From patchwork Thu Oct 26 08:40:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn via Selinux X-Patchwork-Id: 10028005 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5168560381 for ; Thu, 26 Oct 2017 11:57:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42E0F28DD5 for ; Thu, 26 Oct 2017 11:57:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 365FC28DD8; Thu, 26 Oct 2017 11:57:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E6D728DD5 for ; Thu, 26 Oct 2017 11:57:55 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.43,434,1503360000"; d="scan'208";a="419718804" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 26 Oct 2017 11:57:37 +0000 X-IronPort-AV: E=Sophos;i="5.43,434,1503360000"; d="scan'208";a="5154844" IronPort-PHdr: =?us-ascii?q?9a23=3AQryR+h0A8mImQFrxsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?se8fK/TxwZ3uMQTl6Ol3ixeRBMOHs6oC0LCd7/mocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbAhEmCaxbal8IRmoogncudQaipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ2ROXtxVVydcHI2y?= =?us-ascii?q?aYUBBPcFMepBsoXxu14CoB2jDgeuGezv0CdFiXD406M51OovDx3J0hE4H98MrX?= =?us-ascii?q?jZotX7NL0MXuCu16TI0SnPYulK1Trn9ITFcBYsquyMU7JqdsrRzFEiGQTfgVWM?= =?us-ascii?q?tYzlPy2a1+oQuGaa9eVgT/ivhHA7qwFtvzOv2MYshZPUjYwI1F/E8SR5wIAoJd?= =?us-ascii?q?y3VUV2ZsWkH4VUtyGbMYt2X8wjTnp0uCc61rIGuZm7cDIMyJQ83RHTcfOHc4+W?= =?us-ascii?q?4h/6UuuaPDR2hGp9db6iiBu//lKsx+3hWsWuzlpHoTRJnsPRunwVyRDf9syKRu?= =?us-ascii?q?F+80qhwzqDyR3f5+JeLU02mqfWLYMqzKQqmZoJq0vDGzf7mEDxjKCLaEop4vOo?= =?us-ascii?q?6+H7YrX+oZ+cKpN0hhn+Mqswnsy/Bvw1MhQUUGiB+OS8yabj8VflQLRKkvI2kq?= =?us-ascii?q?7ZvIrcJcsHva62HxVZ0oMi6xa7Fzum0dIYkmcbLF9dZR6KgIfkN0vOLfzlF/uz?= =?us-ascii?q?nVuhnClxy/zbJrHhB4/CLnnHkLfvZ7Z97EtcxRIozd9B45JUC7cBIO/8W0Por9?= =?us-ascii?q?PYCQI5MwqozOn5E9VwzZ8eWGKTDa+ZN6Peq1mI5vk1LOWWa48Vvyj9J+A/5/Hy?= =?us-ascii?q?lX85hUMdfa6x0JsVb3C4GO5pI1mZYXX2hNcMCmUKvg04TOzvklKCSiJTaGioX6?= =?us-ascii?q?In/D07D5imDYjbTIC3nLOBxDu7HoFRZm1eCFCME23neJmHW/cXbyKSJM5hkiIf?= =?us-ascii?q?WLivT48hyB6vuxTny7phMurU5zcUtZX51Nh6/+fTjw099SRoD8SB1GGAV291nm?= =?us-ascii?q?IMRz8zwq9/u1dwylmd3qdlhPxYD8Zc5+tTUgc9N57T0fB1C8zoVgLGZNeJR06s?= =?us-ascii?q?Qs+6DjEpUtIx39gObl5gFNq+ixDD2CyqA6MIm7GQGpw77Ljc33nwJsZ6zXbKzq?= =?us-ascii?q?8hgEc6QsFXL22pmrZ/9xTPB47Oi0iWirqqer4G3CPW6GiDym+Os11CXw5rTaXJ?= =?us-ascii?q?R3YfaVXKrd7h/EPNU6euCag7MgtG0cODKqpLatrvjVhdQffjPM3SY2O3m2uqAx?= =?us-ascii?q?aH3KmMbInre2UDwirREk4EnB4P/XyeLwgxGj+ho37CDDxpDV/vbVns/vN4qHyn?= =?us-ascii?q?T0801BqHb0h517q04xIVnvKdS+gJ0rIDoichpC1+HEyh0NLOF9qAuw1hcb1fYd?= =?us-ascii?q?wn41dH0n/Zuhd+PpO6LKBigUMefx5wv0P02BV9Ep9AntQyrHM20ApyLrqV30lc?= =?us-ascii?q?eDOC3JD/JKfXJ3Lo8x+zbq7awFbe0MyZ+q0X8vQ3t03jvB21Fkol63hnycRa3G?= =?us-ascii?q?aH65XFCQoTXoj9UkAp+Bhmv7vaeDUy55vI1X1wNqm5qiTC29wzBOsi0RagY8xS?= =?us-ascii?q?MLiCFA/1HcwaAtKhKOowl1ivcB0EIPhY9LQoMMO+a/uGxKmrMf5unT28iWRH/J?= =?us-ascii?q?5y0liX9ydnVO7HwYwFzOqF3guCTTv8i02hss/vk4BeeT4SBna/yTTjBINJeq19?= =?us-ascii?q?YJsECWa0LM2z3dhxm5ntW3tE+1G5HFMGxNWleRyMYFzhxQdQz1gYoWS7mSukyD?= =?us-ascii?q?x5izcprqub3CzK3evibwEKNXRVS2l4ilfgO4+0j8oVXEKwdQgmiAOl5Vrmx6hc?= =?us-ascii?q?vKl/MWjTTltUfyjxNWFuSLe/trqFY85J55MlqiFXUOW6YV+AUL79pAEW0yT5H2?= =?us-ascii?q?tR3Do7bS2luo3lnxxmj2KQNHJzrHvCecFs3Bvf/8LTRfpQ3joAWSl5hiLaBkOk?= =?us-ascii?q?P9mo+9WUlovMsvukW2KnSJJTbTHhzZmcuyuj+W1qHRq/kuipmt3gFQg61TH018?= =?us-ascii?q?N2WiXPohfxeZLr17mmPuJ8ZEVoA0X868ViEIFkjoQwnI0Q2WQdhpiN/noIj2Hz?= =?us-ascii?q?Mc5A1KL9cnUNQyULw9jL7wj5wkFjKWiJx43hXHWH3sRhf8W6Yn8R2i8l98BFEr?= =?us-ascii?q?qU7LhakittuFW4qx7RbuZnnjoG1Psu82AVg/sSuAY31SWdBa0SHVNEMiPymRSI?= =?us-ascii?q?6Mq+rKpJa2q1d7i/ylZ+l8i7DL6eugFcRGr5epA6EC9u6MVwLUnB0GP16o75eN?= =?us-ascii?q?ncd9QTuQOIkx3YlehaNIoxluYWhSpgIW/9pWcqy/M/jRF1wZ66vZSHKmV08KK3?= =?us-ascii?q?GBFYMCf5Z8QJ+jHilaxehNqZ35izHpV9HTUGRJXoQuiuEDIOsvTnMh2DEDMipX?= =?us-ascii?q?iGHrrfBxWQ6F98r3LIEZCkKW2YJGUDwdVlXhmdK1RVgBoIUzUigp45CgeqydTk?= =?us-ascii?q?cEhj4jAR4kD3qgdQyu1yLRbySWHfqxm0ajcvVJeQNgJW4R9Y60fTL8Oe8vp5Hz?= =?us-ascii?q?tE8Z25sAyNNmubahxSDW0TVE2IHVXjMaOq5dnH8+mVHfCxIOfLYbmUruxeTfiI?= =?us-ascii?q?z4q10oR65zaMKtmPPn56Av01wEpMQ212G9/DlDUJVywXkDnNYtWBqxig/y17tM?= =?us-ascii?q?e/8O7kWAj3/4uAF6NSMclz+xCxmaqDMfSQizxhKTZAzZ4My37IyKIE3F4OhSFu?= =?us-ascii?q?dj+tHq4GtSHRTaLfgKtXAwQcayNpO8tC97g80RVVOc7HltP10aZ1juYrBFheS1?= =?us-ascii?q?PhnMCpZdANI2ymNVPIGliEO6qcKT3M2cH3bru2SadMg+VMqx2wpTGbHlf4MTuY?= =?us-ascii?q?kDXpUxGvMfpQjCGAJhBeo5+yfQp3BWj4Ut3mbhy7MNlqjTw52rA7mnPLNXQBMT?= =?us-ascii?q?hnaU9MoKef7T9DgvV4HWxN9H1lLfOLmyyB9enXNo4Wsed3AiRzj+9V+3U6y7RS?= =?us-ascii?q?7CFCX/F6hTXdocVvo168lOmD0D1nUABBqjxTnoKEoV1iObnF9plHQXvL5h0N4n?= =?us-ascii?q?+OCxsUvNZlDcXvtL5WytjKjq3zKTNC/MnT/coTHcTUL9iHMHU5OxrzBDHUFBcF?= =?us-ascii?q?TSKsNWzHm0xdl/SS+mePrpg9q5njhpwORaRBVFwyCPwaCV9oE8AFIJdyQjwri6?= =?us-ascii?q?WbjNIS6Xq4shbRWN1QvorbWfKKHfXvNDGZgKFHZxoIxbP3M58eNoj820xsZFl1?= =?us-ascii?q?gpjKG1bQXdBKpy1ucBU4oENT/3hiVmczwV7qahux4H8PEv65hhg2hRVkbuQp7z?= =?us-ascii?q?rs4FA3JkHWpCQqlkkxgtblgTGLfD73MqiwQZlcCzDouEgpLpP7XwF1YBWonUN6?= =?us-ascii?q?LzfLWahej6F8emBrkwLToppPGeRBQq1Dbh8Q3euXaOso0FhGrCWo21NH7/PfCZ?= =?us-ascii?q?R+jAsqbYKsr3VY1g1+a941I6rQK7dXwVhUh6KDpTWn2f4rwA8ZPUoN93mSeCEQ?= =?us-ascii?q?skwSKrYmPzao/vBr6QGahjRMYnYMV/s3rfJx7U4yIf6Azzjn079NMUC+KfCQL7?= =?us-ascii?q?6Du2jBic6JQkk81kUWmElZ5bJ2y9ssc1KIV0Azy7ucDxAJNc3YKQ5LacpT9X/T?= =?us-ascii?q?cD2BseXL3JJ5JYK9FvrnTeWWrqYbnlqkHBo1H4QL9skBBYej0EXZLcfhMb4Exg?= =?us-ascii?q?4g6xjsJFWAEPtGYgmLkCsdr8G50pB3wZFXJisBDmVlLSW3+rHXqxc2gPqCWdc2?= =?us-ascii?q?ZWsaXosEN38tRcK6mi5YsG5bAzWt1OIW1hSC5SfmpivMFDn8c8ZjZPCMaBx2DN?= =?us-ascii?q?G2+Ckw/Lauhl7S8pTeIWb6NdJ4tdLU8uwapoyIC/VNQblzrkfQgY9YSGK2U2TX?= =?us-ascii?q?C966O4Dwa5UwbdzzEnu1SUKwizQuQsjrIdmtMLaHgRvzRYlOqoma3CovNcinFj?= =?us-ascii?q?ERAx1wvf0M5LpgZQ0fZJo2eRHotxk/N6y7JAeXzNCuTn2wJjRIVPZfzP+1Z7pN?= =?us-ascii?q?wyordO+6x2MqTosmwOmv7U4NWJYKgwnExfalZolRTSjzGntZewXUvSQ3jnVvOP?= =?us-ascii?q?wuz+k42x7HrV4cMzWXe+Nzc2xEo8swBVWMLnVqEmA4XUOTjZLf4g6w2LAf5zFd?= =?us-ascii?q?kMxO0e1Cq3fzpYPfYCi2V6y1t5rVtysgbd4po611MIzjLcuGtI/QnjPFVpnQtx?= =?us-ascii?q?eJUCikGPpGgtJQOj5XQOFUmWE5PswLoYRA5VAtWcc+JrxPDagsqaqpaTd/DC4d?= =?us-ascii?q?0zEWWJ2a0DwFmOe81KPQlg2Mf5Q6LBwErJJCj8MHXC5sfyMeorWvV4bNmm+FS2?= =?us-ascii?q?gLIRsT4h9W6AIGiIBwYvjv4JDUQ59U1z5Wv/V0XzPKFplu61v0VGWWjkb9SPq/?= =?us-ascii?q?j+ypxwJTwenr0tkDRhF/D01dyPxXlkssM753LKYRspTNsj+SekPwpHjtx/e+JF?= =?us-ascii?q?lN1c3UcEX1DIXftWXmVC0c5WYZRY5IyHDRE5QSjwp5Z7gqpFVKPICpZFz+6yYi?= =?us-ascii?q?x4t3A7myTdqryEo9rXYaWyeqFMJMC/1hsFLSQzBlf4ynqJD+NJlIRG9f5oGdoU?= =?us-ascii?q?9DkEpxKy651YZcK8ZV7z4MRjdPuy+SvN+vR8BYxMB5EYcMIs9htHf5BqxEIoKd?= =?us-ascii?q?o3osurzg0nXZ4SwzsE+mxDWvHK+1V+BZ/2oAFQgyOmuRtFIvAPU28mfO7F/Cr0?= =?us-ascii?q?p4/+FFCbiTlU9xuipyHohSBjZV0nCoN098THdavOlGKqnZbsJRTuIuah+oPhwx?= =?us-ascii?q?CeQp31eV/U1um3f2fTByvBNA+y/BRwk0STUVgrD1lD0EtM6oJD8aRIhUbTg6ay?= =?us-ascii?q?fFLByblj5JsBlDbEFlRo4WDsxD+74FwYte5tDCRlq0KSEZQBxiMRo10eJElU5f?= =?us-ascii?q?qkqXZDzdABGzdfbIrx13Z9ueo9CvLPTl5gdIkIfnvPo/96UZSH2sgRetTszGr4?= =?us-ascii?q?/gqt2KsVODdLviM+Kif3DOUSPBjQ20hbc4FZnF5TbTMAtcK5l+13UkfYLtCWnR?= =?us-ascii?q?PRRJP6gbPVZUVbhmadVapeBXf81kd7wT+a9qHRKHQgngGJK0oflDM1bTQSjeLy?= =?us-ascii?q?Sd/ey+u43T66fdRfLnZsyWyHbNW7h3MYti6TnnB7fq1pdT+kjs1fdr+EN6U1/G?= =?us-ascii?q?PD2fo9n6OgME/s+idlDlvpEzGzPZHotwmmL3xk5cb8oXXzGq8JMAxZNf7Hb9Uu?= =?us-ascii?q?N40k72sOFI9rlk74c346pzxsevOafSM+lavlN7AhiJHAVl6I8hAG9lR2BeeuUR?= =?us-ascii?q?MuvefbwFjcDyrOD6D6oX6ByJ9OxebdvIPVrBltO+CjGbThxEhxwBpCUfLgaT2P?= =?us-ascii?q?+Jgah0SdyqpeLhwEIi/0C+LgIazLBq/YqL5rCHpOvJYBvK0bgFWq/qS9jorrsw?= =?us-ascii?q?ukOd+/sklKIPemNveQGnFvYSVtIFzGf60a8q1T4sE9/EH7/4/P5DTHc5kzL7lp?= =?us-ascii?q?BzAVoZB/QUHaCR8oRGhGc4nO7ZOcMKfaBegGqPEgSkErAaw36x9ySXOHVlgg3J?= =?us-ascii?q?0xzoQ2Oz7Vr2oDR9QSTSz9bsjFBVVrixBUddRSapP1F3sC+XNgryqNX3obg17F?= =?us-ascii?q?0xMmH8tdKMlXGuN6lLEMDkP9yTPzU0q0wLg5ErQdyvw48bE8KnINgN6HF+cufe?= =?us-ascii?q?62SzniBaoqdHnITf7duX+vXWAXmgl7eVq6iJxD1D1nc4ukww5c66OfHT/d2KRO?= =?us-ascii?q?6o2HwLQyd4oQvBUAa/qqbHoFAMJUyLzEDLlZQSPt5DwXk3ykHm5eYkQNIp9wVS?= =?us-ascii?q?D53AaO0GpTDyPjv03FmebskvViaEzztYAlL1EFd/GKgm22L8psHJmmnK+10uWI?= =?us-ascii?q?Zwc1brhRttD4U3MUgt8kQYwjIfEQgRbhCWFK2oBV77IosAT0cDbwqI0aOndac2?= =?us-ascii?q?0k1zw6+v6/XIbeNmHaoNK+xRjgiQk1hHApgWq7ERQKpge19B867avgfiBJL9X/?= =?us-ascii?q?f4iXowNea4QsRb8cAFqXQi4hywRwe76ZtZ6bYUloyIfLZeYZfQpMB881tn5TkX?= =?us-ascii?q?eyxCnhd/iQ+5UecbpOzk+djUrp6o6ueoVKYwSOQa7Bw0CHpkj5rwml8vu9fX2P?= =?us-ascii?q?lASofNk4Tw7BhNI2KWuIbdyxRzNegOJJi3c7t763oHICweJ3YPPdWIcfk8/zFi?= =?us-ascii?q?PynT51BYBcMMf9wYNtLXmQ9Ikk3pRK1T9s3DF1+dDIdzcdwo72Xpxz0u9Js8U/?= =?us-ascii?q?zv6DmoKpDD4VBNOOlDjCZ3lN7Youga3+bSAjAN4XaFcxh13j+Cy56VBvb/4eqM?= =?us-ascii?q?08rUW0obECA5VYldJTyC+RGoR+eum5XpVxmb6sntj54kc0KQXHOxlrwfsqlQCe?= =?us-ascii?q?5Aljn73j9GG4D3gPKVs9ys5HFLuV1HFIZz8ADKGaRePpV9IhT4lcirS1NiBiv+?= =?us-ascii?q?ZsHbbB4ut/eXxusW5eVxKVf+b5cBIh0Y07L69WZVTgx2Rb73oFaWR+QRacBiSP?= =?us-ascii?q?PZs39V6IVgK7QVMFiavpzqoS9CqEoqDw8xdL8wsjtae1HMnAJLVab0troAhxAS?= =?us-ascii?q?UNFjv09DB36wNHg45zXZSaRflLORB+AN8jWPUqwOVF1lMix6QxOy1pRhZb+pnf?= =?us-ascii?q?Rcv2NdmSN9pvkq3CB8SBu6pyLsu7oH2Sg897GgqDUBpXtFQ/2ckyfICVRD1PMK?= =?us-ascii?q?jaMdC3b+91Oxe3wDbIru4Ll9O8vs744h424wYR87ZS0JQfygCz3sj6OPGoGPrN?= =?us-ascii?q?NchBuWtcXSbL+8MSsSOao5yR75QXhyzBTelg5y8GQXWjWg8MMkJIKlNMYgxyqo?= =?us-ascii?q?GmvbdFEX76NLqsTxtlkLTO0oZlNn2mlj1NaIRjEVTszVB2k1lhQkaXlDcJ9b8h?= =?us-ascii?q?AVCa8ogiqTs6ld+gEUZyvUEpi7+obOgMjEw349Tc1lxmjOvK2Kmosq0GF5m9Nz?= =?us-ascii?q?9iOOoHMSd+jCXM92DHnz0YNfyeLlavWoteAHT5Bmx6q9X/8YNcmj4nC22JRsWk?= =?us-ascii?q?+q3LgeGEC5MOAbzLfBTyilUXGYWfiMc2WUkTY2LEry5RiwLlIpc8pLrk49Mu7H?= =?us-ascii?q?hpFCjQ3hVa17Sj+XpV/Bw2wpKfkaeB4uuIe7ZwwKS/YcZuaEJeg0wf0xFEUDYm?= =?us-ascii?q?TMHSt3F++2q0CikJJ8O3V67kXwef7t/Rz+MNuOBhkEFpbXrpl1+fOkXW+BIXtg?= =?us-ascii?q?wwdpPElo9ufQC0gxtvVCfJmPh9TQgcp00fIdffd3LSI9osITmp5k6YSM1MeKcB?= =?us-ascii?q?fRzov9JN3MpviYAubfz1gxemxBU7oWewX154IgMt4+Qb3TEqNTvQ4ACqgiXJwh?= =?us-ascii?q?K2Dx+blvLAxtdg7RZbK0gtTlp+6MaZVUu3/W4UwqLCjCox0M0Oe5TQ9lYJCwgX?= =?us-ascii?q?X9PpQwSSlcr91iEBdmG5FPG8wYpQq9H5GUgL27i8O2+05ivu8Fq7b/CvDL1NS/?= =?us-ascii?q?2IV8RIZa5U2NPDnPAKlrg0Jljvm9g/va1ZnxE8zic8seVOdnWm7FdqPGHoKnJz?= =?us-ascii?q?KMIM38eElG/KWH3bJkVBWReCD5X62btC2rNPVk/V83yopmc+rP1DYt9a3U2MPu?= =?us-ascii?q?Z2FHoSeutXyJNJ5Y7FzQH+zeXglUROGD8Gl/GK0Yc4r0+P0JMdw4z9iW+xNz4y?= =?us-ascii?q?ha0MuZP6ihqVfB2ll1dZLeMETk2iU0VJIUIBuhK0ssgG7YqnPbAXhGKMirN9Vt?= =?us-ascii?q?056pCUnp5k9siSQsYHJMFXDpWca5J2cWwYS9aReM+QYNCMwMzNS6YUopiqrnbO?= =?us-ascii?q?B0JpVIhq2Fva8dnMp1Y3XKRscHbgnfK7h5OjcXBeLK8gsGeBkB5p08Rps1aIfG?= =?us-ascii?q?D0odKkqc1WvszAKK6kDwdtqxxO7dOysS83Na35rZwDNMoE+/ov/fjcr9BuOKJK?= =?us-ascii?q?rqVeLfZXJ2HgqRQi4/RAPwoA+p?= X-IPAS-Result: =?us-ascii?q?A2AuAgA2zfFZ/wHyM5BcGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?BgwgsgVIng3qLE44ZikiNchqBGANVKYlkQRYBAQEBAQEBAQEBAWoogjgkAYJIA?= =?us-ascii?q?iAEUgMDCQISEgIiBAICAwEdEwEFASwJBYgBggIDFQOdJUCMDIFtOoRwgkUNgy8?= =?us-ascii?q?yEn2CH4IHEIkxhTuCYQWSaI5VPJAAhGwNhXONN0iMS4hhOIEVJgIvT4EZKgoCH?= =?us-ascii?q?wgjD0mBLRqBHYJcHIIHVwGLbAEBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 26 Oct 2017 11:57:31 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9QBv4rW030077; Thu, 26 Oct 2017 07:57:08 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v9Q8f8wc033501 for ; Thu, 26 Oct 2017 04:41:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v9Q8f7Yu005984 for ; Thu, 26 Oct 2017 04:41:07 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DzAAADn/FZf3MbGNZbHAEBBAEBCgEBg?= =?us-ascii?q?1yBVSeDeoofjwtDAQEGiX2FMohAgTIDeYogPxgBAgEBAQEBAQETAQELFoYkBBk?= =?us-ascii?q?BATcBNAImAiMTAQUBLAmKCAMIDQOcT0CLIWuBbTqDCAEBBYQnDYEfghAqCBJ9g?= =?us-ascii?q?h+CB4EJiDiFO4JhAYExAQGROY5VMggBAYVyig6EbA2Fc403SIxLiGE4gRUfgQe?= =?us-ascii?q?BGTQhJV6BEYFTgk0PHIIHVwGLbAEBAQ?= X-IPAS-Result: =?us-ascii?q?A1DzAAADn/FZf3MbGNZbHAEBBAEBCgEBg1yBVSeDeoofjwt?= =?us-ascii?q?DAQEGiX2FMohAgTIDeYogPxgBAgEBAQEBAQETAQELFoYkBBkBATcBNAImAiMTA?= =?us-ascii?q?QUBLAmKCAMIDQOcT0CLIWuBbTqDCAEBBYQnDYEfghAqCBJ9gh+CB4EJiDiFO4J?= =?us-ascii?q?hAYExAQGROY5VMggBAYVyig6EbA2Fc403SIxLiGE4gRUfgQeBGTQhJV6BEYFTg?= =?us-ascii?q?k0PHIIHVwGLbAEBAQ?= X-IronPort-AV: E=Sophos;i="5.43,434,1503374400"; d="scan'208";a="97001" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 26 Oct 2017 04:41:08 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AAuwevxKi4jOH0G1jBtmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgfK/jxwZ3uMQTl6Ol3ixeRBMOHs6oC0LCd6/mocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbAhEmCaxbal8IRmoogndqtQaipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6y?= =?us-ascii?q?coQAAeQCM+hfr4fzuUcBoACiBQWwHu7j1iVFimP00KA8zu8vERvG3AslH98Wt3?= =?us-ascii?q?rbtsn1NLsSUe+rwqjD0DTNYOlM2Tfn9ofIbgwhquyLULJ1c8rRxkkiGgfeg1Wf?= =?us-ascii?q?rozlODyV1uATvGSB8+VgUuevhnchpgpsoTav3t8hhpfUio8a0FzI6yp0zJwrKd?= =?us-ascii?q?C6UkJ3fMOoHZtIuy2EK4d7RtkuTmJotSog1LEKpJ22cDIIxZkowRPUduaJfJKS?= =?us-ascii?q?4h35UeacOTd4i2xheLK4nxuy7FCgxfbhWcWp1FtKtjBKnsTCu3wXyRPc9M2HSu?= =?us-ascii?q?By/ku73DaAzQHT6uVeLUAxlKrbL4Ytwr82lpUNrUTOBjH6lFj5gaOMaEkp9fKk?= =?us-ascii?q?5/rlb7n8u5OQKo95hhn7Mqs0m8y/Beo4MhIJX2ie4emx2rjj8E3hT7RFjvI4ia?= =?us-ascii?q?fWvpXHKMkVpKG5DBJa3Zwi6huxFTim0dUYkmMJLF1HYh6Ij4npO17LIP/6A/ew?= =?us-ascii?q?n1SskDBxx/DAJb3uAo7CLnnZnLfheLZy5VRQxxAyzdBH/J9UBLUBL+z8W0Pord?= =?us-ascii?q?DYCwU2MxCow+bnFtp82IweVniVAq+DLqzSrUOI6vg0LOmLeY8VviryJOY+5/L0?= =?us-ascii?q?gn85nlgdfaat3ZQJcny3AvNmI0CBbXr2ntgBCXsKvhY5TOHyk12NTzpTZ3e0X6?= =?us-ascii?q?Ih6TA2E56mDIffSYCth7yNxiG7HoZMaWxcBVCMFmnoJM24XKIIaSSPMopglCAJ?= =?us-ascii?q?WqKgV54Jyx6jrkn5xqBhI+6S/TcX5rz5090gwuTPiRE/6nRbBt6H3n2RBzVxnG?= =?us-ascii?q?xVFhc526dwpUE7wVCGh/sry8dEHMBesqsaGjwxMoTRmqkjU4j/?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C/AAADn/FZf3MbGNZbHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgzGBVSeDeoofjwtDAQEGiX2FMohAgTIDeYogPxgBAQEBAQEBAQE?= =?us-ascii?q?BARIBAQsWXYI4JAGCagQZAQE3ATQCJgIjEwEFASwJiggDCA0DnE9AiyFrgW06g?= =?us-ascii?q?wgBAQWEJw2BH4IQKggSfYIfggeBCYg4hTuCYYEyAQGROY5VMggBAYVyig6EbA2?= =?us-ascii?q?Fc403SIxLiGE4gRUfgQeBGTQhJV6BEYFTgk0PHIIHVwGLbAEBAQ?= X-IPAS-Result: =?us-ascii?q?A0C/AAADn/FZf3MbGNZbHAEBBAEBCgEBFwEBBAEBCgEBgzG?= =?us-ascii?q?BVSeDeoofjwtDAQEGiX2FMohAgTIDeYogPxgBAQEBAQEBAQEBARIBAQsWXYI4J?= =?us-ascii?q?AGCagQZAQE3ATQCJgIjEwEFASwJiggDCA0DnE9AiyFrgW06gwgBAQWEJw2BH4I?= =?us-ascii?q?QKggSfYIfggeBCYg4hTuCYYEyAQGROY5VMggBAYVyig6EbA2Fc403SIxLiGE4g?= =?us-ascii?q?RUfgQeBGTQhJV6BEYFTgk0PHIIHVwGLbAEBAQ?= X-IronPort-AV: E=Sophos;i="5.43,434,1503360000"; d="scan'208";a="5150530" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from upbd19pa13.eemsg.mail.mil ([214.24.27.115]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 26 Oct 2017 08:41:05 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;75d92cc9-7ffe-4804-ab83-c1abc8e623a1 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC02.oob.disa.mil (Postfix) with SMTP id 3yN0pT0pYtz2Sj64 for ; Thu, 26 Oct 2017 08:41:05 +0000 (UTC) Received: from UPDC3CPA02.eemsg.mil (unknown [192.168.18.9]) by UPDCF3IC02.oob.disa.mil (Postfix) with ESMTP id 3yN0pS6NW6z2Sj5t for ; Thu, 26 Oct 2017 08:41:04 +0000 (UTC) X-EEMSG-check-008: 181641528|UPDC3CPA02_EEMSG_MP18.csd.disa.mil X-EEMSG-SBRS: 2.7 X-EEMSG-ORIG-IP: 209.85.218.74 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BqAAAenvFZf0raVdFbHAEBBAEBCgEBhTEng3qKH48LQwEBBol9hTKIQIEyA3mFJAKEej8YAQIBAQEBAQEBEwEBCwkLCCYxhUcEGQEBNwE0AiYCIxMBBQEsCYoIAwgNnFJAiyFrgW06gwgBAQWEJw2BH4IQKggSfYIfggeBCYg4hTuCYYEyAQGROY5VMggBAYVyig6EbA2Fc403SIxLiGE4gRUfgQeBGTQhJV6BEYFTgk0PHIIHITYBi2wBAQE X-IPAS-Result: A0BqAAAenvFZf0raVdFbHAEBBAEBCgEBhTEng3qKH48LQwEBBol9hTKIQIEyA3mFJAKEej8YAQIBAQEBAQEBEwEBCwkLCCYxhUcEGQEBNwE0AiYCIxMBBQEsCYoIAwgNnFJAiyFrgW06gwgBAQWEJw2BH4IQKggSfYIfggeBCYg4hTuCYYEyAQGROY5VMggBAYVyig6EbA2Fc403SIxLiGE4gRUfgQeBGTQhJV6BEYFTgk0PHIIHITYBi2wBAQE Received: from mail-oi0-f74.google.com ([209.85.218.74]) by UPDC3CPA02.eemsg.mail.mil with ESMTP; 26 Oct 2017 08:41:02 +0000 Received: by mail-oi0-f74.google.com with SMTP id 14so2782355oii.2 for ; Thu, 26 Oct 2017 01:41:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=FsKZcUFEeVAP7BoJJi2qoG63ZYJwW7tWFvK8+FQ0hUo=; b=AurMTzI8b7JReVKwajI8P6lZ7puNWg0S3Ilfp5TmJFql+ZU3ZynHR1yKdXJZJrWsxB WozJurE1psSLYP5Rs4y/VZWFOeJuHdlTx+h89zJ0HgZl/r/I2ceEAc14oy2drFRxNR7V XJiLEL5v/Q/REL/wTY9aFA9OR6Pv/lgnV4ulBnJdYm7bSW9SPnA+syAn7XvImSk1eOBy yknJPXlCUnTELs/YcXiyOuvCxN5No9tiPR+Y/spYJ9uE6+P5NhmM3l6nMhCVbFIOIKOV 44dKKZsQqhRzD+bTK/V9O8XZJnpoiapkRXZjqsV7phm98CDkLSvnBrZge4FcuQkcHzQr 4FCg== X-Gm-Message-State: AMCzsaVHSFkUiLdMT6JhSd1Vd1nKlhCm/F0gaBndxPR1EuoXa8jkV0R1 VS20AIl2Ef9mgNCQ1wSoSzbb1+3HCp5fgMO9/5ak9g== X-Google-Smtp-Source: ABhQp+S1Y2aGYBvc3xfZrw4StazfgxyS1NrV6gXITX0i97JEcbOEazz5MiaPm71VgxYAPQP/8zdDz1eJVoDxJB/CVJahfw== MIME-Version: 1.0 X-Received: by 10.157.40.123 with SMTP id h56mr2703709otd.45.1509007259167; Thu, 26 Oct 2017 01:40:59 -0700 (PDT) Date: Thu, 26 Oct 2017 01:40:54 -0700 Message-Id: <20171026084055.25482-1-mjg59@google.com> X-Mailer: git-send-email 2.15.0.rc2.357.g7e34df9404-goog X-EEMSG-check-009: 444-444 To: linux-integrity@vger.kernel.org X-Mailman-Approved-At: Thu, 26 Oct 2017 07:57:03 -0400 Subject: [PATCH V3 1/2] security: Add a cred_getsecid hook X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: From: Matthew Garrett via Selinux Reply-To: Matthew Garrett Cc: Matthew Garrett , linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Dmitry Kasatkin , Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP For IMA purposes, we want to be able to obtain the prepared secid in the bprm structure before the credentials are committed. Add a cred_getsecid hook that makes this possible. Signed-off-by: Matthew Garrett Acked-by: Paul Moore Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: selinux@tycho.nsa.gov Cc: Casey Schaufler Cc: linux-security-module@vger.kernel.org Cc: Mimi Zohar Cc: Dmitry Kasatkin Cc: linux-integrity@vger.kernel.org Acked-by: James Morris --- V3: Fix smack_cred_getsecid() include/linux/lsm_hooks.h | 6 ++++++ include/linux/security.h | 1 + security/security.c | 7 +++++++ security/selinux/hooks.c | 8 ++++++++ security/smack/smack_lsm.c | 18 ++++++++++++++++++ 5 files changed, 40 insertions(+) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index c9258124e417..c28c6f8b65dc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -554,6 +554,10 @@ * @new points to the new credentials. * @old points to the original credentials. * Transfer data from original creds to new creds + * @cred_getsecid: + * Retrieve the security identifier of the cred structure @c + * @c contains the credentials, secid will be placed into @secid. + * In case of failure, @secid will be set to zero. * @kernel_act_as: * Set the credentials for a kernel service to act as (subjective context). * @new points to the credentials to be modified. @@ -1507,6 +1511,7 @@ union security_list_options { int (*cred_prepare)(struct cred *new, const struct cred *old, gfp_t gfp); void (*cred_transfer)(struct cred *new, const struct cred *old); + void (*cred_getsecid)(const struct cred *c, u32 *secid); int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); @@ -1779,6 +1784,7 @@ struct security_hook_heads { struct list_head cred_free; struct list_head cred_prepare; struct list_head cred_transfer; + struct list_head cred_getsecid; struct list_head kernel_act_as; struct list_head kernel_create_files_as; struct list_head kernel_read_file; diff --git a/include/linux/security.h b/include/linux/security.h index ce6265960d6c..14848fef8f62 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -324,6 +324,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); +void security_cred_getsecid(const struct cred *c, u32 *secid); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); diff --git a/security/security.c b/security/security.c index 4bf0f571b4ef..02d217597400 100644 --- a/security/security.c +++ b/security/security.c @@ -1004,6 +1004,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } +void security_cred_getsecid(const struct cred *c, u32 *secid) +{ + *secid = 0; + call_void_hook(cred_getsecid, c, secid); +} +EXPORT_SYMBOL(security_cred_getsecid); + int security_kernel_act_as(struct cred *new, u32 secid) { return call_int_hook(kernel_act_as, 0, new, secid); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f5d304736852..1d11679674a6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3836,6 +3836,13 @@ static void selinux_cred_transfer(struct cred *new, const struct cred *old) *tsec = *old_tsec; } +static void selinux_cred_getsecid(const struct cred *c, u32 *secid) +{ + rcu_read_lock(); + *secid = cred_sid(c); + rcu_read_unlock(); +} + /* * set the security data for a kernel service * - all the creation contexts are set to unlabelled @@ -6338,6 +6345,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, selinux_cred_free), LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 286171a16ed2..37c35aaa6955 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2049,6 +2049,23 @@ static void smack_cred_transfer(struct cred *new, const struct cred *old) /* cbs copy rule list */ } +/** + * smack_cred_getsecid - get the secid corresponding to a creds structure + * @c: the object creds + * @secid: where to put the result + * + * Sets the secid to contain a u32 version of the smack label. + */ +static void smack_cred_getsecid(const struct cred *c, u32 *secid) +{ + struct smack_known *skp; + + rcu_read_lock(); + skp = smk_of_task(c->security); + *secid = skp->smk_secid; + rcu_read_unlock(); +} + /** * smack_kernel_act_as - Set the subjective context in a set of credentials * @new: points to the set of credentials to be modified. @@ -4651,6 +4668,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(cred_free, smack_cred_free), LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), + LSM_HOOK_INIT(cred_getsecid, smack_cred_getsecid), LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),