From patchwork Thu Dec 1 21:37:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Guido Trentalancia X-Patchwork-Id: 9457039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4352560235 for ; Thu, 1 Dec 2016 21:39:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 33AF8283D3 for ; Thu, 1 Dec 2016 21:39:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2876328449; Thu, 1 Dec 2016 21:39:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 99996283D3 for ; Thu, 1 Dec 2016 21:39:00 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="1512619" IronPort-PHdr: =?us-ascii?q?9a23=3AN+OYkRVV7tR3AOxZP0+2vB+4GTTV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYhCDu6dThVPEFb/W9+hDw7KP9fuxAipcuN3e7zgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBo?= =?us-ascii?q?KevrB4Xck9q41/yo+53Ufg5EmCexbal8IRiyowjdrMYbjZZtJqszyBbCv2dFdf?= =?us-ascii?q?lRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2UKJVAi0+P286+MPkux/D?= =?us-ascii?q?TRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5KplVBPklC?= =?us-ascii?q?EKPCMk/mHPkMNwiaBVrwy7qBNi3YHUeoGbNPtgcaPZYNwRWGhPUdhLWCNcHIy8?= =?us-ascii?q?dZYEAfcdMuZftYn9pl0OrRSjDgWoCu7j1jpEi3n40q0g1+QqDB/I0gouEdkTtH?= =?us-ascii?q?jYtcj5OLsXXe2z0aLGzyjMb+lO1Dn+9YbGcg4vrvOCXbx+fsXfzlEvGgHYglie?= =?us-ascii?q?tYPrMC2a1v8WvmiH9OVtT/6jhnQ7pwxzpDWk28ciipPOhoIQ0l3K9Dh5wIcoKt?= =?us-ascii?q?2/VUV1f8SkH4VWtyGGLYR2RtktQ2d0tyY70LINpJm2fCcXyJQm2hHfbOeKc5SS?= =?us-ascii?q?4h39UuaRPS13hHZ/d7K5mxmy8FKvxvf6VsaqzFZHtyxImcTPuHAVzxHf98eKR/?= =?us-ascii?q?Rn8kqhxDqDzR7f5+5aLUwuiKbXM4Mtz74tmpYJs0nOHzX6lFjsgKOLdkgp+e6l?= =?us-ascii?q?4Pn9bLr8vJ+TLYp0hxn7MqQph8OwH/w1MhMLX2iH4eS806Dj/VHhTLVKkPI2lq?= =?us-ascii?q?7ZvYjGJcsBvK65AhJV0p055xajDzapzNQYnX4dIFJDZB2HlJTmN0vLIPD5Cfez?= =?us-ascii?q?m1WskDF1yPDaJrDtH5rAI3fZnLrhYLpx8VBQxQUtwdxF+p5YErQBL+jyWk/1ut?= =?us-ascii?q?zYFBg5Mwmszub8Ftp90oIeWWSSAq6WKa/dqliI5v8pI+aQeoAVoy3wK+Ql5vHy?= =?us-ascii?q?jX85nkURfa+y3ZQNcny4EfNmI1uBbXr2ntgBCXsKvhY5TOHyhl2CSyRcZ3CuUK?= =?us-ascii?q?I9/TE2E4emDZ/CRoy0m7yA0jy7EodRZmBcBVCGCW3oeJmcW/cQdCKSJddskj8e?= =?us-ascii?q?WriiTI8hyAqjtAzgxLpkKerU5zcUtZX51Nh6/+fTjw099SRoD8SB1GGAV3t7kX?= =?us-ascii?q?4SRz83wq9/u1dwxU2f3qh9mfBYEsZT5/xRWAcgKZHc1/B6C8z1Wg/ZfteGVlKm?= =?us-ascii?q?QtGhATwqStIx3sMOY0F4G9q4lBzD2DCqA7ANnbyRGJM06r7c32T2J8tl0HbG2r?= =?us-ascii?q?Mhj149QstTLmCmnah/9w/dBo7MiUqZkbymdaIC0y7R7G2D13aBvFlEUA5sVqXI?= =?us-ascii?q?RX4eaVHSrdTl+EzCVaSuBK85MgRf086NMbZKatjzgVVBXvfjN8zUY3itlGeoGR?= =?us-ascii?q?aI2rSMYZL2e2oAwSrdCVILkwQI8HmaMgg+AzuurHjFDDxyD17vZV3j8fVmonOh?= =?us-ascii?q?UkA01x2Kb1Fm17et/B4VhPicS/cN0bIfoyousSt7HEy6397MDNqAvQVhdr1GYd?= =?us-ascii?q?wh+FdHyX7ZtwtlM5O9Na9imkQRfBp5v0LhzBh4FoVAntIwrHM20gVyM7iU0FVf?= =?us-ascii?q?eDOExZrwIKHYKnHu/BCzbK7bwk/e0NeK9acT7/Q4sU/vsx2pFkol9XVn3MJY03?= =?us-ascii?q?+d5pXMFgUSS5XxXlww9xhgqLHQejM96J/M1X1wLam0tSfP29YoBOs+1hasZsxf?= =?us-ascii?q?P72AFA/zFc0aGsevJfcxm1ixbxIEOuFS+7IvP8+8cfuJxrKrNv56nD26lWRH/J?= =?us-ascii?q?x90kWU+ipmTe7I25IFzO+C3gSbUDf9gkysstvqmY9YfjEeBG2/yTLrBIRJfK19?= =?us-ascii?q?YZ4LCXuyI82w3th+n4TiW2Nc9FK5HVwKwtSmeR2Wb1zh2g1Q018aoXm7lSu+yD?= =?us-ascii?q?x7jyslrqyB0yzS2+7ibgYIOnZXRGl+ilfhOY20j9QDUEe2aQgkjwWl6lj+x6hf?= =?us-ascii?q?uqt/NXPfQUFWcCjqN2tiSLe/tqKeY85T75MlqSZXX/q6YVCBUbP9oAUV0yX4H2?= =?us-ascii?q?tY2j87ayumupLjnxx1kGidNmp8rGLFecFswhfS/MLcRfhM0TcdWil4jyTYBlim?= =?us-ascii?q?M9mv49qUi4/JsvqiWGK5Sp1TbS7rwJuYtCSh+G1qBQaykOyymt37EQk2yCH72M?= =?us-ascii?q?NsVSnSqxb8eIbr3bygMe17ZkloGEP8681iF4Fkj4Q/mYod2XcfhpSa53YHl3n8?= =?us-ascii?q?MclD06LkcHUNXSILw8LS4AX9wE1sNG+Jx4bnWXWF2MRhYcW6bX0M2i8m8sBKE7?= =?us-ascii?q?mb7KZfnSdvuVq4qh/RYeJhkTgDx/su72Qag+4XtwY3yCWSHKwSF1FCPSPwjxSI?= =?us-ascii?q?88y+rKJPaWaha7ew0lZ+ndekDLyZrAFTRmv2epA4HSBq9sV/KlXM0H/t5Y74ZN?= =?us-ascii?q?ncd9UTtgebkx3YlehaNIoxluYWhSpgIW/9sn0lxPIhjR1uxZG6oI+HJn5r/K2n?= =?us-ascii?q?Hh5YLSH6aNkL+j7zl6pemNiZ35y3FJV7BjoLRIfoTe6vED8KsPToLQKOEDkipX?= =?us-ascii?q?eHBbrQBxWQ5Vxgr33RD5CrLG2YK2MBzdp8XhWdIlJQgBwMVjUggpE5DhyqxNDm?= =?us-ascii?q?cEph/DAd/FD5pgFJyu1yMxn/VWfeqRyyZTgoTZiTNh1W7htN503NK8yR8vpzHz?= =?us-ascii?q?1E/p2mtAGNLHabaB5QDWERQUGECVHjPqO15dnc/eiYB+y+IOHIYbqSqOxRTfOI?= =?us-ascii?q?yYio0ot88DaGLt+PMWV6D/0nxkpDWmh0G9zHlDoUVSMXkSPNb9KcpBqn+y14sN?= =?us-ascii?q?6w/+rxVALo/4uPBKNYMc9z9BCunaeDK+mQiT5kJjZDyJwD33DIyKIF014MkCxu?= =?us-ascii?q?bCOiEbcdtS7XVq3cgKtXDwMdayxpLstE9r483g5OOc/bjdP5zLh4geApC11dT1?= =?us-ascii?q?zuhtmpZdAWI2G6LF7HH1yENKqcKj3E3c73erixSaZKg+VKrRKwtiiUE1T5MjSF?= =?us-ascii?q?iTbpSwilMftQgyGDIBxepIa9fw52BmjiQ9LmbRu7PcRqgjIo2rI0h2nFNWgGPT?= =?us-ascii?q?h7aUNNoaWa7TlEjfVnB2xB8n1lIPGelCaW9ebYNIgZvOBsAiRsie1a5nE6xKFU?= =?us-ascii?q?7CFAX/N1nyTTosRpo1G8nemF0iBnXwZWqjZXmIKLul1vObne9plFQ3rE5hUN7G?= =?us-ascii?q?SOBBQMvNRlENrvtL5TytXUiK3zLzJC/M7O8ssHG8jYMsSHP2Q9MRDxAj7bEBMF?= =?us-ascii?q?TSK3NWHYn0Fdk/GT9nmLoZUhr5jsn5QOSrFFW1wpCvMaCkNlHNkcL5ttWDMrj6?= =?us-ascii?q?KbhtYS5XWitBnRWNlavpffW/KTB/XvNCiWjb1aaBsN37z4MZ4TN43g1kxlcll1?= =?us-ascii?q?goLKG0/KUtBMpi1udQg0oUpX/Hh5VG0z1Frvahmx738LCf60ghk2hxN4Yesz7j?= =?us-ascii?q?js50w6JlnNpCsrjEk+g9PlgSuScD7wNquwW59ZCzbsvUgrLpz7Wxp1bRG1nUF8?= =?us-ascii?q?LjfLWalRgKV6emBxlADcuYBCFuVdTa1efRAQwv+XZ+0y0VtCqiSr30lH6vXZCZ?= =?us-ascii?q?F6jgslbYasr25c2wJkdNM6OKvQJKxPzldNmK2Oui6o2/srzwAAPUYN93meeCkS?= =?us-ascii?q?uEwHLrMmPTan/vRw6QyenDtOYHUDWOA0ovJr60w9IP+NwDj6075ZLUCwOfefIL?= =?us-ascii?q?2FtGjdj86IQ08w10MSm0lD47d2zd8pc1CIWEA30LuRCxMJONLMKQFPccVd6WPT?= =?us-ascii?q?cjyIseXRxpJ1JJ6wGfr0Qu+LrqoUhVikHAkxFYQW8ssBBoWs0F3fLcr/KL4Fzg?= =?us-ascii?q?8t6xrtJFSEC/REYx2LkDEao82ly593x4ZdLCkHAWphKSW3+qrXpggyjfqYQtg2?= =?us-ascii?q?ZnYaXo0ZNnM5Q8C1hylZv3FcAzatyeIZ1BKO7zniqSTMFDP8dcZsZO+IZRNwD9?= =?us-ascii?q?G74TY/87K2iFHN9JXeO2H6OM9tut/I8eMVu4yLC/VKQrlhq03cgZVXR2S2U27T?= =?us-ascii?q?Ft64P4Twa4gpbdzzFna6Uly+hikoQMfwPNeiNLOHjRvuRYlKrImRxCojOtOlFj?= =?us-ascii?q?ECBxdwoPkO5KJ7ZQIdbZo0fwTouh8/N6OhPgiXzM+iQ2G3KTtZV/Nf1/m1Z6RL?= =?us-ascii?q?zyowae+30GEvTpU7z+ar70ECXJQKjxHYxfakYYlRSzP+FWdcewrVoyo1jmZhNv?= =?us-ascii?q?sozuc53hzIrUEWMyqXe+xxdGxEo9Y8CEuJLnpoDGo1XEWTgpfd4gGyxbAS5DFS?= =?us-ascii?q?n8xU0OFft3j+pJDfaiq2WKO3sZXVrzYgbd8+rq1+LIzjI8+GtJfAkTzaV5Tfrx?= =?us-ascii?q?OKXzW7F/VAnNhcOiVYQONHmWs9I8wJpZJB6VYtVsc5P7FPEq8sprG2ZjpkCi4S?= =?us-ascii?q?yTQZWZuZ0jIfmOmxx7zUmwyMf5QlNRwLrI9NgsABUyJsZCMRurOjXZ3Ml2CYUm?= =?us-ascii?q?gLPBsT7QNU6Q0clI9/ZPzq7ZHUQ59Lzz5Wp/N0XTXRFpl06VT0VmGWjUL/SPW7?= =?us-ascii?q?nOyjxRhSw+700tkHRB5/DlBQx/xMmUsyL7F4MLIdvpLQsjCSa0P1ombtyOqgJF?= =?us-ascii?q?lezc3UdlL4DIrZtWrySCIc43gUSZVJyH7BCZQYixB5Z7ozpFVQPICmfV7z5jw+?= =?us-ascii?q?yIRyBba4UMGrx1A+oHYHWyelCcFBBP18v17NXj1qfYyroo3/O5pOWm9Q5IGdq1?= =?us-ascii?q?BBnURjKSK21ZpcK8BI4j4NRjdPoi6QvNqsR8Jdx8B6FZgMIs1wu33lAqNLJICR?= =?us-ascii?q?o2Equrzo0nLW4So8sEq8xDmpGK+1VONZ/2wfGgU1PGuSsE8vAPUw8m3K6FDCrk?= =?us-ascii?q?h0//tHBriIlUhxryx9EYpIBjZVzn2lLlNzTXdAs+VGKKTabc1cQ/8uZRCxIRwy?= =?us-ascii?q?D/gm0FKV/Utsh3f2fzRythdG+yDaRwQ0SS4VgrL2lD0Cts2nPCQVR4hObTo/cy?= =?us-ascii?q?fPMxibljxPvBZDd0FqXIgUAtZf9LEBx4RU+tfNRF2xJi4bRBxiLhw30f5Bmk5Z?= =?us-ascii?q?qkmYfjrdDQWwf/bVrhJ3ZduRrNKuLPnh/gdHjZ3ovfsl+KodXH2phxetQczAoI?= =?us-ascii?q?DhrNGKsFWBdLvgOe2mfXDBVCTMjQy3hbo8FJbK8TTcPBZZJpVnx3cpeoTuCWnO?= =?us-ascii?q?PRtaPa0bPFZbWbp8adpYvuBQf9Vkd7oR+a9xGhKHQQviGJaxo/ZbLlbcXyjeIj?= =?us-ascii?q?6F8uy4v4Lc86LRRvTnZsOR2XnLWaR3MYlm6TPjAbflzZde+lbq2vdq7k56UUPG?= =?us-ascii?q?Mzybo9v8OgMG/9Kidkz/vp0zATzZHpFwkGb3xk5ac8obWSqq8I4XyJlB8nb/Vf?= =?us-ascii?q?p40lTvsO1V77Rk9ZM37K53xsipPqrSNPBasVN9AheOGAVq95ItAGxhSGBNeOMR?= =?us-ascii?q?L+3RfasBh8D0t+/3D7AX6AGS++FBdNTHIVvOl9KiBTGaUxNIhgABqSQVLgGEzf?= =?us-ascii?q?6Kh7d0Sdq5pej+wk8t4UKxLgQBzLB24YeL4LSIqfTSbxvMybgERqnqSd/yrrs2?= =?us-ascii?q?vUOS/ucolLkUemx6ewenCvQSVtYBxmf8yqAn1SAsHNnFH7Lu4v5DUG82kSz7lp?= =?us-ascii?q?BhBVoWHOgUHb2R8YRYgGg4h/TTNscKfaBahmaPCRmkH6cEyX6v8CaXIW9lghTU?= =?us-ascii?q?3xHxR2Oz4kX2ojVjQSvQ1dfjj1ZaVqWqBUdIQSWlI0h4sCmAPADwrtr4pbw17F?= =?us-ascii?q?0qMmzjrN+NkmqhN69QH837PtOcOjM4pFMQjJ02XdyvwpsWGd+yLdYe6n1+aeHe?= =?us-ascii?q?62yzmS9bv6hHn5be4t2S+vjPAXavlamapKuWxDBEynk4ukoy6su8OfHP+dKKRe?= =?us-ascii?q?io12cLQCtlvQvOQQK1oKTBr18IIUyLzFvLmIsSM9Fdxnk400Hr6fMtQN0t6Qpe?= =?us-ascii?q?EZzAaOkapTDpPzv0w0iQbM4rViWE1DtXBF31G0FiGKcgwGLwoN7JlXDI9l0tQo?= =?us-ascii?q?l/aUnnhRtpAIU8Mk8t50YYwi0YEQgVcx+bELCoCl7hLYsFU0gDdQqI3Ly+eqc2?= =?us-ascii?q?0k183LWv6/PNYuBmAaoCKOpdhBaUnFdHApIWrbEeQLVkdl9f9a7XoxPvC435UP?= =?us-ascii?q?nmi3UwL/y1QsZV8cwDsXst/Bq/TQK66Zhf97YblIyIdqlcbJjNvcFz9V1o6iIU?= =?us-ascii?q?eyxWnhd/kw22XvwGqODk+Njbv4Ki6vyyW6Y1W+UX6x80CnxlgJvxm1Air8vY1+?= =?us-ascii?q?VdSo3JkYTw6h1NI3qRtYnG1BlzNPQBJJi2fLZ68HUHPTIRK2gJPdqMZPk2+zVt?= =?us-ascii?q?PynL51xeHsMMYssVPNLXlgBIlkLpWL9S9s3BGl+bEotzbN4n7272yDAz7Js9Xf?= =?us-ascii?q?3t6CesKpDD815NP/1CjCJ2lNLBvuQVwuTdCDIR4XaHbxh52CSCy4OCC/zo5+WD?= =?us-ascii?q?1MnUV08aHi4xS4pdOCCC9hKjRuWvkpXmTBiZ5dLygJIxdUKQWma+nL8fvaZWDO?= =?us-ascii?q?5MkCP70SZCFortnfKar8Ks6HdLtl1ACItz4gfKGL9BMZVnORT1jc2rRklgBiTh?= =?us-ascii?q?eMHbbAcuuPGMyucK/ep+K1P0ZZUHLRIc17L69X1VQxNhSLHouFaZQeURZNxhRP?= =?us-ascii?q?PfsH9V7YNgK6kSPFmSv5HqqilHqEo2AQAzcrMwqCJVdlXWlg1PR6n0oKIAihcb?= =?us-ascii?q?UdNhvE9MHmSwOH4x5zXZTqlViaiRB+YT8jqNUqwPXUJoMjl9QxOuwplufaWmne?= =?us-ascii?q?xfuGNcgix9uOQq0yBhRBakti3ju7kN2Sk59L+luzsPv31FTuODkybHElhDw/EK?= =?us-ascii?q?gr0aC3n881C8Z2MDbITq6rl9Ocvg7ZUh42g4YRg7fS0GWuSgCyfqg6yUAoyPtM?= =?us-ascii?q?9ciwOMucXPa7+zNisSNrUmxBL9Rnh9zBLRnBJ1/2sKWDmg6sErJJmlM8Y/2iWo?= =?us-ascii?q?AXTbdEoL4q5Rscvxq0QETO0tZFNl3WVsz8mHRioWRMDVHGY1lAckY31ecJ1f8R?= =?us-ascii?q?8aC7UogjGQs6lE4A4UbjnUEoC+94jeh8jI32cyTctwymLQuKKFmosg0Gd5lNNs?= =?us-ascii?q?8i6OpHMSevTXU89oBXjy2JlQyej6Z/i2qeAHT41myLW9X/MYNMms53e20o1wWk?= =?us-ascii?q?C53rQeA0a5MOgby7fZUyekSXWYWeOPc2iNgzY2LFX/5RypLl0rcsdFsVUxMuzY?= =?us-ascii?q?hp5TjwfhS697Rj2MpV/Hy2wuKewadx83uIi6fAwHV/IRZ/KCKugo3P0xEl8MYG?= =?us-ascii?q?XPHSRqCu+5q0ShnI5lNHV8+U/6e/ji8hj6MNuOHRkJCZLarp90+fGhWmKBOGNv?= =?us-ascii?q?zB5sM0lw7evfEUo+tvNEeZaLgdfQn8h70fICd/p1NC09u90TmoFk6YSP0seFax?= =?us-ascii?q?LRzpH0Jd7LpPiUGfvfwFo2emtCSLoWfRv155kmPt4+Q7DcBqVWvRIABaUhW5wh?= =?us-ascii?q?M2Dx9L1oLANtbAHeea64gs7wpuKEfpFUvWPZ7kosLCfAvB0O0uS0TQt/b5+wnX?= =?us-ascii?q?XzLpcwRjZPr9B2DxtmG4xPG9geoAW7GZ6Un7q7i8Sw+0N8tO8Gq63wCurF1N6h?= =?us-ascii?q?xYV+Q4Ba5VCXPDbWHKRrjFpqjuCzgvfYzJb8EsLjedIBVOh+XGHFcLvGEZulJj?= =?us-ascii?q?KJIML8dFZM86SA37JhThWReCf5UrKGtC24NPVk5kA7xZZjfOfIyTwt7q3b2MHs?= =?us-ascii?q?aG1BoSejt3GJPoNF7FPWHezeQw5USf2d/WdrBa0Xd4r0+/sQPtE5xdic4hVz7C?= =?us-ascii?q?5c38efJKihtEDM0FphdZ3HNEvpxzo5WY4SLRS4NUsjn3TUqmzZAXtGNcikNcht?= =?us-ascii?q?j8qJDhz3+UZ+h3shZmhfFWr0Xd2RI3QU29qiZA2W8wJGF9IDn++xeU4luay+UO?= =?us-ascii?q?1oOpRemeW2r7UKitdpJDvJRMhdJS3QK6V2PjVJBOXVuFcoegIEs6QyWootfpiB?= =?us-ascii?q?PkcHMEaGySPvwgrO1kL6d8Cs1KmXOiYZ7G1HwKje3DhPuQa5o/CZjdPnUL/CcZ?= =?us-ascii?q?H2U+TeMC0/VjGVXT4yC1qm+U+4u/oYu/qVOWMfolEPYiKOEwMSp7lvrd7KAWPJ?= =?us-ascii?q?n+1sYoEKjuiAWy/sUC14iLYyBiFTuECJWfUMCQnWb37ngGpbowGiOP5M/XT7YL?= =?us-ascii?q?2cx6pVXfEWA4RWfv2eWdvYduhUJy00mTUBJOa8Y9rcoq470l3STmsZFLLH+UaD?= =?us-ascii?q?TE6QXvycxzXrXZgav4g0piok4NTQkTFrE67QJbaQuyau8pKkjCafoeDeWXMibF?= =?us-ascii?q?cvgOIDHmaBxAJNKH8AC94Po0HtQ7OAa1xK1H03leJkwwUMdxhrUn1yzn1Wm+6w?= =?us-ascii?q?Gs9cSV4TlmOuWvwGbEtsATM250CK5xP9Yd0atcDUXW9e+aMGSZABI/kw9InXJK?= =?us-ascii?q?wQze430zJkpyw6syOdD0hajgKD6KfQE7h8xqBc5WYm5fF6REePTC3DcmLf0Iqp?= =?us-ascii?q?F9pPxTtyoXDjz8fUpe5tNL5GqIx4A1oHGjx2Kc7H/TBAUGD03w2yswy9HDuAPD?= =?us-ascii?q?IT+CwLKjAdduZp0+97tw7FdtTG6UOWs6Iss06rBhiWBbq635xLEN3m2huiZSlN?= =?us-ascii?q?bzqrC8M+lvEYr8ofeaMqY8CFBlnFKgXvRlaDtzsk6AnhorPtC9FDhGoZjPNoYM?= =?us-ascii?q?rkW4gMEMnxwCBzw3EOwoEGi2KWHIDxfJr8vuNlBH0JfqWnRH/3aZbAOT7zvbhX?= =?us-ascii?q?3YovG0G6dP8XOn5St5cwnWbjKVWl5dGjrWe2MqikeGnha4k1O5OyhjwU2qs=3D?= X-IPAS-Result: =?us-ascii?q?A2GyAwASmEBY/wHyM5BbGgEBAQECAQEBAQgBAQEBFQEBAQE?= =?us-ascii?q?CAQEBAQgBAQEBgw0BAQEBAR+BXqRQlnkihgQcgXJTAQEBAQEBAQECAQJfKIIzC?= =?us-ascii?q?oIrAQEBAQIBAQIgERogDgMJAQEKDQEKAgIiBAICAgEBLRUBEAYBBwsFGASIRAg?= =?us-ascii?q?ErQeCKSoCi0SBC4oOhBkCEQEGFoMEgl0BBJR1hWmRd4ELhHuDHheGFI16hAxVY?= =?us-ascii?q?TgjgzgBHBiBRnGHBg8XBIITAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 01 Dec 2016 21:38:58 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uB1LcT6E030406; Thu, 1 Dec 2016 16:38:33 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uB1LcQNp160898 for ; Thu, 1 Dec 2016 16:38:26 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uB1LcOpc030395 for ; Thu, 1 Dec 2016 16:38:26 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B1AABXl0BYh0g2WFFbGgEBAQECAQEBAQgBAQEBgzgBAQEBAYF9pFCSaoQThiICgl8BAgEBAQEBAhMBAQEIDQkJHYUYAQEBAQIBIw8BRhALDgoCAiYCAlcGARKIZQytBoIpiz8BAQEBAQUBAQEBI4ELig6EGRqDGoJdBZR1hWmRd4ELhHuDHoYrjXqEDIFug1sBEQsYgUZxhwYqghMBAQE X-IPAS-Result: A1B1AABXl0BYh0g2WFFbGgEBAQECAQEBAQgBAQEBgzgBAQEBAYF9pFCSaoQThiICgl8BAgEBAQEBAhMBAQEIDQkJHYUYAQEBAQIBIw8BRhALDgoCAiYCAlcGARKIZQytBoIpiz8BAQEBAQUBAQEBI4ELig6EGRqDGoJdBZR1hWmRd4ELhHuDHoYrjXqEDIFug1sBEQsYgUZxhwYqghMBAQE X-IronPort-AV: E=Sophos;i="5.33,284,1477972800"; d="scan'208";a="5855852" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 01 Dec 2016 16:38:24 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AhDekYBMlJzTWxtoF8jol6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0Ivn/rarrMEGX3/hxlliBBdydsKMfzbaP+P+/EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT6zbL9oIxi6sArdu8sUjIB/Nqs/1xzFr2dSde?= =?us-ascii?q?9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLY?= =?us-ascii?q?TQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVQLmiD?= =?us-ascii?q?8dOD488m/YlNZ/g79FrxK7pxJ/wpDbYIWIO/FjfK3SY8kVSndfUcZLSidPH5+z?= =?us-ascii?q?b4wVD+oAO+ZYoJT2q18AoBeiAAWhAv7kxD1ViX/sxaA00PkvHwHY0gMiEdIBrH?= =?us-ascii?q?rao9ryOqkdSu210KrFwC/fY/5MxTvw6o7FeQ0hr/GWWrJwdNLcx0gyFwPEk1qQ?= =?us-ascii?q?rpHuMS2P1usTtWib8/BvVea1hG4htw5xoyKgzdorh4nGm4IVy03L9SJizYYpP9?= =?us-ascii?q?23Vkh7YcK+H5tUrS6aMZd5QsI4TG1yviY11KEGtIe9cSMXy5on3wbSZv+af4SS?= =?us-ascii?q?4R/uV/ydLDd3iX5/er+zmQ6+/VWgx+HhTMW50ldHojBYntXWq3wA1x/e586aQf?= =?us-ascii?q?Vn5EihwyyA1wXL5+FEP080ka3bJoY7zb4tipoTsV/DHirqmEXulqOWbFsr+uep?= =?us-ascii?q?6+T8frXpuIWcO5V1igHiKqgum8q/DvokMgUWXGWX5P6w2b7g8EHjQLhHgec6n6?= =?us-ascii?q?vHvJzCIMQUvK+5Awtb0oY57Ba/Ci+r0NsFnXkGMV1FfwmKj5TzO17QJvD4Ee2w?= =?us-ascii?q?g1C2nzdt2//GP6fuDo/LLnfdjLftZax95FJEyAov0dBf4IpZCqofL/L3W0/xss?= =?us-ascii?q?HYDxAiPgyow+foFNV91oQEVWKJGa+WKrnesVCP5uIxcKGwY9oupDvlK/Ujr8Xr?= =?us-ascii?q?hHs9lE5VKbKlxrMLeXu4GbJgOEzfbn3y1JNJCmoOvwwjXMT2mVaCVnhVfH/0UK?= =?us-ascii?q?UitR8hD4fzIprCSoflvKaM2juyGpRQbWFPQgSDDHbkcK2YQfoKdCuWK8lqkzVC?= =?us-ascii?q?U7W9HdxynSqyvRP3nuI0ZtHf/TcV4Mm72Q=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0F0AAASmEBYh0g2WFFbGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBFQEBAQECAQEBAQgBAQEBgw0BAQEBAYF9pFCSaoQThiICgl8BAQEBAQE?= =?us-ascii?q?BAQIBAhABAQEIDQkJHTCCMwqCKwEBAQECASMPAUYQCw4KAgImAgJXBgESiGUMr?= =?us-ascii?q?QeCKYs/AQEBAQEFAQEBASOBC4oOhBkagxqCXQWUdYVpkXeBC4R7gx6GK416hAy?= =?us-ascii?q?BboNbARELGIFGcYcGKoITAQEB?= X-IPAS-Result: =?us-ascii?q?A0F0AAASmEBYh0g2WFFbGgEBAQECAQEBAQgBAQEBFQEBAQE?= =?us-ascii?q?CAQEBAQgBAQEBgw0BAQEBAYF9pFCSaoQThiICgl8BAQEBAQEBAQIBAhABAQEID?= =?us-ascii?q?QkJHTCCMwqCKwEBAQECASMPAUYQCw4KAgImAgJXBgESiGUMrQeCKYs/AQEBAQE?= =?us-ascii?q?FAQEBASOBC4oOhBkagxqCXQWUdYVpkXeBC4R7gx6GK416hAyBboNbARELGIFGc?= =?us-ascii?q?YcGKoITAQEB?= X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="1512601" Received: from authsmtp31.register.it (HELO authsmtp.register.it) ([81.88.54.72]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA; 01 Dec 2016 21:38:23 +0000 Received: from [192.168.42.28] ([151.76.1.158]) by paganini31 with id EleK1u00F3QYd1B01leK5n; Thu, 01 Dec 2016 22:38:21 +0100 X-Rid: guido@trentalancia.net@151.76.1.158 Message-ID: <1480628227.7565.7.camel@trentalancia.net> Subject: Re: [RFC][PATCH] selinux: support distinctions among all network address families From: Guido Trentalancia To: Stephen Smalley , selinux@tycho.nsa.gov In-Reply-To: References: <1480604861-13982-1-git-send-email-sds@tycho.nsa.gov> <1480613322.4558.29.camel@trentalancia.net> <9b023671-606f-d3b2-9d70-3bbcbf5e5dba@tycho.nsa.gov> Date: Thu, 01 Dec 2016 22:37:07 +0100 Mime-Version: 1.0 X-Mailer: Evolution 3.20.5 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Hello again ! On Thu, 01/12/2016 at 13.53 -0500, Stephen Smalley wrote: > On 12/01/2016 01:03 PM, Stephen Smalley wrote: [...] > > Actually, I realized belatedly that CIL makes it possible to enable > > testing of this change just through a policy module.  Attached is a > > CIL > > policy module that one can insert via semodule -i > > testextsockclass.cil (caveat: may break your system if using any of > > these socket classes). Also attached is the libsepol patch.  So now > > I > > just need a test case - will have a look at your AF_ALG patch. > > So I confirmed that using your test program, I get an avc denial for > create on alg_socket unless I allow that permission to the domain > running the program, as expected.  So no surprises there.  I'll defer > putting together a real patch for selinux-testsuite until it is clear > that the kernel patch is going to be accepted, and regardless, we'll > have to work through how to make it conditional on all the right > factors > (kernel version, policy defines the capability and the new socket > classes or we add them temporarily for the tests via the CIL policy > module). I have modified the SELinux Testsuite patch that I originally posted on the 24th of August 2016 with subject "Re: [PATCH v5] Classify AF_ALG sockets", so that it checks the kernel version (you have to edit the minimum version in the test source file)... If you decide to use the standard tests instead of the CIL module, you can save some time by using the following: [cut] This patch for the SELinux testsuite aims to add a very simple test for sockets in the AF_ALG namespace. Such test is representative of the new set of socket families that the kernel supports if it supports the new extended_socket_class SELinux policy capability. BEFORE USING PLEASE EDIT THE KER_VERSION, KER_PATCHLEVEL AND KER_SUBLEVEL DEFINED IN THE TEST SOURCE FILE. Signed-off-by: Guido Trentalancia --- policy/Makefile | 2 policy/test_alg_socket.te | 25 ++++++++++++ tests/alg_socket/Makefile | 5 ++ tests/alg_socket/client.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++ tests/alg_socket/test | 26 ++++++++++++ 5 files changed, 151 insertions(+), 1 deletion(-) diff -pruN selinux-testsuite-01122016-orig/policy/Makefile selinux-testsuite-01122016/policy/Makefile --- selinux-testsuite-01122016-orig/policy/Makefile 2016-12-01 21:52:49.170252694 +0100 +++ selinux-testsuite-01122016/policy/Makefile 2016-12-01 22:24:44.388153327 +0100 @@ -20,7 +20,7 @@ TARGETS = \ test_task_create.te test_task_getpgid.te test_task_getsched.te \ test_task_getsid.te test_task_setpgid.te test_task_setsched.te \ test_transition.te test_inet_socket.te test_unix_socket.te \ - test_wait.te test_mmap.te test_overlayfs.te + test_alg_socket.te test_wait.te test_mmap.te test_overlayfs.te ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true) TARGETS += test_bounds.te diff -pruN selinux-testsuite-01122016-orig/policy/test_alg_socket.te selinux-testsuite-01122016/policy/test_alg_socket.te --- selinux-testsuite-01122016-orig/policy/test_alg_socket.te 1970-01-01 01:00:00.000000000 +0100 +++ selinux-testsuite-01122016/policy/test_alg_socket.te 2016-12-01 21:53:30.813685402 +0100 @@ -0,0 +1,25 @@ +################################# +# +# Policy for testing sockets in +# the AF_ALG namespace (Crypto +# API). +# + +attribute algsocketdomain; + +# Domain for client process. +type test_alg_socket_client_t; +domain_type(test_alg_socket_client_t) +unconfined_runs_test(test_alg_socket_client_t) +typeattribute test_alg_socket_client_t testdomain; +typeattribute test_alg_socket_client_t algsocketdomain; + +# client can bind socket. +allow test_alg_socket_client_t self:alg_socket bind; + +# client can request to load a kernel module +kernel_request_load_module(algsocketdomain) + +# Allow all of these domains to be entered from the sysadm domain. +miscfiles_domain_entry_test_files(algsocketdomain) +userdom_sysadm_entry_spec_domtrans_to(algsocketdomain) diff -pruN selinux-testsuite-01122016-orig/tests/alg_socket/client.c selinux-testsuite-01122016/tests/alg_socket/client.c --- selinux-testsuite-01122016-orig/tests/alg_socket/client.c 1970-01-01 01:00:00.000000000 +0100 +++ selinux-testsuite-01122016/tests/alg_socket/client.c 2016-12-01 22:19:23.143815343 +0100 @@ -0,0 +1,94 @@ +/* + * The alg_socket is representative of the new set of + * socket families that the kernel is able to classify + * when it supports the new extended_socket_class policy + * capability. + * + * This test simply checks the result of bind() using + * the Kernel Crypto API. + */ + +#include +#include +#include +#include +#include +#include +#include + +/* + * First kernel version that supports the new + * extended_socket_class policy capability. + */ + +#define KER_VERSION 4 +#define KER_PATCHLEVEL 99 +#define KER_SUBLEVEL 99 + +void usage(char *progname) +{ + fprintf(stderr, + "usage: %s [succeed|fail]\n", + progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + int succeed; + int sock; + + if (argc != 2) + usage(argv[0]); + + if (!strcmp(argv[1], "succeed")) + succeed = 1; + else if (!strcmp(argv[1], "fail")) + succeed = 0; + else + usage(argv[0]); + + sock = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (sock < 0) { + perror("socket"); + exit(1); + } + + if (succeed == 1) { + struct sockaddr_alg sa_good = { + .salg_family = AF_ALG, + .salg_type = "hash", + .salg_name = "sha256", + }; + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(KER_VERSION,KER_PATCHLEVEL,KER_SUBLEVEL) + if (bind(sock, (struct sockaddr *) &sa_good, sizeof(sa_good)) < 0) { + perror("bind (algorithm available)"); + close(sock); + exit(1); + } +#else /* kernel does not support the new policy capability */ + exit(0); +#endif + } else { + struct sockaddr_alg sa_bad = { + .salg_family = AF_ALG, + .salg_type = "hash", + .salg_name = "NOTAVAILABLE", + }; + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(KER_VERSION,KER_PATCHLEVEL,KER_SUBLEVEL) + if (bind(sock, (struct sockaddr *) &sa_bad, sizeof(sa_bad)) < 0) { + perror("bind (algorithm not available)"); + close(sock); + exit(1); + } +#else /* kernel does not support the new policy capability */ + exit(1); +#endif + } + + close(sock); + exit(0); +} diff -pruN selinux-testsuite-01122016-orig/tests/alg_socket/Makefile selinux-testsuite-01122016/tests/alg_socket/Makefile --- selinux-testsuite-01122016-orig/tests/alg_socket/Makefile 1970-01-01 01:00:00.000000000 +0100 +++ selinux-testsuite-01122016/tests/alg_socket/Makefile 2016-12-01 21:53:30.814685412 +0100 @@ -0,0 +1,5 @@ +TARGETS=client + +all: $(TARGETS) +clean: + rm -f $(TARGETS) diff -pruN selinux-testsuite-01122016-orig/tests/alg_socket/test selinux-testsuite-01122016/tests/alg_socket/test --- selinux-testsuite-01122016-orig/tests/alg_socket/test 1970-01-01 01:00:00.000000000 +0100 +++ selinux-testsuite-01122016/tests/alg_socket/test 2016-12-01 22:19:42.868020293 +0100 @@ -0,0 +1,26 @@ +#!/usr/bin/perl + +use Test; +BEGIN { plan tests => 2} + +$basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|; + +# +# Tests for sockets in the AF_ALG namespace (Crypto API). +# +# The AF_ALG socket is representative of the new set of +# socket families that the kernel can classify when it +# supports the new extended_socket_class policy capability. +# + +# Verify that the client can initialize the server with an +# available algorithm. +$result = system "runcon -t test_alg_socket_client_t $basedir/client succeed"; +ok($result, 0); + +# Verify that the client cannot initialize the server with an +# unavailable algorithm. +$result = system "runcon -t test_alg_socket_client_t $basedir/client fail"; +ok($result); + +exit;