From patchwork Mon Apr 10 15:11:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9672809 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6CB16600CB for ; Mon, 10 Apr 2017 15:11:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D0132846B for ; Mon, 10 Apr 2017 15:11:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 605A32846D; Mon, 10 Apr 2017 15:11:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8EA872846B for ; Mon, 10 Apr 2017 15:11:08 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.37,182,1488844800"; d="scan'208";a="4753773" IronPort-PHdr: =?us-ascii?q?9a23=3Az/QCUhfJ79m7qMAL/11+G1CqlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxcq7YxCN2/xhgRfzUJnB7Loc0qyN4v6mADZLscvJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBS7oR/MusUIjodvKaY8wQbVr3VVfO?= =?us-ascii?q?hb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnY?= =?us-ascii?q?UAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhS?= =?us-ascii?q?waOTE56mXXgdFugqxdrhyquhhzz5fJbI2JMfZzeL7Wc9EHSmpbRstfVzJPDJ6y?= =?us-ascii?q?YYUMCOQOP+hYr5H/qlcToxaxChWjCuzxxT9TnXL2wa833v49HQzcwAAsAdQDu2?= =?us-ascii?q?nUotXvM6cSVPi4wrTUzTrdd/NW2Sny6I7VeR48pPGDR7Zwcc7PxkgvCgjIiU6Q?= =?us-ascii?q?ppH+Pz6OyuQMs3SU7+pnVe61jW4nsBt+riKgxscrlInEn4QYwU3K+yV+xYY6P9?= =?us-ascii?q?y4SEhjbN6rEZtQqyGaN5ZtTc84X25ovyM6x7sbspC4ZCgH0IkryhHQZvCdc4WE?= =?us-ascii?q?/wjvWPieLDtmnn5pZbSyjAuo/0e60O3zTMy03U5PripCj9bDqGgA1wfW6sibUv?= =?us-ascii?q?t9+Vqh2SqX2wDT9O5EJUc0mLLHK5E72L4wl4cTsV/ZEi/qmET5kK+WdkI+9uiu?= =?us-ascii?q?9+vneanpqoWZN491jgHyKqUumsqhDuQkKgUCQmeW9Oum2LDj4EH1WqtGg/Ionq?= =?us-ascii?q?XDrZzWPcEbqbS4Aw9R3IYj8RG/DzK+3dQDg3YHKFNFeBSaj4nmIl3BO/f4Deq5?= =?us-ascii?q?g1uwjjhr3OvLPqHhA5rRLnjDl63tfbBm60FG0gYzwtdf54xMBrEbPP3zQlPxtM?= =?us-ascii?q?DfDhIhMQy0xODnB89h1oMeQ22PBLSUMKHVsV+O4+IgOfKMZJMLtzbnMPgp/fnu?= =?us-ascii?q?jWU2mVUFZ6mmwYMXaGykHvRhO0iZY3jsjc0dHmcJpQo+S+rqiFycUTNIaXayW7?= =?us-ascii?q?885z4gB4K7C4fDWp2tjKaG3CehEZ1cfnpGBUyUEXf0a4WEXO8BaDqMLcB6jDME?= =?us-ascii?q?U7mhS5Mm1Ry1tQ/11aRoIfTO9i0fr5Lj28B/5/fPmhEq6Tx0E8Od3nmQQGFzmG?= =?us-ascii?q?MIQSI50757oUx80VqMy7Z3g+ZfFdBJ4PNJSAg6P4bGz+NmE9DyRh7BftCRRVm7?= =?us-ascii?q?XtWpGysxQ8ktzN8JZkZyB8+tjgvf3yawBb8aiaCLDoQu8q3Ax3jxO9p9y3He2a?= =?us-ascii?q?kgiVkmXtVANWm4ia566QfTG5TJkkWCmqatbaQTwijN9GKZwmqPuEFXSwlwUKrf?= =?us-ascii?q?UXAYfEvWoszz5lneQL+2FbQnLgxBxNaCK6pLbd3pi05LRPLnONjHYmKxnX28BR?= =?us-ascii?q?CSybOWb4rqensd0zvHBEgCjQ8T4W6MNRIiCSe5v2LeEDtuGErxbEP06+Z+snK7?= =?us-ascii?q?TlQvwgGSdUJhzbu1+gUNhfyYUfwcwqwLtD0mqzVuE1a3x8jWBMaYpwp9YKVcZs?= =?us-ascii?q?sw4VlG1WLdsgxyIIagIrtshlEAbgt3uFnu2A9vCoValsgqrm0lwxZuKa6C11NB?= =?us-ascii?q?bTyY14jqOrLLMmny4Ayva6nO11HQytaZ4KEP5+g5q1X4pwypE1Ii83R+39lO3X?= =?us-ascii?q?qc/Y/GDA0IUZL+Skw37QR1p6nGYikh4IPZzX5sPrO3sj/FxtIkH+glxQyjf9dY?= =?us-ascii?q?LaOIDgjyE9cVB8K2Muwlh0Cpbg4YPOBV7KM7Jd6pd+GH2KG1JuZthyipgnhC4I?= =?us-ascii?q?xn1UKM7SV8QPbS35kZ2/GYwheHVzDkgVi9qM/3nZ5LZSoOHmu/zijpH5VRabFz?= =?us-ascii?q?fYkVD2euP8y3yc9ki57rRXFY6EapB0ka18+xZRqSc1v90BVL1UQZu3ynnjC4zy?= =?us-ascii?q?BvnjEyqKqf2yLPw+H4exoBIGJLQndtjUv0K4iuk98aRFSobxQulBa960f13axb?= =?us-ascii?q?pLhhIGnJWkdFZDb2IH94UqSrq7qCZtRD6JQysSVYSO68e0yVSqbhoxsG1CPuB3?= =?us-ascii?q?deyy0meDGroJr5mwd3h36aLHZ2sHXWY9pwxQvF6NzaW/FRwiIMRDNkhjnPGli8?= =?us-ascii?q?I96p8M2Sl5fCtuC+U3yuVoZIfCbx04yAriy76XdtAR2lkPC5gsfnHhQi0S/ny9?= =?us-ascii?q?lqUj3FrAj9Yob3y6S6NvhnclN0C1/87Mp6HI5+n5A0hJER33gVnI+V/X0dnWf0?= =?us-ascii?q?K9Vb1rr0bGARSj4T397V/A/l1VVnLnKI3IL5SmyRwtB/aNm+Y2MW3D897s9RBa?= =?us-ascii?q?eP9LxEnC11olukogLKe/R9mCkSyec24n4An+4JoBYtzjmaAr0KB0lYOijslxCW?= =?us-ascii?q?4NCksKpXY2iufKOr1Epjgd+hF6uOogZGWHb2Yp0iBzN/7t1jMFLQ133+8pnkd8?= =?us-ascii?q?PNbdIXrBGbiQ3MgPNSKJI1ivoKgixnNHn4vXE5ze47igBh0Yu8vIeZN2Vn5Li5?= =?us-ascii?q?DQJANj3pe8MT/SngjaVAkcaQxICiBZZhFSsNXJvzS/KnDi4Sue7gNwaUHz02sm?= =?us-ascii?q?2bFqbHHQ+D9EdmqGrCE4ixOHGKIHkW081iSwObJExDng8URi43noMiFg+03szh?= =?us-ascii?q?a1115isW5l7lsBtD1vxnNxf4UmfFqwendC04SJ6BIxpK9gtC/VvaMdSC7uJvGC?= =?us-ascii?q?FV5oOhrAqQJWGAeQRIC3wGWkyeC1DlILau+cHK8/KECeqmM/vOfbKOpPRGV/iS?= =?us-ascii?q?2JKv1pBr8CqNNsWTPnhuFvM71VBFXXxjHMTZgToPQTQNly3Rd86buAu8+ipvo8?= =?us-ascii?q?C88PXrXBzg6JCKC7tVP9Vv9Q65gbufN+6QgyZ5LChX2okKxXDW1LgVxEQShD12?= =?us-ascii?q?dzmxDbQAsjbATKzKla9REx4bbCZzOdBG760iwwZNPtTbhcnt1r5iif41CUlKWk?= =?us-ascii?q?D9ms2zYswKOW69PkvdBEmXLLSGOSHLw8bvbKyhT71flv5ZuAC2uTmBCUPjOS6D?= =?us-ascii?q?lzbxXRC1Le5MlD2bPABZuIylaBZhE2biQMjjahKhNN93ij03zKYuiXzWMG4QKz?= =?us-ascii?q?98c1lCrreI9yNXnu1/G3Bd7npiNeSElTyZ4PfFJZYNq/RrBDh0l+VB4Hkh0bRa?= =?us-ascii?q?8CRESOZymCvIod5ku0umnfWXyjp7TBpOrS5GhISRvUp4IaXZ7oJNWXjF/BIX9m?= =?us-ascii?q?WQFxoKp9pjCtL1vaBf1tnPm7j3KDtY9NLU58QcDdDOKM2bKHohLQbpGDnMAQQY?= =?us-ascii?q?Vj6kK3vQh0NHkP6I6H2YtYM6pYLvmJoTUL9UTkY5FvcHCkRjBtMCOo57Xi8jkb?= =?us-ascii?q?6YjM8I4mCyrB/PS8VGpprHTO6dAe3zKDaFirlJfwAHwbL3LYQUMI32wFFtZUdh?= =?us-ascii?q?k4TLAUXQW8pBoip7bg87uE9N6mRxTnUv20L5bQOg+GUcFfGukR4olARzeuMt9C?= =?us-ascii?q?/y7FcxI1rFviowkE0qltXijjGdajnxLL2/XYtOESr7q1AxMo/nQwZydQCygUtk?= =?us-ascii?q?NDLeS7JLiLthdH5kiAnHtptVHv5TU65EbQQMyvGQYvUnzU5Tqj67xUNd4+vKF4?= =?us-ascii?q?dinhMwcZGwt3JAxx5jbNktKKzWOqVG1FxQi7mNvi+vzeAx3BURJ0AW8GOReS4E?= =?us-ascii?q?okoIOac6JyCw5Oxj9RSCmydfeGgLT/cquOxl9lgjNOua1SLvz75DJ1uqOOyeNa?= =?us-ascii?q?OWpm/AlcCQQlMqyEwJl1NJ/b5o3sc/a0CUTVwgzKONFxQVMsrPMRxaYNBM9HjS?= =?us-ascii?q?YCmOqv7AzohvP4WnEeDpQ/SOu7gIjUK5BgYpHpgM78QbEpmqzk7YMd/tLKQZxh?= =?us-ascii?q?U1+ATrOFKFAexNeBKMijcIvce/zZ5w3YRGKTEdB3h9PT+w5rbNqQ8gmOCDU8su?= =?us-ascii?q?YncGQosEMWo7WNaklC5dvnRACiS30+0CxQee6D/8ozjfAyPnb9p/fvuUYw1jCM?= =?us-ascii?q?2u8zUl76e2kULX8onZJ2ziKNttptrP6eQcp5abFv9ZVqd9vFnGm4lZRn2qVGjP?= =?us-ascii?q?HcSzJ5fud4kmdcb0BWqiUlyjlzI1SN/8PNW3LqmImw7oQ5pUsImA0TAsMs+9Di?= =?us-ascii?q?0RFw12p+4d+KJ2fRcDbIYjYR70qwQ+MLSyIBuZ0tWrRGatNTtWTvlEwOqnZrxW?= =?us-ascii?q?zzAjYfSgxHsmUJ460/G98VQRS5ESkhHe2fGjapFRUSjpAHNdfRnPqDE4l2hmOO?= =?us-ascii?q?cyxPs/wBPWvlkdNTCLaPJmaHZes9E6G1ySPW18CnAkSF+EkYrD/gms0qgI8CtZ?= =?us-ascii?q?ntZbzfNKv2D7vp7fZjKsX6qrpo/OviU7bNgpuatxPZXtIsubrp/emCLQTIXIuA?= =?us-ascii?q?2fTCG6D+ZamsRXIC9AW/ZHh2clNNcctoVc90o+SN0+J6dVB6k2prGmcz1kDTQd?= =?us-ascii?q?zSUBTYOPwCQCgvug27vdjhqQapIiMB0Yv5VChdsdVzV2bDsHqqG+TYvbi2iKR3?= =?us-ascii?q?MXLwcU6ARD+BgPlpRsfuz/5orHUoNMwSZMo/1oSivLCoVo91zjR2GMm1f4UvKh?= =?us-ascii?q?nPey0AJO1vLjyMcbVwB7CUhcweZWmU8oKLB4K6kQoo7KvCWHdVn/vG73zuupOk?= =?us-ascii?q?VRw9XOd1LkFIrFqXb8UioE9HwaX4NA1HHfFZUXkwp4cqkrp05BIIG4dUng+TMo?= =?us-ascii?q?3YNpH6O3Vcqz3VYqsW4GRzu2E9pGE+xmqFXXWDl/bJCxppTlPJFSQmFL9Z2YrF?= =?us-ascii?q?dZl15tPDClxppGLMFN+SUMXDlJoTWSpteyT9dD2cBuBZ8WPth/o2v9GL9DOJWJ?= =?us-ascii?q?uXI2oKHvynnD9zA/q1q6xTSzG66kT+1C5WEeHBsmJ3iGoEk1E+Qs6nvS8kzKsl?= =?us-ascii?q?1s4+dbAb2PgF5toDphG5BBHSxF1Xa7IFRvVHNGqflVKLzJc8xARPk/fR+vNAYk?= =?us-ascii?q?FfE820yG4Fp5kmrnbCxqrgtV5STdUBcuVSUPhbftgzIeoNm9OTAGU5JIcSkhby?= =?us-ascii?q?DdJgKZniBYog1SZFx0VJACHNlF4a0b0pVJ8cbYT0ajNz0FVgR4Ng0kyfpfiVJD?= =?us-ascii?q?sEKAdC/GAwqnaerDvx9qccqft8OmMPP5/AJbhYz9q+A4678PR3u4lg2xWdretZ?= =?us-ascii?q?PztsWWtkuSc6f1K/e8bmHcQzjMlx+wmawpD53N/yjNLgVXNYV1yX05bpf/E2LL?= =?us-ascii?q?OwpJJ74DLUpBSa96cclGovxdZ8J8YKYJ4rNtCQiaSRPzA4Gvt/5GLkvJRTvCMS?= =?us-ascii?q?qB9PC/oZjJ4rzZU+TgYdaMx3nfSaJtIph68SX7G6vt0YJG5kr2wOli+V1nRlXd?= =?us-ascii?q?LiCBqMjhJhkR68m8d0viuZkpEi3KAJtql3rt3E5AfdINQyK26JQY1I9Z6HHoRO?= =?us-ascii?q?J9yEfztOlS+Kd46Ykr+b9m09y5JaHMJvRGqk9oHgKbBh10+Zk3BmhwWXxRaPcL?= =?us-ascii?q?KPjNZaQZkdzuq+fvGqwV8hKV4etZacDDJ07bhMmyETScSQFAnAcdqD4VMgqc2O?= =?us-ascii?q?SDm69vU8qlovL52k016VikMhEG1Kxt5ZuD+qeQpu/YdR3RzbYeWqjtW8z8sK8h?= =?us-ascii?q?u1+I6v0ij74OfXZ5Ywu5H+gBTsQd3Hvvzbg2zSIwFMPOB73g+ONCV3I9mjLvhZ?= =?us-ascii?q?V9Ek4LFfwKBrWL/J5RnmEil+zeLN0WfbhImnyTGh68Dr8C1Xmr5jORIGlhmRzO?= =?us-ascii?q?0hfwQWap4F/3qy94TzHMwM34kkpJTLm3GFtdXza0OU9irjyDJg3otMD4ua4t9k?= =?us-ascii?q?E5LnTktM6RlGumIL5XGsr/JNqAISk7ul0al5gxRt211oAdB9W9PNkQ8HZkbvvd?= =?us-ascii?q?8GOniSlBrLlbh4DG+MGa5u3XHWW8j62ds7iN3i1XxWUjsFEw79ChOevC59uUTP?= =?us-ascii?q?S0z2wRVTtwuxPdXx6prbzWt1QUOVeO0ErLg4EKMM9W0mQ/1kH8/ucjWMgz9AJc?= =?us-ascii?q?Fonee/wCuSr/ODzuwVaQe9g3TDWR0yNLHlLpFll1ALM813juvM3Tmnff5UYoS5?= =?us-ascii?q?Jrd0P9mxx4FYo4Jlw26FQNxCoMDxQNYwiBDL60HUTlMZcEVU8bZBSF3bi6f7w6?= =?us-ascii?q?3UhtzbKv+uDTd+18B6wCNvpHiA6BgkRbEIoMsaICWLJ8Z0Nd9KnPqwjjConoRe?= =?us-ascii?q?LpmmYrOP2uXM9a7d4WuGc47ga4XRqg5o9J76wHh5CQaq5EfZ/Msdhn4Edm/j4O?= =?us-ascii?q?eDZCgBp+jxOlSeATvv3j4tzAvZW07eahSbgiSP8K9xguAGR+lYH/jEokodHN2O?= =?us-ascii?q?dWUpfVhpjn8ABRP36Kv57X0wFmJuoSN42rfLhh93IdJygdPn4OJsSZa/094y9r?= =?us-ascii?q?LTXS6EdPAtsWatMEIMXNmQ5VikrzWLFQ7MbbGUGXC511d88262r70jc18YEzUu?= =?us-ascii?q?z48j+5OYjf701RP/NElChsiMjCq/YRwfXIDigY/2KUZAV0wiONypmNF+z//f6W?= =?us-ascii?q?x9HOSlMKBCg2XJlBJDCa4wyoWvK1lIn1UgOT8sLzj4gxdFiOSXytnKQIqaJMEe?= =?us-ascii?q?9ciirl3jhRDJ31h+mPv9qq9mRXqkVNEJxv4h3dBKVfIpJ7NAz3lsa1QEh8Giz/?= =?us-ascii?q?eMbTeho1puWWwuYM4+NjN0rxfoIbJgwLy6j66HVPVAduTqD5vkqBV+ILeNRmUO?= =?us-ascii?q?/ErmxS6Y94La8PPUSSpJvurjhSs1A6Gg4paLg3rjxBbUnDhwhVVqn7ubIajQsc?= =?us-ascii?q?S9F5s1dWGW2sIGI++ybHVaNNgameFPMV6S6TQrUTXUtnNC1+QhW12Ihheraykv?= =?us-ascii?q?BHt3lJniVjr/Qw1DxmXhS8szX2p60RwTIg5K24tDIZtHxHSeWekyHIBU9fw/QK?= =?us-ascii?q?iaccFmvt6F29YHkFd4vy47hnKN/+9Ykg/XQwexEjcDAHXei6DSH/kb+ICJSVsN?= =?us-ascii?q?1AnB6NpNnObbirICgTKLQy0xTjSmN50gjDgRlo8WwLQi664N8jPoW9Nt4vxjC0?= =?us-ascii?q?FmjDaFYM/qRJvdPztVEVQus2Z1dhzX5t08edQC0CWtDPF3wzjgc6dWVOaIhD5g?= =?us-ascii?q?MCF6k0njaIubFL/g4QYDfTHIWq5I3QncPT1HkmStdqwGPWqbGfipMsznJlh8t+?= =?us-ascii?q?7jSSt3QKa+zYT8hsD2Dx1odfye3+f/KtsuQGSIt61rusS/oCMsi/+WusxppmQE?= =?us-ascii?q?ilxq4RH1ChKu8M2q/bUzu5SW2fQemLb2mMnzMiP07u5BmnMl43Z9lOr0MnNOvN?= =?us-ascii?q?mIJcnRX7UbxoXiWQuUPbzGs7POMfdgI2u4SnewsRQe4TfeecJu8uwPsgB1sKdX?= =?us-ascii?q?PJGzV5C/Ouu163gId7I2lg4Vn9Yen16Q/pLt2SGgUfHI7Bqp5x/uC6Rn6fOXB+?= =?us-ascii?q?0RJ+Jk509/3QF14prO9Tb46RncTMh9R8yeMFeeliMSk8ut4LhI1u8oiV0MaPcR?= =?us-ascii?q?HU0JnyP9XVreaCD/3Y1UQqdXlQUqAFbgPt+4U6Itk5VqXdHLtBpxQcBLQ1T4I6?= =?us-ascii?q?Omf09aF0MBlzfRDLaLSzmMnqqfqBZoFIqH/O8lIwMCDctgUEyvywUwN2dIiqh3?= =?us-ascii?q?HoL5ArWjJBrsFiCgd8HIRRBcwMtQynDICImKujkd++51t6u/MWsar3Ev3K0NW5?= =?us-ascii?q?34NsX5lV/ECLODfRBLJ3gkR+lemyg+3P0p/2Cc/4ftMETud7SHbfarDaBoW/Ni?= =?us-ascii?q?6OOsXkdk5d7bGc1LN5UhOMZCH2WKaIuzGkNPV67kUh1IN4ZPDcwScu777Fwtvy?= =?us-ascii?q?YX9UpiO4on6UO5tT9lvKBfbRXxhMU/qK7H5lHbELbYvz7OoONMYtz8Sc4wly6j?= =?us-ascii?q?RC19CII7agrk/KxE17cZPbLE302yc2Q4UKJw6/MUQ0i2/DtnvdGWhcLtSjKcR1?= =?us-ascii?q?gtaaFB/t505qlmw2e25BHHboRdeWOWgG1MK+ZBGK+BhND9kdg+69YVQ4ubGqSe?= =?us-ascii?q?l0JpVFnv2nu64cntpuLyHPRdNaPz3LLLNsJTpeEPnAqEIzYhEat7g1W4E1ZYWB?= =?us-ascii?q?IU4cLEiByTnyzRbZ0UHued2jzrqJID0R8nVB1b7F1iJMpwahs/aDnsLjSKzZbI?= =?us-ascii?q?3xXPPKPyoqTCqVRS4zEUm3/VepoOQEvP6CLmcEo1AUfzieCAgNqaBztdLQFHPc?= =?us-ascii?q?mfV/fJ0Wg/CXQyLwSCh/lKooHCZLtFuMTuEFFQbMan/unmtctBalJv9W8nLvd6?= =?us-ascii?q?eYybZNW+wKHotMdeWUQ8DWefBbOzgllzYUNf2if9LCtbY501PJTWwfE6XS8l2R?= =?us-ascii?q?UlKWSOSGxz33RYUVo5Q0ui0w99LSmS93FaDIMq2apzGw74G4giGYuffCWWYzeU?= =?us-ascii?q?A1hvwNAHXSiCVHfXoJD9ATpVHFXr+LZ0EK0mkgz+1pxUwiYgN2B0Zy32VWkfD1?= =?us-ascii?q?IchQTVoZnSv6W/EdRExmBzM3u0mR60v9ZsJW6pObfHNX6rZZEdlVF/Iv8oSCff?= =?us-ascii?q?JIzQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EeAwBtn+tY/wHyM5BdGgEBAQECAQEBAQgBAQEBFgEBAQM?= =?us-ascii?q?BAQEJAQEBgn8pYXkSjmyYbo8JPCgLhS6ELFcBAQEBAQEBAQIBAmgogjMiCQRGK?= =?us-ascii?q?S8BAQEBAQEBAQEBAQEBAQEaAg1eBgECJBMUIAsDAwkBARcpCAgDAR0QFREOCwU?= =?us-ascii?q?YBIdkRYEtAwgNDqpjOiYChwENgy0LAQEBHwWND4ECgVcRAYYBBYklkxs7hwCHG?= =?us-ascii?q?wGEMA2Ke4ZGiwCJAFh9CBwJAhQIHg9BhRCBZlmHMYIuAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 10 Apr 2017 15:11:07 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v3AFB26X015822; Mon, 10 Apr 2017 11:11:04 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v3AF7usg078571 for ; Mon, 10 Apr 2017 11:07:56 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v3AF7qq1014495; Mon, 10 Apr 2017 11:07:55 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH 2/2] libsemanage: revert "Skip policy module re-link when only setting booleans." Date: Mon, 10 Apr 2017 11:11:48 -0400 Message-Id: <20170410151148.11958-2-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170410151148.11958-1-sds@tycho.nsa.gov> References: <20170410151148.11958-1-sds@tycho.nsa.gov> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP commit e5aaa01f81afa278cce79bd59ebfdb80a32e4e5a ("Skip policy module re-link when only setting booleans.") can lead to duplicate entries (e.g. portcon entries) being added into the kernel policy because the existing linked policy already includes the local customizations. Revert this commit until we can come up with an approach that handles this properly. This means that setsebool -P triggers a full policy rebuild. From the original bug report: I've noticed a strange interaction with custom ports and booleans. After setting a boolean, the list of ports for a particular type (which has been customized) shows duplicate entries. Example: $ semanage port -a -t http_port_t -p tcp 12345 $ semanage port -l | grep http_port_t http_port_t tcp 12345, 80, 81, ... $ setsebool -P zebra_write_config false $ semanage port -l | grep http_port_t http_port_t tcp 12345, 12345, 80, 81, ... $ setsebool -P zebra_write_config false $ semanage port -l | grep http_port_t http_port_t tcp 12345, 12345, 12345, 80, 81, ... As can be seen, each time a boolean is set persistently (it doesn't matter which boolean or which state), the custom port 12345 is duplicated. Running "semodule -B" clears the duplicates. However, if only the local customizations are listed, the port is always listed only once: $ semanage port -l -C SELinux Port Type Proto Port Number http_port_t tcp 12345 Resolves: https://github.com/SELinuxProject/selinux/issues/50 Reported-by: Carlos Rodrigues Signed-off-by: Stephen Smalley --- libsemanage/src/direct_api.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 5687323..ee2f9e7 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1104,8 +1104,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Declare some variables */ int modified = 0, fcontexts_modified, ports_modified, seusers_modified, users_extra_modified, dontaudit_modified, - preserve_tunables_modified, bools_modified = 0, - disable_dontaudit, preserve_tunables; + preserve_tunables_modified, disable_dontaudit, preserve_tunables; dbase_config_t *users = semanage_user_dbase_local(sh); dbase_config_t *users_base = semanage_user_base_dbase_local(sh); dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh); @@ -1186,13 +1185,13 @@ static int semanage_direct_commit(semanage_handle_t * sh) users_extra_modified = users_extra->dtable->is_modified(users_extra->dbase); ports_modified = ports->dtable->is_modified(ports->dbase); - bools_modified = bools->dtable->is_modified(bools->dbase); modified = sh->modules_modified; modified |= seusers_modified; modified |= users_extra_modified; modified |= ports_modified; modified |= users->dtable->is_modified(users_base->dbase); + modified |= bools->dtable->is_modified(bools->dbase); modified |= ifaces->dtable->is_modified(ifaces->dbase); modified |= nodes->dtable->is_modified(nodes->dbase); modified |= dontaudit_modified; @@ -1316,19 +1315,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) goto cleanup; cil_db_destroy(&cildb); - - } else { - /* Load already linked policy */ - retval = sepol_policydb_create(&out); - if (retval < 0) - goto cleanup; - - retval = semanage_read_policydb(sh, out); - if (retval < 0) - goto cleanup; - } - if (sh->do_rebuild || modified || bools_modified) { /* Attach to policy databases that work with a policydb. */ dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out); dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out); @@ -1350,6 +1337,15 @@ static int semanage_direct_commit(semanage_handle_t * sh) if (retval < 0) goto cleanup; } else { + /* Load already linked policy */ + retval = sepol_policydb_create(&out); + if (retval < 0) + goto cleanup; + + retval = semanage_read_policydb(sh, out); + if (retval < 0) + goto cleanup; + retval = semanage_base_merge_components(sh); if (retval < 0) goto cleanup; @@ -1444,7 +1440,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) sepol_policydb_free(out); out = NULL; - if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) { + if (sh->do_rebuild || modified || fcontexts_modified) { retval = semanage_install_sandbox(sh); } @@ -1458,7 +1454,7 @@ cleanup: free(mod_filenames[i]); } - if (modified || bools_modified) { + if (modified) { /* Detach from policydb, so it can be freed */ dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase); dbase_policydb_detach((dbase_policydb_t *) pports->dbase);