From patchwork Thu Mar 2 16:16:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9600871 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C99C760414 for ; Thu, 2 Mar 2017 16:13:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B509A28599 for ; Thu, 2 Mar 2017 16:13:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A9C52285B5; Thu, 2 Mar 2017 16:13:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BA2AD285A1 for ; Thu, 2 Mar 2017 16:13:20 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.35,232,1484006400"; d="scan'208";a="3624044" IronPort-PHdr: =?us-ascii?q?9a23=3AwGHe+RLc6nknf3w3ttmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgQKP/9rarrMEGX3/hxlliBBdydsKMZzbGM+PC7EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT69bL9oIhi6swrdu8oYjIB/Nqs/1xzFr2dSde?= =?us-ascii?q?9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLY?= =?us-ascii?q?TQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVRHniD?= =?us-ascii?q?0DNzUk7m/ZjMJ+h79frB64uRBz34vYbYeIP/R8Y6zdZ8sXS2pfUMhMWSJPAYSy?= =?us-ascii?q?b5MNAuYcM+tXoJXyqVQQohulHgSsGOHixyVUinLswaE2zeIsGhzG0gw6GNIOtW?= =?us-ascii?q?zZosjpNKgMSeC1zLfHzTPeZP1L3Dfy8ozIchQ/rvCMQLl9dtHRxlQ0Fw7eklWR?= =?us-ascii?q?qZDqPzOS1ugXtWib9PBvWfigi24gtQF8uz6izdovhInRno8Z11/J+CpjzIs1ON?= =?us-ascii?q?G0UlB3bNG6HJdKqi2XMZZ9TNk4TGFyoik6z6ULuZu8fCcX1psq3wXfa/mbc4iQ?= =?us-ascii?q?5RLjSfqRLS94hH17fLK/gA6/8VS6xe3mV8m0zU1KojBZktjMqn8N1xvT5tKBSv?= =?us-ascii?q?Rh5UeuxSyD1wXS6uFAOUw0lKzbJIA9wrMoi5YevkvOEjX2lUnrlqOaaEop9vay?= =?us-ascii?q?5+j6ernmo4WTN45wigHwKKQuncm/DPwjMgcQW2ib+OK81KDs/EHgW7pKieA2kq?= =?us-ascii?q?/Fv5/EPsQWvbK5Ag9J3YYj7BazFTGm0M8CknUdI1JFfwyHg5DzO17SOPD4Eeu/?= =?us-ascii?q?g1O0nTdpwPDGOKfuAonNLnfZlrfsZrR960layAo2199f/I5UBa8bIPLoQEPxs8?= =?us-ascii?q?bYDhAhOQyu3+nnEMl91p8ZWW+XAK+ZMrndvkOL5uI0JOmMYo4VuCjmJvgr4/7u?= =?us-ascii?q?kHA4lkQAfamvwZsXdWq0HvN8I0WWeXDsmMsOEX8WvgoiS+znkEWCXiBIaHmsWa?= =?us-ascii?q?I85y07CIW9AIfCWI+inqKO0D28Hp1MaWBMEkqMHmvwd4WYR/cMbzqfLdJmkjwC?= =?us-ascii?q?U7iuVpEu1RWvtALh0bVoMPDU+ioCuZLkzth16PXZlQsu+jxsE8Sdz2aNQnlpkW?= =?us-ascii?q?MUXTA2xrtyrlB6yleGzad3medYFcBJ6/NPTAg6KYbWz/ZmBNDqRgLBYtCJRU6n?= =?us-ascii?q?QtWgHTE+UNYxzMELY0ljB9WilBDC0jGtA78NibOLApk0/bjd33j1PMl9zHnH2L?= =?us-ascii?q?Mmj1k8TctFLXemibJn9wjPG47JlF2UlqardKQb2i7A72KDzW6XsEFZVg58S6PF?= =?us-ascii?q?UmoFZkvVrNT5+F3NQ6WoCbs5LgtL0dSCJbdSat31kVVGQ+/uN8rGY22rgWewBA?= =?us-ascii?q?2Iy6iUbIXwYWUd3T7dCFAAkw8J4XmJKxIyBiC7o2LRFDZuD07gY1vw8elir3O2?= =?us-ascii?q?VkE1zwCOb01kybW14AUYhfKCRPwO2bIEoj0uqy1uHFa63dLZFcaPpxZ7cKVbe9?= =?us-ascii?q?M9709N1XjFuAxlIpygM6dii0YQcwRtpUzu0Ql4CoRbkcUxqXMq1AtyJbuD0FJP?= =?us-ascii?q?bDOUx5fwOqfYKmPq5hCgd7bW2k3C0NaR4qoP6+43q1bkvAG0DUci8G9o09pS03?= =?us-ascii?q?uB/JnKCxASUZ3pWEYt6xd6v63aYjU6547Mz3JjLLO0sj7c1NIzH+Yq0Aqvf9JF?= =?us-ascii?q?PKODDg/yHNUQB9KyJ+wyh1ipchUEMfhO+6EuO8OpaeCG2LKrPeZnhz+mlnhI4I?= =?us-ascii?q?Fj3UKK6yp8S/TH04wDw/6GwguNTy38g0u5ssDrhYBEYikfHmqhxijgAI5RYbZ/?= =?us-ascii?q?fYIWCWeyJM23w89xi4TqW35C+16pH0kG19OxeRqOc1z92hVd1V8ZoXy9niu41C?= =?us-ascii?q?B0nioyrqqZ2yzPzeHiewABOmJRQmltk0vsK5Cuj98GREiocxQplBy96Ef03adb?= =?us-ascii?q?oLh/IHfJQUdTZCX2MX9tUrGrubqfZs5D8pQosT9YUO6ke1CVVqb9owcG0yPkB2?= =?us-ascii?q?Ze2C00eCyruprjmxx3k36SLHF2rHXFY85w3gvf6MbaRfFPwjoMXDN4hiXPBlig?= =?us-ascii?q?I9mp+s2Zl5HCsuC6U2KuSIZTfDLxwoyeriu74ndmARqln/C8gtfnCxQ10Tfn19?= =?us-ascii?q?l2UiXFtAj8Yoj32KSmNuJnZFNkC0P868p9HIF+nZA9hJUR2XgcnJqV530HnX30?= =?us-ascii?q?MdVB1qL0dGANSiITw97J/Ajl31VuLnaIx4LiSnWR29BhaMe+YmMX3CI98s9LBb?= =?us-ascii?q?yP7LxcnCt1pFu4oh7KYfRnmDcS1+cu4mYAg+4VoAot0jmdArcKEElCOizskxCI?= =?us-ascii?q?4M6krKpLY2auf6O91FFjnd+9F7GOuAZcWGz2ep06By9/8t1/ME7Q0H308ozkYM?= =?us-ascii?q?Pfbc8XthGOiRjMlfNaKJU1lvoWgipnP3nwvXg5x+49ihxhwYu2vI6ZJGVx5Ki5?= =?us-ascii?q?GAJXNiXpZ8MP/THglaVekdiQ34C0BZhhGSsEXJ3zTfKuDj0Sqe7rNwGUED0zsn?= =?us-ascii?q?2bA6bQHReD6Ed6qHLCC4irOGuKJHkd09piXAOSJEpDgA8KRjU3hYM5Fhu0y8z7?= =?us-ascii?q?a0d1/CsR5lnlqhtW1u1nKRf/UmDFpAendDg4Up6fIwRK7gta/UfaLdSe7v5vHy?= =?us-ascii?q?Ff5pChsgqNJXGAagRWC2EGR0yEC0rlPraw+dnK6/KYCfamL/vSfbWOrvRTV++S?= =?us-ascii?q?ypKy1otr5CqDNsSTPnhiFvE71FBMXXZjF8TegTUPRDQdlzjRYM6DuBe85ip3o9?= =?us-ascii?q?i88PXrXALg+5CCC75VMdVh9RC5n7uDN/KQhCZ+LDZXyIkAxXnWx7gDxFQSkT1h?= =?us-ascii?q?dyGxEbQcsi7AVKzQlbVRDx4HbCNzMdBF76wi0QZQPs7bkMn61qZijv4yCVdKS0?= =?us-ascii?q?Dumt2zacwNOWG9O0vNBFyXO7SeOT3L38b3bLuhRr1WlupZrAC/uTCBHEP5OTSD?= =?us-ascii?q?jTbpXQi1Me5QlCGbIABeuIalfxZ3FGfsUcnrahK+MN54lzE2x6M7hm/SP24GLT?= =?us-ascii?q?d8a19NrqGX7S5AmPVzAWJA4mBgLeaenyaZ6OnZJ40MvvR3ByR4jeVa4G41y7FN?= =?us-ascii?q?9iFLWOR1mDfOrt5pu1ymnPOPxSR6XxpVsDlLgp6LvUJ5OajC7JZPRXPE8AgK7W?= =?us-ascii?q?WKBBQAv8FlBcH3u6BM1tjPk7r+KDFY893O5cscH9PZKMyGMHo7KhrpBDDUDAoD?= =?us-ascii?q?TTGxM2HQm01dn+uW9nGPqZg6sJfskoIUSrBHTFw1Cu8aCkN9EdMZO5h7WTckkb?= =?us-ascii?q?+AjM4U/nqytgLRS9tGsZzdTfKdH/HvKDefjblZaBoF2q/3LIQJNo3mwExucFd7?= =?us-ascii?q?k57WG0rLWtBNpDdtbgguoEVC6HJ+VHE821r5agOx538eDeW7nh85igt5Z+Qg7y?= =?us-ascii?q?rj7EksKVrLviQwllM9mdL/gTCeaDTxNru/XZlKCyrosEg8Kon0QwlvYg2sg0Np?= =?us-ascii?q?LzDER6pPgLtmcGBkkg7cuZ9UFv5bQqxIehgQxeuYZ/8wy1RTtj2nxVNb5evCEZ?= =?us-ascii?q?ZiiAwqcZu2o3Ja3AJibcA6JarLK6pTyVhfmKGOszS02eA2xQ8RO1wC8HiOeCIS?= =?us-ascii?q?vkwHKKUmLTKy/uNw8QyChydDeG8UWvosvP1l7Ec9Nv+DzyLnyL5DNlq+N+qEL6?= =?us-ascii?q?OaumjMj8iITU0s1kkQjUlK4aB20ds/c0qTT00v1qWeFw8XOsXYMwFac8pS+WPI?= =?us-ascii?q?ciaPq+XC3JV1P4ulFuDyU+CPtLwYgkS6EwY1B44M9NgOHoGw0EHEKsfqNKMKxg?= =?us-ascii?q?8z5ATqOVqFF+9EdwiRkDcdpMG+woR30pdBKTEAG2V9MDm357bNqg8snvWDQM88?= =?us-ascii?q?Ym0GUYscKnI2RMq6ljZEsHRbEja4yO0ZyBKY4D/ivSnQFyPzb9l+ZPeOfxxgEt?= =?us-ascii?q?W2+Sg586esk17b64neJ2b5NdVivd/D8+UaqIibC/lMV7lyr1/cm5VER3ytS2PP?= =?us-ascii?q?Fdm1J4LuZIkqbN30DW23UlO5izIoVcvxO8ytLqeQiwHyWYlUqJWb3CwkNcKlDT?= =?us-ascii?q?ERBRNwp+AF5KJhagwOeIY0YRnttwsiLaO/OxuY3s+oQ2mzNTtcV+NfwvmiZ7xL?= =?us-ascii?q?0yosafe3x2Y8QZE/yOm391INSIwRgxHA2/mjfYheUCn0GnxbYQnPozQ2l3R5PO?= =?us-ascii?q?Yo3ug/2A/IsUUbMz2Td+xpcmxFsMs6BVOOIXV7EWU4R1iEjYXf+AKs2a4d/zdF?= =?us-ascii?q?ldZOzeJFqGT+voPYYD+0RKyrqJDVsy08bdgmo6x8KpHsIsqGtZzEhTPTVp/QvR?= =?us-ascii?q?OZUCSiDfpVhsBQID5EQPlPgWwlNtYGtpBH6UotTco+JrtPCacqprC2aTprEy8S?= =?us-ascii?q?zSkFV4yexjwOmOG81KXGlh2IapQtLAQEsIlegtsaSyN5eCcepK6/WIrIj2CET2?= =?us-ascii?q?gKIAEU7QRK/g0NjZR/fuH/74rOVZNMxSNWr+hyUiTVCpli70H7RX2OgVjkVPWh?= =?us-ascii?q?lPSk0hlMw/LqydQUQgNwCVZDyOZMjUsnMqt3KqkKso7NqD+IelvwvHjxx+u+OF?= =?us-ascii?q?lR1crUekXiDIrDtGrzTi0c+XoQRY9U0H/RDIkcnRBlZagsv1hDPIemekPi6DM+?= =?us-ascii?q?3IRpA6O0Vca1yFY5tXwGXTulE8JdC+F6t1LaQCFqY5Kxp5r5IJhdXmhQ+JmZq1?= =?us-ascii?q?dYjkptKTK5xoRAJMFN+DIMWyJPoTqFttuoVMJDwdN2D4MLItpnoXfyArlEOJ+K?= =?us-ascii?q?rHAtprzv0GXW+y4iv1e+xTWzHaC4T+ZY/20RGgUpO2qepVM1D+sp6GvS9E7Csk?= =?us-ascii?q?xs9edBGrePlVlxoCp6Hp1WCDdFz2yqL1RyTHlDsuVVMqfVftddQ/YsexCgJQYy?= =?us-ascii?q?Ffk830yG5Ut0h2v2YzRutgtG/CDQRxE0VS4Rgrj3gz0fpManOTsUS59TaDUhaC?= =?us-ascii?q?DFKxmFli9LphZfbFpqW4sYAtZD9LEXx4xU/tDNSUy0MyEKQARiNh4k0fpYjUNM?= =?us-ascii?q?ql+YeT3bDQaydvbCqRx3fcaQrM61N/v15gFHhZ37sOog7aUMW2WmmRGxQdDZt4?= =?us-ascii?q?L8qtqKtk6VeafkL+G8ZGTOQCLKjR+umbcuF4PK8DTLMApHN5l6zmIpYZj7Bm7R?= =?us-ascii?q?JxtGI78UKlFGWq9kcdVGuv5VZ8t6d6YT46NtAQiHRhz3Eoy1sPZGNkrTRSjZLy?= =?us-ascii?q?iZ8Oy/ppzc4KfARuf+fcyD2WzHQ75pMZhn8zX7Hanl0ZNG8Ersxvht7l96SUTB?= =?us-ascii?q?My2Zt9vhKB8E6NWge0f/sJAkBi/ZAJB1kHXx3E5AbNYXTzes8JsG1JNT8GzwRv?= =?us-ascii?q?5g0kjvrO1S8KFp6ZMp7L90yce7P7vSJO9esU9gHBibGBtm+YkqAGdiWW9deOkR?= =?us-ascii?q?J+nNfa4Bl8Dht/j3F7AL6B2S4+FZccDHJ13blcaiFjGRUgdEnAAcqT4AMgSTyf?= =?us-ascii?q?iFm7NuScm/oej1wEUt40KxLhQe1rBi+Z+E+raUpO/QdxbR0aIEVbb0Sczutbks?= =?us-ascii?q?pkeS5eE+lLEUZGx1YgqnEOwDWc4B3GvgyroqzS00GcPZA73g4OJDV24+nj/4np?= =?us-ascii?q?ByBVEWGvcKErqX4YRRhH03lvffNtIIbqBCgXqAGgS8ErAc03Kr7TWYIHV9iBHU?= =?us-ascii?q?zx7wWX+z7EPxrSJgQyvD1c3jkk1OVrmzH0hSQTGkOUplsDOLIArotcb4uaUv40?= =?us-ascii?q?EwKWzortWNlHGuOLlPBc3wOMScITUopFIQlJAxRMag2YYVGdqnJ9ce7W9xY+DC?= =?us-ascii?q?62yxlS9BuKBHi5DY4s6L5vXdBWOggLGCq7WR2DBYzWA1vV4i6tChMvHO48OFQ/?= =?us-ascii?q?Gz2mkMUShwoArBUASzqrDBqFAUI0OL2l/RmIMWJtFZwWU41kb+6eglRNI+7wRe?= =?us-ascii?q?FoDFZ/8YpDDzPjX0wUyFbNIsSimeySZXEU7pEVllAqgzxnj8vMXTlXff41coXJ?= =?us-ascii?q?V/d1T7hRxrCIU1MUct6F8RwiofHggCdwuWDLSpBUv/K4sLS1QDaBqA3Ligeac3?= =?us-ascii?q?xld/wrWx6+/PdeZ8HbYCNu5Bjg6Sm1hWApYWsbYbQL98YFJd+rDYqRXlC4j9Rf?= =?us-ascii?q?fmjWAwNfq3Qs9E7c8Zq2Eu4gGlRxqv8Z1D9aoUiIiUdq5YZpjBpNt84F155TEV?= =?us-ascii?q?eSxCngN/ggiiUe8GuuDs+Nfbv4Sz6uq0UqYiWfkX/QAuB2til5vwnEwjodbP2u?= =?us-ascii?q?deS43VjJ/y8AVTLH+KponayRh8KewBK46xerZv6WkHLTAEJ30SJdqWd+U84yh1?= =?us-ascii?q?PTXS5l1NGNkDas8DMcrWhw9UllPmV61J+srcAF+YBJ95d9o04Grv1DA17Zw8X/?= =?us-ascii?q?775z+3PpDe4UtCP/FCjCVwjNLNvvUVwf7JBScL5nmWdgZ6zTmfy5mXDPbw5/+D?= =?us-ascii?q?xMvTV1McES48S51dKyaa+Qy7Wuq1k43kUhuO5c/vnJ0+dEyRRnurnKQGq6pMCv?= =?us-ascii?q?BPiiH63jhYC4D0iOmYs8K252tLqlJHEIhy7RrfGKVcJJl7Ogr3ltOtRkdiAivz?= =?us-ascii?q?YsbUdgAhuOCO3OcD//1+N1fiZY8cOh8E16j65mRRTgR0Tr75oE2UUv8QZNtpSf?= =?us-ascii?q?PEsmpa6Zl6JK8VIViRvprqoSlUqFouGg8mdKcwriBGdknJhABVVLz7uKQehQsA?= =?us-ascii?q?Ud50oktMGWOsOG0g5zrIT7lVjLKLBPwT7DqTUrQEU190PSNmXxO1xJJudqOmnf?= =?us-ascii?q?9ZtGNGgiR9oP8t3zx9WhS8vSzsp6QQ2TMv47y4sCsOuWZFT+qEiSvID0tMzOgS?= =?us-ascii?q?h6cGF3ni8UC8YGUEbIbq5rlnJNjv9Y4l43slehUvZSwGXeOnCyHrlKOFGYmPvd?= =?us-ascii?q?1ThRKXv8XOd7CzJzAINrsh0RLjW2R90g/GkRZn7GQLWS6g4MY5KouyP8glxyyo?= =?us-ascii?q?GXXUdVsX7aNJtdH+tVgVQ+csblNh2mpj2NCdRiIRXMzPB3o1jg88ZGVGd5JD6R?= =?us-ascii?q?kaG7M0jTaIuqlG4xwbYTbVEoSj4YnQnsbI1GIjTddr2GLZvKmFiY4r0HF/ndN7?= =?us-ascii?q?8DKOsmwId+PES89sHmTz1oBHxOz/efWiqOYHRZBiyLS8TfACM86j+XCs1JVtQE?= =?us-ascii?q?+lyawUH0ClP+8b2rfbTyClRHWaWeuVfWiMkTI5P1X85BayKF04dttKo1U7MuTc?= =?us-ascii?q?mp5WjxfhXq9sRiWMuV/by3QuMewedwIxtoaoZQgKTOoKauiHIuguxvw+B0cWY3?= =?us-ascii?q?/PAyR2F/e8sUSxk4hjJ3Vg/UL6bPzv8gDmMNqSAh4EEYrbrp5t5/O3XWeBOX58?= =?us-ascii?q?zB1oIkZ47eDfF04+tuVEaZaegcDQh8hn0e4Cb/ptLSw9utsIl4J/6ImbzMSKfg?= =?us-ascii?q?/VzproI9HavOSYCeXFz0s2YmFaTqYZYQTt6oU/P945WL7THbxCsBQeH6c6Q5sh?= =?us-ascii?q?N2Hv+6FyNg9zdBDeZKisiMnwuu2LfodUp2PR7l8oNyjTpRsDyuCvQAxga5CqgG?= =?us-ascii?q?nyIIwuRj1fstJhEBxmHJFAG8kYtQqoH4aUmL2ni9+24056tfEFsa7xCvDSytu0?= =?us-ascii?q?xIRwX5lf5UyOIjnRHq1rjVp/guS1mPfA3YH7Cdn+dtMcSOh7XmnFZ6fIH4WnMD?= =?us-ascii?q?KOO97zdFBd/r6Z0bJ5Tg+Raz7jU6qBri2kO+1u4V8nxYxgYOrT0Dst4qnc2Nv2?= =?us-ascii?q?eW5WvT+jrXqTO5tE8FzKBPDRXw5OSfWb7mlpB6sXYpXo9O0WK9wt3MCc4xVv7D?= =?us-ascii?q?RFyMaFJ6mhrknR2kN0bJ7bKErp2z0lWYkROxm/MFEjgWneqnjHBnRcNMekI9F3?= =?us-ascii?q?gNmJFhzt+1VxmWY1a25aBGXoQdaROW4G28OxYwGE+x5LD9YdkO6tZ0E4rre9RP?= =?us-ascii?q?JrOppbg+WqsqsIkdJyJCHSS8hWJSbQLKV5PjBJFOXAuEAoYgIYs7gyQoo1YIKB?= =?us-ascii?q?L18HMEeBzyPyyhDP0VP1d9yqyqmJJCcW8nNaz7PKyzRMoBO5ufmBiM35TL/ZdI?= =?us-ascii?q?32XOLVMCc9VDGVXzcyEUGy9lq/pvoEuuaYIWcYolAJbSKSCBITqrpprdfOEm/Z?= =?us-ascii?q?gfdjc4EShPCGRyDwTzV1lKUoCSlQr0CMQuQMFQ3NYn//hGpToheiJv5R/X7/ab?= =?us-ascii?q?2X2LZVUfQMAoRQav2ZX8fYefdGKjcqkzUZP/y8f8fdr7YiyV/IS3EWE6zW+12f?= =?us-ascii?q?VkKWReacxz3zV4UPo4c0ojYo+s7XniJvCKTIMbOfqCKv/4O7lyuYp/PRVnMsY0?= =?us-ascii?q?00h+ICBnONwB9eJ2EYE9sVol3iQracZ0ZQ03IkkeBu2xgKeAR3SXBu12NZk+uz?= =?us-ascii?q?Gs1eU14bkH2hTOcAbF9pEDNjtXONtxb/Zd0GpND7W35V9rxKT5EUavYv9tr5Iq?= =?us-ascii?q?wVlc010SpmrSpyiCCUC1dQn0rR6KbLNL5tzb1Fo28j9rd5WV/ZEGCXSXTO1ofz?= =?us-ascii?q?U5EH/ixpu32xkpCMsw=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EiCACmQ7hY/wHyM5BeGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgyVheBGOWpJ7AZUzJgOBd4ZXVwEBAQEBAQEBAgECXyiCMyKBBVtDAjcUI?= =?us-ascii?q?AsDAwkCFykICAMBLRUfCwUYBIlMDbQNJgKKfCaPYREBgmgMgm4fBZBUi1WGdYM?= =?us-ascii?q?miBcCgXlTiBcMhiwCSJJvWHkIGQgCEggdDz6FBYFmV4dQgi4BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 02 Mar 2017 16:13:17 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v22GCp5G026841; Thu, 2 Mar 2017 11:12:55 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v22GCneH106796 for ; Thu, 2 Mar 2017 11:12:49 -0500 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v22GCnSJ026833; Thu, 2 Mar 2017 11:12:49 -0500 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH] selinux-testsuite: capable_file: Add dac_override and dac_read_search tests Date: Thu, 2 Mar 2017 11:16:18 -0500 Message-Id: <1488471378-24460-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Add dac_override and dac_read_search tests to the existing capable_file tests. This required removing dac_override and dac_read_search from all test domains, previously allowed in order to permit reading/writing of the test directories and files when they are not root-owned, which in turn required setting the ownership of the test directories and files to root before running the tests. This does assume that the path to the tests subdirectory is searchable by root without requiring dac_read_search. Document the audit output for each test case in the comments, both with existing kernels and with the pending "fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks" kernel patch applied. This audit output has been confirmed manually. Signed-off-by: Stephen Smalley --- policy/test_global.te | 4 ---- tests/Makefile | 1 + tests/capable_file/test | 63 +++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/policy/test_global.te b/policy/test_global.te index 9114abf..f7d1335 100644 --- a/policy/test_global.te +++ b/policy/test_global.te @@ -22,10 +22,6 @@ role system_r types testdomain; # This allows read and write sysadm ttys and ptys. term_use_all_terms(testdomain) -# Allow the test domains to access the test directory and files -# even if they are not root owned. -allow testdomain self:capability { dac_override dac_read_search }; - # Let sysadm_t use runcon to run the test programs in various domains. #allow sysadm_t self:process setexec; #selinux_get_fs_mount(sysadm_t) diff --git a/tests/Makefile b/tests/Makefile index 11008a9..5a6c76f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -54,6 +54,7 @@ all: test: all chcon -R -t test_file_t . + chown -R root . @SUBDIRS="$(SUBDIRS)" PATH=/usr/bin:/bin:/usr/sbin:/sbin ./runtests.pl clean: diff --git a/tests/capable_file/test b/tests/capable_file/test index 9d89dfd..fcb864d 100755 --- a/tests/capable_file/test +++ b/tests/capable_file/test @@ -4,7 +4,7 @@ # use Test; -BEGIN { plan tests => 10 } +BEGIN { plan tests => 16 } $basedir = $0; $basedir =~ s|(.*)/[^/]*|$1|; @@ -34,7 +34,7 @@ if( $mode eq (stat($fn))[2] ) { $result = 0; } # prior mode should not be same as current mode -ok($result); +ok($result); # CAP_LEASE $result = system "runcon -t test_fcap_t -- $basedir/test_lease $basedir/temp_file 2>&1"; @@ -70,7 +70,7 @@ if( $mode eq (stat($fn))[2] ) { $result = 0; } # prior mode should be same as current mode -ok($result, 0); +ok($result, 0); # CAP_LEASE - Needs DAC_OVERRIDE $result = system "runcon -t test_resfcap_t -- $basedir/test_lease $basedir/temp_file 2>&1"; @@ -78,9 +78,64 @@ ok($result); # CAP_MKNOD - Domain needs CAP_DAC_OVERRIDE $result = system "runcon -t test_resfcap_t -- mknod $basedir/temp_file2 c 5 5 2>&1"; -ok($result); +ok($result); +# Cleanup system "rm -f $basedir/temp_file 2>&1"; system "rm -f $basedir/temp_file2 2>&1"; +# +# Tests for CAP_DAC_OVERRIDE vs CAP_DAC_READ_SEARCH vs neither +# + +# Create temp file for testing. +system "touch $basedir/temp_file 2>&1"; + +# +# In the below comments, +# patch is "fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks" + +# Test that a domain with dac_override can read an unreadable file. +# Audit with -linus: none +# Audit with patch: dac_read_search +system "chmod 200 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_resfcap_t -- cat $basedir/temp_file 2>&1"; +ok($result, 0); + +# Test that a domain with dac_read_search can read an unreadable file. +# Audit with -linus: dac_override +# Audit with patch: none +system "chmod 200 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_res2fcap_t -- cat $basedir/temp_file 2>&1"; +ok($result, 0); + +# Test that a domain with no dac_* permissions cannot read an unreadable file. +# Enforcing Permissive +# Audit with -linus: dac_override,dac_read_search dac_override +# Audit with patch: dac_read_search,dac_override dac_read_search +system "chmod 200 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_nofcap_t -- cat $basedir/temp_file 2>&1"; +ok($result); + +# Test that a domain with dac_override can write an unwritable file. +# Audit: none +system "chmod 400 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_resfcap_t -- dd if=/dev/zero of=$basedir/temp_file count=1 2>&1"; +ok($result, 0); + +# Test that a domain with dac_read_search only cannot write an unwritable file. +# Audit: dac_override +system "chmod 400 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_res2fcap_t -- dd if=/dev/zero of=$basedir/temp_file count=1 2>&1"; +ok($result); + +# Test that a domain with no dac_* permissions cannot write an unwritable file. +# Audit: dac_override +system "chmod 400 $basedir/temp_file 2>&1"; +$result = system "runcon -t test_nofcap_t -- dd if=/dev/zero of=$basedir/temp_file count=1 2>&1"; +ok($result); + +# Cleanup +system "rm -f $basedir/temp_file 2>&1"; + exit;