?= =?us-ascii?q?nGH8XmYU9du+qe1bVjSBSKTCbwWqeH8iq+O6M3z188z9lTdfHe3XQW5LHSxdX2?= =?us-ascii?q?ansT8iyqtnOYHIBU7FXXC+jTRVdfQLyO92MzTv5fVpf96OpbaY9q+9Ob+QQmqW?= =?us-ascii?q?Ua3Q=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2BNAgBVM6Fa/wHyM5BeGQEBAQEBAQEBAQEBAQcBAQEBAYN?= =?us-ascii?q?NA4FVKINQixGNBIICgRaBUJRgMIVUgkUhNxUBAgEBAQEBAQIBaieCOCSCSAMDA?= =?us-ascii?q?QIgBBkBATcBAgMJAQEhAwIiBAICAwFBCggGAQwGAgEBAYR8AxUDnwyLJm2BbDq?= =?us-ascii?q?DAQEBBYFpgj0DgTqCFQgXd4QngTV5gzwpiy6CYogfhkmLawmQYXWIOYU6i0WHL?= =?us-ascii?q?jQigVJNIxWCfYIiDxyCHFaLZgEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 08 Mar 2018 13:02:03 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w28D225I014976; Thu, 8 Mar 2018 08:02:03 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w281rj9V106876 for ; Wed, 7 Mar 2018 20:53:45 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w281rmSH030456 for ; Wed, 7 Mar 2018 20:53:48 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1AKAQCHlqBalywbGNZeHAEBAQQBAQoBA?= =?us-ascii?q?YNNgVkog1SLGI0IgVAygRaBUJR5hToCRYJFITgUAQIBAQEBAQECEwEBAQEBBhg?= =?us-ascii?q?GhXoDAyMEGQEBNwEPIgMCJgICRQoIBgEMBgIBAYR/AxUDnnCLJm6BbTqDAQEBB?= =?us-ascii?q?YFqgjsDgTqCFQgXeIQjgTV5gz0pizCCYognhk6LdgmQeHeIR4VDi0qHOzWBc00?= =?us-ascii?q?jFYJ9giIPEAyCHFaMBQEBAQ?= X-IPAS-Result: =?us-ascii?q?A1AKAQCHlqBalywbGNZeHAEBAQQBAQoBAYNNgVkog1SLGI0?= =?us-ascii?q?IgVAygRaBUJR5hToCRYJFITgUAQIBAQEBAQECEwEBAQEBBhgGhXoDAyMEGQEBN?= =?us-ascii?q?wEPIgMCJgICRQoIBgEMBgIBAYR/AxUDnnCLJm6BbTqDAQEBBYFqgjsDgTqCFQg?= =?us-ascii?q?XeIQjgTV5gz0pizCCYognhk6LdgmQeHeIR4VDi0qHOzWBc00jFYJ9giIPEAyCH?= =?us-ascii?q?FaMBQEBAQ?= X-IronPort-AV: E=Sophos;i="5.47,438,1515474000"; d="scan'208";a="219235" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 07 Mar 2018 20:53:48 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AtCXsyRHfnheHGLohm7MWSp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ7zrs+wAkXT6L1XgUPTWs2DsrQY07GQ4/urAjNIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfb1/IA+1oAjfucUbj4lvIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1ky?= =?us-ascii?q?oMKSI3/3/LhcxxlKJboQyupxpjw47PfYqZMONycr7Bcd8GQGZMWMFeWC5bDYO8?= =?us-ascii?q?aIsPCPMNMf9EooTzplYCsAKyCRWxCOjyzjNEmGP60ag83u88Ew/JwRYgEsoTvn?= =?us-ascii?q?rKotX7NKQcX+67w6bHzzrMc/xY1Czh6IXKaB0tve2AULxyfMfX1EIhFxnFjlKV?= =?us-ascii?q?qYH9IT6azP8NvHab7uF9SOygl24npBtsojihwscjlJPJjZ8Sx1/Y7yp525g6JN?= =?us-ascii?q?2jRU5gfdGkEIFftzyUN4tyXMwiWXhktzogxbEcpZG7ey0KxY0hyhXCaPKHa5CF?= =?us-ascii?q?7gz+WOueOzt0mn1odKihixuw60StxeLxWtG13VtLtCZJj9jBu34X2xDO7sWLV+?= =?us-ascii?q?Fx8lqh1DuA0Q3Y9/tKLloulaXBLp4s2r4wmYQXsUTEBiL5ll/4gqGIe0gq5OWm?= =?us-ascii?q?8fjqbqnmq5OGKYB7lAT+Mr8hmsClBOQ3KAkOX2yB9eS51b3j+VX1QLRMjvIojq?= =?us-ascii?q?nUqI7WKdkUq6KjHQNY3Zwv5wi9Aju839kVkmELLFdfdxKGi4jpNUvOIPf9Dfqn?= =?us-ascii?q?n1ujiixryO7GP7D6GZXCMnjDn638fbZz705T1hAzwclD6J1OEL0OPPXzWkrpuN?= =?us-ascii?q?zCEhA5KxC0w/rgCNhlzYMRR2aPAq6fMKPPvl6F/f4vIumQa48VvzbxMf4l5+X0?= =?us-ascii?q?gnMjll8derepjtMrbyWcJdEud0GYZ2f8x8wMGnoQvxYvCenthECGXBZNaHuoGa?= =?us-ascii?q?Ex/Dc2DMShF4iVAsiPibmMx2+eGYdMZ3sOXlKJFm3ydp6sXf4JZSPUJdVuxG8q?= =?us-ascii?q?T7+kHqQozhy//DTxy7N6IO7Z4GVMvpv42cld/ObTnAw88TFuSs+UlWqKSjcnzS?= =?us-ascii?q?szWzYq0fUn8gRGwVCZ3P0906RV?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D1AAA8l6BalywbGNZeHAEBAQQBAQoBA?= =?us-ascii?q?YNNgVkog1SLGI0IgVAygRaBUJR5hToCRYJFITgUAQIBAQEBAQECARIBAQEBAQY?= =?us-ascii?q?YBlaCOCSCSAMDIwQZAQE3AQ8iAwImAgJFCggGAQwGAgEBhH8DFQOecIsmboFtO?= =?us-ascii?q?oMBAQEFgWqCOwOBOoIVCBd4hCOBNXmDPSmLMIJiiCeGTot2CZB4d4hHhUOLSoc?= =?us-ascii?q?7NYFzTSMVgn2CIg8QDIIcVowFAQEB?= X-IPAS-Result: =?us-ascii?q?A0D1AAA8l6BalywbGNZeHAEBAQQBAQoBAYNNgVkog1SLGI0?= =?us-ascii?q?IgVAygRaBUJR5hToCRYJFITgUAQIBAQEBAQECARIBAQEBAQYYBlaCOCSCSAMDI?= =?us-ascii?q?wQZAQE3AQ8iAwImAgJFCggGAQwGAgEBhH8DFQOecIsmboFtOoMBAQEFgWqCOwO?= =?us-ascii?q?BOoIVCBd4hCOBNXmDPSmLMIJiiCeGTot2CZB4d4hHhUOLSoc7NYFzTSMVgn2CI?= =?us-ascii?q?g8QDIIcVowFAQEB?= X-IronPort-AV: E=Sophos;i="5.47,438,1515456000"; d="scan'208";a="9474837" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 08 Mar 2018 01:53:47 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;989e6cb1-79bd-4816-895f-56888f0cb2c1 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC02.oob.disa.mil (Postfix) with SMTP id 3zxYT63XKBz2Slc4 for ; Thu, 8 Mar 2018 01:53:46 +0000 (UTC) Received: from UPBD19PA11.eemsg.mil (unknown [192.168.18.17]) by UPDCF3IC02.oob.disa.mil (Postfix) with ESMTP id 3zxYT61l9pz2Slbq for ; Thu, 8 Mar 2018 01:53:46 +0000 (UTC) Authentication-Results: upbd19pa11.eemsg.mail.mil; dkim=pass (signature verified) header.i=@yahoo.com X-EEMSG-check-008: 123469962|UPBD19PA11_EEMSG_MP11.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.163.191.154 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CpAACHlqBah5q/o0JeHAEBAQQBAQoBAYUmKINUixiOWDKBFoFQlHmFOgJFgkUhOBQBAgEBAQEBAQITAQEBCA0JCCguhSQDAyMEGQEBNwEPIgMCJgICRQoIBgEMBgIBAYR/AxWec4smboFtOoMBAQEFgWqCOwOBOoIVCBd4hCOBNYQ2KYswgmKIJ4ZOi3YJkHh3iEeFQ4tKhzs1gXNNIxWCfYIiDxAMghwfN4wFAQEB X-IPAS-Result: A0CpAACHlqBah5q/o0JeHAEBAQQBAQoBAYUmKINUixiOWDKBFoFQlHmFOgJFgkUhOBQBAgEBAQEBAQITAQEBCA0JCCguhSQDAyMEGQEBNwEPIgMCJgICRQoIBgEMBgIBAYR/AxWec4smboFtOoMBAQEFgWqCOwOBOoIVCBd4hCOBNYQ2KYswgmKIJ4ZOi3YJkHh3iEeFQ4tKhzs1gXNNIxWCfYIiDxAMghwfN4wFAQEB Received: from sonic304-28.consmr.mail.ne1.yahoo.com ([66.163.191.154]) by upbd19pa11.eemsg.mail.mil with ESMTP; 08 Mar 2018 01:53:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1520474023; bh=UOEc0sXoVcqqEMHPwWdThOllbxjNYZ2nV/cOx11O4cc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=sHl+hINL+ROFetwExVVrVpp43VDE/gKPPndSwCnX3KtdZhsg3EbZlz4Vpm8876X9SRP9gfnrjKrPsxDPvSefjsxIJkCTZdDu6ZkbFjTCpdhZrvrYLI0OTnNjhRvEiIvqnASBJM3ICq03SSf6QmQgCrHNtKsxUbSWtTYQS04g8Jy/bqX8AYgunA33JVix+9SXwxJJV4WlPIlmW5uGdoHipVqMtg6G8sEGgurx2m4DdEpiVgvtaa5iJ1wJU1Q+YelmDjJMUBV8blxzw4A8U3VtNz5m7adeEzXfovLTMagEvIx6ZhHxDVnl0s+UuVP8Bxw+jDvEJVQQgLBbwNGG9l+LZg== X-YMail-OSG: dBGlgsEVM1kXf5dF3c_iKJFC01AhncpGzuJnEjie.k0yGCivBsRvB6vXGh25jkh Fi0b6ZGdVL9utXnKP9NaFoajdfxqMhtoQNZcaCIfKBzpD9yw580UGz.XSNeZGZpOAqWuSMxpSp3h 6Pgp3xDKPvm9XNSUeedz.IVcQo2yJQNyMQBgl2RruY.3vC_v0GARnEHwKoGjZJE8BzqV4Xa_U1Ij JJQVEvBw15RL8dOHW0gmhH1PQRlb_UqydXOTqv09xRx6uTev_i5UbsMUwtpnzs72HAmsRW84xlCA 2a2zBZ8RMgYSyHK7NKHN8XdH6zqIch3615kIHwN4K8QLA6ZIg91dehuLd7SMu34v1bG28BHX8NHw e4gzDCaHG0OiUa0rH.ijliGRI.d2khLeDArcTfsLee5xFGXGuLy_wxICc.P8uPVKPmu2TN2r.IVm 5aCtQEUk_bXaVD7y8ylPcT9H3LIlbsAuSbXnP69N.divxoUalRodw9o.cS8zOrPgK_QAMmQ6zJv. wdIsibu2nyIesBwJ9Q7ha63BBw6p8OBX4A6ECZDu8T554.hxmnahs_kmUY3_bEP3M Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.ne1.yahoo.com with HTTP; Thu, 8 Mar 2018 01:53:43 +0000 Received: from smtp230.mail.ne1.yahoo.com (EHLO [192.168.0.104]) ([10.218.253.211]) by smtp405.mail.ne1.yahoo.com (JAMES SMTP Server ) with ESMTPA ID 8706df2748fe45e9cbdfe600a5d819de; Thu, 08 Mar 2018 01:53:40 +0000 (UTC) To: LSM , James Morris References: X-EEMSG-check-009: 444-444 From: Casey Schaufler Message-ID: <0273a24f-ad4a-f2cb-33ff-f9f850b21a50@schaufler-ca.com> Date: Wed, 7 Mar 2018 17:53:37 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Mailman-Approved-At: Thu, 08 Mar 2018 08:00:06 -0500 Subject: [PATCH 7/8] LSM: Multiple security mount options X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: John Johansen , Tetsuo Handa , SE Linux , Stephen Smalley , SMACK-announce@lists.01.org, Kees Cook Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Subject: [PATCH 7/8] LSM: Multiple security mount options There needs to be separate data for each of the security modules that support mount options. Expand the security_mnt_opts structure to include an entry for each security module that uses them. It would be better to have a variable size blob, but there isn't a convenient place to hang such. Signed-off-by: Casey Schaufler --- fs/btrfs/super.c | 10 +++--- include/linux/security.h | 45 ++++++++++++++++------- security/security.c | 14 ++++++-- security/selinux/hooks.c | 90 +++++++++++++++++++++++----------------------- security/smack/smack_lsm.c | 54 ++++++++++++++-------------- 5 files changed, 122 insertions(+), 91 deletions(-) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 6e71a2a78363..53508e5f81c8 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1486,15 +1486,15 @@ static int setup_security_options(struct btrfs_fs_info *fs_info, return ret; #ifdef CONFIG_SECURITY - if (!fs_info->security_opts.num_mnt_opts) { + if (fs_info->security_opts.selinux.num_mnt_opts != 0 || + fs_info->security_opts.smack.num_mnt_opts != 0) { /* first time security setup, copy sec_opts to fs_info */ memcpy(&fs_info->security_opts, sec_opts, sizeof(*sec_opts)); } else { /* - * Since SELinux (the only one supporting security_mnt_opts) - * does NOT support changing context during remount/mount of - * the same sb, this must be the same or part of the same - * security options, just free it. + * Since no modules support changing context during + * remount/mount of the same sb, this must be the same + * or part of the same security options, just free it. */ security_free_mnt_opts(sec_opts); } diff --git a/include/linux/security.h b/include/linux/security.h index 6a31a3dba040..2912f34c2292 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -163,34 +163,55 @@ typedef int (*initxattrs) (struct inode *inode, #ifdef CONFIG_SECURITY -struct security_mnt_opts { +struct lsm_mnt_opts { char **mnt_opts; int *mnt_opts_flags; int num_mnt_opts; }; + +struct security_mnt_opts { +#ifdef CONFIG_SECURITY_STACKING + struct lsm_mnt_opts selinux; + struct lsm_mnt_opts smack; +#else + union { + struct lsm_mnt_opts selinux; + struct lsm_mnt_opts smack; + }; +#endif +}; + int call_lsm_notifier(enum lsm_event event, void *data); int register_lsm_notifier(struct notifier_block *nb); int unregister_lsm_notifier(struct notifier_block *nb); static inline void security_init_mnt_opts(struct security_mnt_opts *opts) { - opts->mnt_opts = NULL; - opts->mnt_opts_flags = NULL; - opts->num_mnt_opts = 0; + memset(opts, 0, sizeof(*opts)); } static inline void security_free_mnt_opts(struct security_mnt_opts *opts) { int i; - if (opts->mnt_opts) - for (i = 0; i < opts->num_mnt_opts; i++) - kfree(opts->mnt_opts[i]); - kfree(opts->mnt_opts); - opts->mnt_opts = NULL; - kfree(opts->mnt_opts_flags); - opts->mnt_opts_flags = NULL; - opts->num_mnt_opts = 0; + + if (opts->selinux.mnt_opts) + for (i = 0; i < opts->selinux.num_mnt_opts; i++) + kfree(opts->selinux.mnt_opts[i]); + kfree(opts->selinux.mnt_opts); + opts->selinux.mnt_opts = NULL; + kfree(opts->selinux.mnt_opts_flags); + opts->selinux.mnt_opts_flags = NULL; + opts->selinux.num_mnt_opts = 0; + + if (opts->smack.mnt_opts) + for (i = 0; i < opts->smack.num_mnt_opts; i++) + kfree(opts->smack.mnt_opts[i]); + kfree(opts->smack.mnt_opts); + opts->smack.mnt_opts = NULL; + kfree(opts->smack.mnt_opts_flags); + opts->smack.mnt_opts_flags = NULL; + opts->smack.num_mnt_opts = 0; } /* prototypes */ diff --git a/security/security.c b/security/security.c index 42255b40768a..70994705ad62 100644 --- a/security/security.c +++ b/security/security.c @@ -755,9 +755,17 @@ int security_sb_set_mnt_opts(struct super_block *sb, unsigned long kern_flags, unsigned long *set_kern_flags) { - return call_int_hook(sb_set_mnt_opts, - opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, - opts, kern_flags, set_kern_flags); + int nobody = 0; + + /* + * Additional security modules that use mount options + * need to be added here. + */ + if (opts->selinux.num_mnt_opts != 0 || opts->smack.num_mnt_opts != 0) + nobody = -EOPNOTSUPP; + + return call_int_hook(sb_set_mnt_opts, nobody, sb, opts, kern_flags, + set_kern_flags); } EXPORT_SYMBOL(security_sb_set_mnt_opts); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5aa8caf2e23d..52f6253cbcf8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -543,21 +543,23 @@ static int selinux_get_mnt_opts(const struct super_block *sb, /* count the number of mount options for this sb */ for (i = 0; i < NUM_SEL_MNT_OPTS; i++) { if (tmp & 0x01) - opts->num_mnt_opts++; + opts->selinux.num_mnt_opts++; tmp >>= 1; } /* Check if the Label support flag is set */ if (sbsec->flags & SBLABEL_MNT) - opts->num_mnt_opts++; + opts->selinux.num_mnt_opts++; - opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC); - if (!opts->mnt_opts) { + opts->selinux.mnt_opts = kcalloc(opts->selinux.num_mnt_opts, + sizeof(char *), GFP_ATOMIC); + if (!opts->selinux.mnt_opts) { rc = -ENOMEM; goto out_free; } - opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC); - if (!opts->mnt_opts_flags) { + opts->selinux.mnt_opts_flags = kcalloc(opts->selinux.num_mnt_opts, + sizeof(int), GFP_ATOMIC); + if (!opts->selinux.mnt_opts_flags) { rc = -ENOMEM; goto out_free; } @@ -567,22 +569,22 @@ static int selinux_get_mnt_opts(const struct super_block *sb, rc = security_sid_to_context(sbsec->sid, &context, &len); if (rc) goto out_free; - opts->mnt_opts[i] = context; - opts->mnt_opts_flags[i++] = FSCONTEXT_MNT; + opts->selinux.mnt_opts[i] = context; + opts->selinux.mnt_opts_flags[i++] = FSCONTEXT_MNT; } if (sbsec->flags & CONTEXT_MNT) { rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len); if (rc) goto out_free; - opts->mnt_opts[i] = context; - opts->mnt_opts_flags[i++] = CONTEXT_MNT; + opts->selinux.mnt_opts[i] = context; + opts->selinux.mnt_opts_flags[i++] = CONTEXT_MNT; } if (sbsec->flags & DEFCONTEXT_MNT) { rc = security_sid_to_context(sbsec->def_sid, &context, &len); if (rc) goto out_free; - opts->mnt_opts[i] = context; - opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; + opts->selinux.mnt_opts[i] = context; + opts->selinux.mnt_opts_flags[i++] = DEFCONTEXT_MNT; } if (sbsec->flags & ROOTCONTEXT_MNT) { struct dentry *root = sbsec->sb->s_root; @@ -592,15 +594,15 @@ static int selinux_get_mnt_opts(const struct super_block *sb, rc = security_sid_to_context(isec->sid, &context, &len); if (rc) goto out_free; - opts->mnt_opts[i] = context; - opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; + opts->selinux.mnt_opts[i] = context; + opts->selinux.mnt_opts_flags[i++] = ROOTCONTEXT_MNT; } if (sbsec->flags & SBLABEL_MNT) { - opts->mnt_opts[i] = NULL; - opts->mnt_opts_flags[i++] = SBLABEL_MNT; + opts->selinux.mnt_opts[i] = NULL; + opts->selinux.mnt_opts_flags[i++] = SBLABEL_MNT; } - BUG_ON(i != opts->num_mnt_opts); + BUG_ON(i != opts->selinux.num_mnt_opts); return 0; @@ -646,9 +648,9 @@ static int selinux_set_mnt_opts(struct super_block *sb, struct inode_security_struct *root_isec; u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; u32 defcontext_sid = 0; - char **mount_options = opts->mnt_opts; - int *flags = opts->mnt_opts_flags; - int num_opts = opts->num_mnt_opts; + char **mount_options = opts->selinux.mnt_opts; + int *flags = opts->selinux.mnt_opts_flags; + int num_opts = opts->selinux.num_mnt_opts; mutex_lock(&sbsec->lock); @@ -1008,7 +1010,7 @@ static int selinux_parse_opts_str(char *options, char *fscontext = NULL, *rootcontext = NULL; int rc, num_mnt_opts = 0; - opts->num_mnt_opts = 0; + opts->selinux.num_mnt_opts = 0; /* Standard string-based options. */ while ((p = strsep(&options, "|")) != NULL) { @@ -1075,41 +1077,39 @@ static int selinux_parse_opts_str(char *options, case Opt_labelsupport: break; default: - rc = -EINVAL; printk(KERN_WARNING "SELinux: unknown mount option\n"); - goto out_err; - + break; } } rc = -ENOMEM; - opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_KERNEL); - if (!opts->mnt_opts) + opts->selinux.mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_KERNEL); + if (!opts->selinux.mnt_opts) goto out_err; - opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), + opts->selinux.mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_KERNEL); - if (!opts->mnt_opts_flags) + if (!opts->selinux.mnt_opts_flags) goto out_err; if (fscontext) { - opts->mnt_opts[num_mnt_opts] = fscontext; - opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT; + opts->selinux.mnt_opts[num_mnt_opts] = fscontext; + opts->selinux.mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT; } if (context) { - opts->mnt_opts[num_mnt_opts] = context; - opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT; + opts->selinux.mnt_opts[num_mnt_opts] = context; + opts->selinux.mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT; } if (rootcontext) { - opts->mnt_opts[num_mnt_opts] = rootcontext; - opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT; + opts->selinux.mnt_opts[num_mnt_opts] = rootcontext; + opts->selinux.mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT; } if (defcontext) { - opts->mnt_opts[num_mnt_opts] = defcontext; - opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT; + opts->selinux.mnt_opts[num_mnt_opts] = defcontext; + opts->selinux.mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT; } - opts->num_mnt_opts = num_mnt_opts; + opts->selinux.num_mnt_opts = num_mnt_opts; return 0; out_err: @@ -1154,15 +1154,15 @@ static void selinux_write_opts(struct seq_file *m, int i; char *prefix; - for (i = 0; i < opts->num_mnt_opts; i++) { + for (i = 0; i < opts->selinux.num_mnt_opts; i++) { char *has_comma; - if (opts->mnt_opts[i]) - has_comma = strchr(opts->mnt_opts[i], ','); + if (opts->selinux.mnt_opts[i]) + has_comma = strchr(opts->selinux.mnt_opts[i], ','); else has_comma = NULL; - switch (opts->mnt_opts_flags[i]) { + switch (opts->selinux.mnt_opts_flags[i]) { case CONTEXT_MNT: prefix = CONTEXT_STR; break; @@ -1188,7 +1188,7 @@ static void selinux_write_opts(struct seq_file *m, seq_puts(m, prefix); if (has_comma) seq_putc(m, '\"'); - seq_escape(m, opts->mnt_opts[i], "\"\n\\"); + seq_escape(m, opts->selinux.mnt_opts[i], "\"\n\\"); if (has_comma) seq_putc(m, '\"'); } @@ -2719,10 +2719,10 @@ static int selinux_sb_remount(struct super_block *sb, void *data) if (rc) goto out_free_secdata; - mount_options = opts.mnt_opts; - flags = opts.mnt_opts_flags; + mount_options = opts.selinux.mnt_opts; + flags = opts.selinux.mnt_opts_flags; - for (i = 0; i < opts.num_mnt_opts; i++) { + for (i = 0; i < opts.selinux.num_mnt_opts; i++) { u32 sid; if (flags[i] == SBLABEL_MNT) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 78086e5dc29f..df096122dbeb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -601,7 +601,7 @@ static int smack_parse_opts_str(char *options, int num_mnt_opts = 0; int token; - opts->num_mnt_opts = 0; + opts->smack.num_mnt_opts = 0; if (!options) return 0; @@ -651,43 +651,45 @@ static int smack_parse_opts_str(char *options, goto out_err; break; default: - rc = -EINVAL; pr_warn("Smack: unknown mount option\n"); - goto out_err; + break; } } - opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL); - if (!opts->mnt_opts) + opts->smack.mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), + GFP_KERNEL); + if (!opts->smack.mnt_opts) goto out_err; - opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int), - GFP_KERNEL); - if (!opts->mnt_opts_flags) + opts->smack.mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int), + GFP_KERNEL); + if (!opts->smack.mnt_opts_flags) { + kfree(opts->smack.mnt_opts); goto out_err; + } if (fsdefault) { - opts->mnt_opts[num_mnt_opts] = fsdefault; - opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT; + opts->smack.mnt_opts[num_mnt_opts] = fsdefault; + opts->smack.mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT; } if (fsfloor) { - opts->mnt_opts[num_mnt_opts] = fsfloor; - opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT; + opts->smack.mnt_opts[num_mnt_opts] = fsfloor; + opts->smack.mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT; } if (fshat) { - opts->mnt_opts[num_mnt_opts] = fshat; - opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT; + opts->smack.mnt_opts[num_mnt_opts] = fshat; + opts->smack.mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT; } if (fsroot) { - opts->mnt_opts[num_mnt_opts] = fsroot; - opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT; + opts->smack.mnt_opts[num_mnt_opts] = fsroot; + opts->smack.mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT; } if (fstransmute) { - opts->mnt_opts[num_mnt_opts] = fstransmute; - opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT; + opts->smack.mnt_opts[num_mnt_opts] = fstransmute; + opts->smack.mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT; } - opts->num_mnt_opts = num_mnt_opts; + opts->smack.num_mnt_opts = num_mnt_opts; return 0; out_opt_err: @@ -726,7 +728,7 @@ static int smack_set_mnt_opts(struct super_block *sb, struct inode_smack *isp; struct smack_known *skp; int i; - int num_opts = opts->num_mnt_opts; + int num_opts = opts->smack.num_mnt_opts; int transmute = 0; if (sp->smk_flags & SMK_SB_INITIALIZED) @@ -760,33 +762,33 @@ static int smack_set_mnt_opts(struct super_block *sb, sp->smk_flags |= SMK_SB_INITIALIZED; for (i = 0; i < num_opts; i++) { - switch (opts->mnt_opts_flags[i]) { + switch (opts->smack.mnt_opts_flags[i]) { case FSDEFAULT_MNT: - skp = smk_import_entry(opts->mnt_opts[i], 0); + skp = smk_import_entry(opts->smack.mnt_opts[i], 0); if (IS_ERR(skp)) return PTR_ERR(skp); sp->smk_default = skp; break; case FSFLOOR_MNT: - skp = smk_import_entry(opts->mnt_opts[i], 0); + skp = smk_import_entry(opts->smack.mnt_opts[i], 0); if (IS_ERR(skp)) return PTR_ERR(skp); sp->smk_floor = skp; break; case FSHAT_MNT: - skp = smk_import_entry(opts->mnt_opts[i], 0); + skp = smk_import_entry(opts->smack.mnt_opts[i], 0); if (IS_ERR(skp)) return PTR_ERR(skp); sp->smk_hat = skp; break; case FSROOT_MNT: - skp = smk_import_entry(opts->mnt_opts[i], 0); + skp = smk_import_entry(opts->smack.mnt_opts[i], 0); if (IS_ERR(skp)) return PTR_ERR(skp); sp->smk_root = skp; break; case FSTRANS_MNT: - skp = smk_import_entry(opts->mnt_opts[i], 0); + skp = smk_import_entry(opts->smack.mnt_opts[i], 0); if (IS_ERR(skp)) return PTR_ERR(skp); sp->smk_root = skp;