From patchwork Wed Feb 28 10:15:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vit Mojzis X-Patchwork-Id: 10247105 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 95CE660212 for ; Wed, 28 Feb 2018 10:16:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F0B028BCD for ; Wed, 28 Feb 2018 10:16:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7370B28C8A; Wed, 28 Feb 2018 10:16:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA10.eemsg.mail.mil (ucol19pa10.eemsg.mail.mil [214.24.24.83]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F010028BCD for ; Wed, 28 Feb 2018 10:16:21 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.47,405,1515456000"; d="scan'208";a="455504924" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA10.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 28 Feb 2018 10:16:20 +0000 X-IronPort-AV: E=Sophos;i="5.47,405,1515456000"; d="scan'208";a="9928776" IronPort-PHdr: =?us-ascii?q?9a23=3AY/TvHBWvkb85jK2B8oGt8XJuiunV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYRKBvqdThVPEFb/W9+hDw7KP9fy4AipYud6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCybL9uIhi6txndutULioZ+N6g9zQfErGFVcO?= =?us-ascii?q?pM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLf?= =?us-ascii?q?QguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxkRgXoiC?= =?us-ascii?q?MaPDAn9m/ZhNF7gKZCrB68uxBzxojZa5yXOvVjZKPQZdMUS3RPUMhSVSNBDJ6y?= =?us-ascii?q?b5MNAuYcM+tXsZL9qkASoReiHwSgGP/jxiNUinLwwKY00/4hEQbD3AE4EN0OsW?= =?us-ascii?q?jUp8jyOqcVU+C0zajIzS7eZP5Rxzf97Y/IchIgoPGNRrJ9atDRxlcyGAPFlFqQ?= =?us-ascii?q?tZbpMC+S1uQIqmWW6fdrW+yoi24isQ5xoz6vy982iobXm40VykrL9TljzIkpIt?= =?us-ascii?q?24TUh2asOnHptIryyWKoR7T8w4T2xopSo20KMKtJGlcCQQ1Zgr3x/SZv2df4SV?= =?us-ascii?q?4R/uVvydLSl2iX9rYr6yhRi//E69wePmTMa0ykxFri9dn9nJsXACygLc59CcSv?= =?us-ascii?q?t44kehwTGP1x3P6u1cIUA7i67bK5k5z74sjJUTq0XDHjLtmEnskK+Xdlkr+uiv?= =?us-ascii?q?6+j9ZLXpuoScOJNuhgH7M6QuntSzAeU+MgcQQ2iW4fmw2bLs8EHjQLhGk+c6nr?= =?us-ascii?q?fWvZzEP8gXu7a1AwpP3YYi7xa/AS2m0NMdnXQfN1JKZhaHj4nvO1HTL/H0FOyw?= =?us-ascii?q?g1OxkDdt2//JIKbhD47RLnnDjLjhfbF951RayAoo199T/Z1UCrYfIP7rQE/+qM?= =?us-ascii?q?TYDgMlMwyz2+vnCtJ91oUEVmKTAq+WKqXSvESK5uIoJemMYZUauC3hK/c7/f7u?= =?us-ascii?q?lmU1mVgHfammxZEXcmy3Hux6I0WFZnrhmtUBEWUQsQUiT+zqk1qCUThSZ3asRK?= =?us-ascii?q?886DU7CJ+pDIjYW4CthqCB3DqhEp1RfGBGBUiGEW30eIWcR/cMdCWSL9dvkzwF?= =?us-ascii?q?UbihTpEu1Qu1uQ/01bVoM+3U+jcCupL7zth14O/Tmg8u+jxoFcid1HuNT25slG?= =?us-ascii?q?MSWzA2xLx/oVB6ylqbzKd3n/lYFdtV5/NVTws3LoDcwPJgC9DzWwPBedGJREyg?= =?us-ascii?q?Qtq4HTE7VsgxzMMWY0ZhB9WiiQjO0De2A7APjbyGH4A78qXZ33ftPcl90GrG2L?= =?us-ascii?q?Mnj1Y4XstFLXemibJn9wjPG47JlF2UlqardKQb2i7A72KDzW6XsEFZVg58S6PF?= =?us-ascii?q?UmoFZkvVrNT5+F3NQ6WoCbs5LgtL0dSCJbdSat31kVVGQ+/uN8rGY22rgWewBA?= =?us-ascii?q?2Iy6iUbIXwYWUd3T7dCFAAkw8J4XmJKxIyBiC7o2LRFDZuD07gY1vw8elir3O2?= =?us-ascii?q?VkE0zxuQYE1ny7W1+wUViOeZS/ML37IIoTwhqjtvHFqn2NLWEdWArRJ7fKpAed?= =?us-ascii?q?M9/EtH1WXBugx+JJOgLKdihkMFfgR0pUzu1BJ3CphancgttnMqwxJ4KbiE31NZ?= =?us-ascii?q?azOYwZfwN6XNJWbv5hCvarDZ2kvF3dmM5qgP7e40q1L5vAGmDkAi6Wlo08FJ03?= =?us-ascii?q?uA4ZXHFBASXo/sXUss+Bh6or7bbjM754zKyX1mKbO0vSPa29I1GOslzQ6tf8xR?= =?us-ascii?q?MKOeEw/yCNEaCtO1KOwsnFioYBcEM/pU9KIuOcOpaeeG0raxPOl8hDKmkXhH4I?= =?us-ascii?q?dl30OC7SV8TvLI0Igfw/GDxQaHSSnzjE26vcDqnIBIfzYSHnCwySL8Ho5eerVy?= =?us-ascii?q?fZoXCWepO8C3wNR+h5rpW3FG716uHEkJ19GzeRqVdVD92hdQ1UsPq3y9hSS41y?= =?us-ascii?q?B0ky0urqeHwizOwvjtdAYAOm5RXmVtkVfsIY+yj9AVR0WoawkplB2/6kbgwKhX?= =?us-ascii?q?vqN/L3PcQU1QZSj5M3liUrestrqFe8NP7JIosT5LUOilelCVVLr9oxoc0yP+EG?= =?us-ascii?q?pT3ys7dymrupX/nhx1lHmdIGx1rHXHZcF63Q3f68DERf5NwjoGQzF1iSPQBli4?= =?us-ascii?q?O9mm48+UmIvEsuGwTG+hTYBTfjXwzY+asyu7/2JqCwWln/+vgt3nDRQ60Sjj2t?= =?us-ascii?q?lpSyrIqg38b5Lo16ukN+JnZU9oC0Hg68ZgHYF+iIQwjokK2XcGnpWV4WYHkWDr?= =?us-ascii?q?PNVDw63+cX4NSiATw9HP5gjlxFNsLmiSyoLkTXWS3NFhZ8KgbmMN3SI98tpKB7?= =?us-ascii?q?uK47xKmit1uFW4ohzLbfh7gDgd1eMk6GQGjOERpAot0iKdD6gMHUleICPhjAqI?= =?us-ascii?q?79ajo6VXfmqvd6a/1FZml9C7EL6Cuh1cWGr+epo6BS9/9Nh/MFbX3XLv64HkZN?= =?us-ascii?q?nRYcsdthKOlRfMle9VKIg+lvASnypoJXr9vWE5y+48lRFu04u1vI6bK2Vq+aK0?= =?us-ascii?q?GRBYOSPoaMMU4DHil75entyR34CtAJpuBikLUIHvTfKyHzIYre7nOBqWED0gtn?= =?us-ascii?q?ebHqLSHQqF50diq3LADYyrN22NK3YD1thiQgeSJFBEgA8IRjo6hoA2GhqsxMP/?= =?us-ascii?q?bEdz/ioR6ULgqhtQ1uJoMAHyUmnFpAi2dzg0U4KQLBxK7gFF/EfYKtaR4f52Hy?= =?us-ascii?q?1C+Z2htgONIHSBZwtUFWEJRlCEB1f7M7mo/9nP6fCYBvKlIvvAYLWOs/deV+uG?= =?us-ascii?q?xZKu1Itp5TCMOdmOPnZ4C/03wE1DXWp2G87BgTUAVzQXlz7Rb86cvBq84jN4od?= =?us-ascii?q?uh//TtWQLv+YyPBqBTMdpx5R+5n72PN+mKhCZ2MTxYzI8DxWfUyLgD214fkzph?= =?us-ascii?q?eCKqHbQEtC7NV77QmrRNAx4AdSx8KNFE77ki0QlJOM7bjM7117Fjg/EpC1ZFT0?= =?us-ascii?q?Hhmtqzac0EOW69KEjHBEGNNLicIj3L2c73a7umSbJMlOVUqwGwuTGDHkD4PzSD?= =?us-ascii?q?mD7pVxa0PO5Rki6UJx1et5u7chp3DmjjVt3mYAWhMNBrlT023aE0hnTSOGEGPj?= =?us-ascii?q?hzaV1NoaOL4CNfmvVwBWpB7n9/IumFnyaW9O7YK5kMvftsGCR0mPpQ4G4mxLtN?= =?us-ascii?q?8CFEWPt1lTPOrt5pplGqiPOPyj1mURVQrDZEn5iLvUJ8NqXa7ZRPRXHE/BcR4m?= =?us-ascii?q?qKEBQKu8FpCtvxtKBM0tLPjr78KC9e89LI+ssRH8rUKMKHMXo5NhrpHD/UDBcb?= =?us-ascii?q?QjOwMGHfhlBdkOuM+XGPqZg6sJfskoIUSrBHTFw1Cu8aCkN9EdwBIJZ3Wi0rnK?= =?us-ascii?q?WejM4P63q+ogfeRNlGvpDHUfKSBOvgJCyfjbZaexsC2an4IpgLNo3nx0xibUF3?= =?us-ascii?q?nILUFEXKWdBAuS5hbggvoEVR6nd+SHYz20Hkag+35n8cC+K0lAYsigRieeQt6C?= =?us-ascii?q?vs41AvK1rQuiQwi1c+ls//gT+NcD78N7y/XYBMCyXpsEgxPIv7QxxrYgyyh0Bk?= =?us-ascii?q?MinLR65Jhbt6aW9rkBPcuYdIGfNEUKJEZxkQxfeKaPo21VRcqz6qylVZ6uvfDp?= =?us-ascii?q?tujgwqcYSjr3hYwQJscMY1JbDMJKpO1lVfm7iBvjGp1u8s2w8TPFwC8HmIeC4P?= =?us-ascii?q?tk0ILacpKDa1/ux26AyChztCdHIKV/U0vvJg7lk9NPiYzyL8z75DLVi8N+iYL6?= =?us-ascii?q?ODpWfAk8+JQlQr20MHkUlF4KJ60cA5c0qbT0ov1qeeFwwVNcreLgFYd9FS+2bX?= =?us-ascii?q?fSaPt+XN3J10Mp6hGeDvSO+BqLwbglm4HAozGYQD8NgBFIG20E7ENcfnMKIFyR?= =?us-ascii?q?I16QT3JVWFCfNJeA6LkDYHuMyw0Z533IlHKT4GG2l9Nzu45qrPrA8wnPWDRMs2?= =?us-ascii?q?YmsdXoYcLH02XMy6lDJHsHtYCTm20uQZyA+E7zDmvSnfFzj8YMBlZPuNaxNsFc?= =?us-ascii?q?u6+TMh/KiqkVTX6InRJ3nmNdR+vd/C8fgVqIiBC/5PV7ZyrlnclJdCR3yxSWHP?= =?us-ascii?q?C960K4L3a4k2Ytz+Emy6XUCnizIpU8fxO86gLqeVgQHpQYZUtJeU3DU4OMCgCD?= =?us-ascii?q?4RABZwqPsF5K5mYg0DeZU7awbytwsiL6y/PBuY0tK2Tma3LztWTuVQzeW9Z7xT?= =?us-ascii?q?1Coidva0xmY6QJwmyOe66lICRJYPjh7C3/mjfJVeXTL1GnNDZwXFvTA5mHR5Nu?= =?us-ascii?q?Yu3uc/xwvFsUMGPDCRc+xmc3dJv80mBVyIP3V5FG44R16ajYrM5g6s3r8S/ytB?= =?us-ascii?q?n9Zay+JFqn3+soXZYD2yRKyhsY/VvDY4bdg6v61xNpTuI8WcuJzCnjzfTZzQsg?= =?us-ascii?q?yfXy65DPdam8ZfLzxGT/VSnmElI8MGs5Jb6UUtTsc+O6BPCK40q7CvczVkFy0S?= =?us-ascii?q?wjEFV4OB2jwCjfyx2rXAmReWbJsiNBsEsIhfjdsGSSJ2ZD0RpLO7XYXMi2CEUn?= =?us-ascii?q?QLIBsU7QlU/g0AjJJwfub/7IrLV5JMyj9Wo/NoUiTQDJVo8UX0Sn2Oi1jiVPqh?= =?us-ascii?q?i/Cp3R5VzP/009kbXgJ/BlZZx+lIk0snNq13K7MQv4PRtT+IbV31vGToyOS8JV?= =?us-ascii?q?lRzdbbd1r3DYbfsmr8SCIc82UORYBT0HHfCYgSkw1hZaY3o1VMJZurelri6zwh?= =?us-ascii?q?3ItlBb+4Wt63x1w9t3YJWz+qE8ZdC+FhqF/XWCdqY4qxp5XhJppfWXJf94OFq1?= =?us-ascii?q?dBjkptNzC2yYBGJ8FK+D4MUyBFoS+Bs9uqVM1Dxch2AocOItd4pXjwA75LN4aK?= =?us-ascii?q?o3IooLzv1mHW9C0mvFe82jqzB7eyT/hF8G0GBgUpO2Oep1EzD+Qx72jS80rCsl?= =?us-ascii?q?Rv8uhHAbiPiFl+ryxmHpBSHDpJ026qL0hrRnlcr+paMLjVc9BbQ/QqfhCvNQAx?= =?us-ascii?q?GeIk0kCU80x5hmv2Yyt3tgRG4S/dRBU0WTMTgrjzhT0UstunNiMCS5JUcTUhaD?= =?us-ascii?q?/IKxiFli9KvBZQcV1qVosdAtZC5bEUw5VY8dbFSUmxNy4JRhpiORwk0fBHj05M?= =?us-ascii?q?rF2YeTzBDQqvbfvPqgZ3fduLo8G0MPT05xxHioT6sOAi66oMWXummRG3Qd/Eq4?= =?us-ascii?q?/wrNqKtlGBdK3gKe2zfWfBTCTQjRC3nbokE4PK8DbNPwVGMJR61H4kYYT7CWHR?= =?us-ascii?q?IxRGJqUbJ05FWqBmc9lGpfpaZ8B8cqYT5aBtHg6HRg/oGIG3rvlJNEzTRTPFLy?= =?us-ascii?q?WF6OO/v5ne7bnASejkesyMxmrIQ6NtMZd88jn3AbDq0ZVR+kDuwPdi6lt6SUTa?= =?us-ascii?q?MyCGtNnhJBkE5M+sdkv4uZ0mAC3ZDYxskHX3wEFAbM0XTzes8JsG1JNT8GzwRv?= =?us-ascii?q?5g0kjvrO1S8KFp6Y8z471yyMe0I6LSJe5bsU9hDBiUHB9l9o4xAGhlWmBefvMR?= =?us-ascii?q?KOrLfasHl8zurPr3F6MP4h2P5+NZccfHJ13GmsSnDDGcSABLnAAFqTEANQuQzf?= =?us-ascii?q?+Fm6hzSca+vuj0wUct7lexLxIcy7Bt/4iE8LKSpODLdxvR0aQEWq/yS8zvtLss?= =?us-ascii?q?v12d5eY4lL8OfWx4eBanH/QcVsEDwGfg0aEqwjg2H8PFAb3g5OZJV2glkTL4h5?= =?us-ascii?q?B9A1IWF+sQHbqQ+IRTnnw1m+LHOdILdaBCgHyAFQa+Er8Fy36k9TeYIHV/jhHJ?= =?us-ascii?q?yRHwTnu57EXqoi9gXSvM09Djn1JXVrm2AEdfRC+pNlF4sTyRJgrotdz3uasv4E?= =?us-ascii?q?EwLGPkqMqHlHG9N7NPA83/ONucLDE1pFMWlpI+XMCg1JsAGdWjPNce7m1xYuHZ?= =?us-ascii?q?62OxnC9Lu71HiJbG4sGJ5vXXGmGtgLabq7WWyjFX0Ho4vVAj6tC4LP7O+tmKTu?= =?us-ascii?q?+02GYWUihwpRHOXwOvqrzctVAbI1aH0EDRmIwFJttZx2U31ln65Og/R9I+7B1e?= =?us-ascii?q?GZzcZ/wepTDyNjz0wUycY94uTSmRzT9XHlPzEVllF6kxw3rws9jVlXjM+10pSI?= =?us-ascii?q?5wd1bkhRBtDIU3N1gt6F4JzSoHCwQNbgqbDL6wD0T/MYQETVQDaQiA3LWidac4?= =?us-ascii?q?x1dzza2z5O/TduF8A6sNNupDgQ6OhldbB4kWvbcYQL1iZ19X7LTXqRT6C4j7Q/?= =?us-ascii?q?jmkmI9NfKrTcBc7cAZsHwi7gGkRxW+7ZdD7rAbiI2Hd6NfZZjDotp87kd96jIV?= =?us-ascii?q?cCxCngR/hQujUe8AvODj/sTbsJ2w5+myVqYiXfkY+gMoCGR5i5vwhFEjrs/N1+?= =?us-ascii?q?dAVILalYT//BpKI36Qt4bQywN8JvYWK4K3YLZg8G0KJy0ZJ3IIIdqWZOcz7jRo?= =?us-ascii?q?MDXS/VNCBN0DZc8WPcrKgwBUiVbpVKtV9sXFBl+SE51zeNww72rr1DA19oMxUu?= =?us-ascii?q?n85z+tPpDT9kxDMfxFgiVtktLCuecUzOHdCCgS+3aZbQZ6zjmFy5mXBPb65f+M?= =?us-ascii?q?x83MV1MaAi42VJ9QJDiF+QynQOq5jonmUgOQ6s/unZ0/dUOQRnqqnKQGs6ZBCv?= =?us-ascii?q?BAiiTl3jdEEoD6mvOVv8Cq6GRJql1NCJxz4gHdGKVDIpV7Pgz1lsi1RkdmACvy?= =?us-ascii?q?Y8XUdgczt+qXwecM+P9yN0zkZY8UOhgE0a716WJJTgtyT777plSZUvwfZNtoTP?= =?us-ascii?q?PJtX5U5phmK6ARIFiRvprqoSlUqFouGg8mdKcwriBGdknJhABVVKL0uLkOiwQC?= =?us-ascii?q?Vd55vVRBGXm3OGI45jrISb5ZjK+PB/wJ6j+TVLABU110MiNiRBO4wIlue7qsnf?= =?us-ascii?q?1crmNGnz9yoPs03DxiXhe8vzPjp74V0zI65L64rCkBuWBCTuiGlifICFZDzPcN?= =?us-ascii?q?jaoHCXbt81+8YH4FbITs5rlrP8Lg+pc9434nexUsYzUGXfi8CyH3l66HGZKAsN?= =?us-ascii?q?RAhBOWo8XOabizLTQONrQj1x3sWmJx0g/EnBZn6GELWCmv7Mc4JIWhPsYo3jKo?= =?us-ascii?q?GW/fdFkW+KNIvszxtVoFTOYtbFNhx2Jj0tOZSSIRXszPHH01jhMlaWVCf5JP8x?= =?us-ascii?q?gaF7MngjyQpKlJ4hkUYCvIEoSi4oTQk9nH2X08Tddy2G3bvayEhpIv0H1ghdx0?= =?us-ascii?q?9CqOt2oIe+zfSc9sDWD51p1Dxuzme/WtrucHRZNoybS5Sv8CM9Ws9nWt1ZVvW0?= =?us-ascii?q?+l2q4eEESjPO8E3LfbXD+vSXeEVuSTb2iMgzE5P1b15RmsMFI6c99Kr0snPevZ?= =?us-ascii?q?mp5clhHuUa9uRiqOu1DX1mojPv0GdwguooeoZxQKTPINZ+ibPeUuxPw+CF0Rb3?= =?us-ascii?q?7GBCd2D+62sUWxnIhgIHhg4F/1YeLq8gz8N9uSABYEG5bArpFt4fy6Wn6BOXh4?= =?us-ascii?q?wR13JkZ76+ffF1U3tu9baJuRg9nQh9Jl3u4BdvdtNzA9u9EJloJk84mU39+AcQ?= =?us-ascii?q?vNwZbqOdHVvv+YDuXdz0sweWFaVaEWbBjo54U8It45W7rTHaZWvRQcGag2Wpoh?= =?us-ascii?q?OHnt9KtsNgN8bhbRZKiogsntvu+LZJ5Up3jM7lIqLSfcoAYOyvquQgx+cZ+qhm?= =?us-ascii?q?/+IJcqRjJOt9dtEAdpHJNTG8McqAqqG4WUmK++i9Ct+k53uPQHsbTuBfDQ1dS4?= =?us-ascii?q?3oJxX55A6UyNIjnRGPojvkMwlem2g/HdwrHtGMjifpUCT+E9TWnbOZHcGYDqFD?= =?us-ascii?q?OScuf7eVxH6PbIzrd+UAeQfwjjUqaGvTHiP/JhtxZogrdkdfbemWR+p4rQ38H/?= =?us-ascii?q?MiQC/io=3D?= X-IPAS-Result: =?us-ascii?q?A2BJAgCSgJZa/wHyM5BdHAEBAQQBAQoBAYMjKgNmcCiNdnS?= =?us-ascii?q?MfYMYlCqCEQ4YC4dhVBgBAgEBAQEBAQIBaiiCOCSCSAMDAQIkVQMJAQFICAMBU?= =?us-ascii?q?xkFg0CBVwMNrDk6hHKEAoIiASAFhSOCJ4FXgWaFCIFTBBmHRQEEiBySNAmGUIo?= =?us-ascii?q?UDYkBhXSJeodWgS4eOIFRTSMVgn2CQxyBfHYBjQYBAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 28 Feb 2018 10:16:19 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1SAGIR6021126; Wed, 28 Feb 2018 05:16:19 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w1SAFV9I013040 for ; Wed, 28 Feb 2018 05:15:31 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1SAFYKF020868 for ; Wed, 28 Feb 2018 05:15:35 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1BxAABHgJZaly0YGNZdHAECBAELAYMkK?= =?us-ascii?q?mlwKI12dIx9gxiUKoIVCiOFDQKCUlQYAQIBAQEBAQECEwEBAQEBBhgGhXsDAyd?= =?us-ascii?q?iUVcZg0WBVwMNrDk6hHKEAoIWDCEFhSOCJ4FXgWaFCIFTBBmHRQWIHJI0CYZQi?= =?us-ascii?q?hQNiQGFdIl6h1aBLh6CCU0jFYJ9gkMQDBaBZnYBjQYBAQE?= X-IPAS-Result: =?us-ascii?q?A1BxAABHgJZaly0YGNZdHAECBAELAYMkKmlwKI12dIx9gxi?= =?us-ascii?q?UKoIVCiOFDQKCUlQYAQIBAQEBAQECEwEBAQEBBhgGhXsDAydiUVcZg0WBVwMNr?= =?us-ascii?q?Dk6hHKEAoIWDCEFhSOCJ4FXgWaFCIFTBBmHRQWIHJI0CYZQihQNiQGFdIl6h1a?= =?us-ascii?q?BLh6CCU0jFYJ9gkMQDBaBZnYBjQYBAQE?= X-IronPort-AV: E=Sophos;i="5.47,405,1515474000"; d="scan'208";a="211994" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 28 Feb 2018 05:15:35 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3Aup8NNhWyKCPpJ/Zfckmd4EcdypXV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYYxCPt8tkgFKBZ4jH8fUM07OQ7/i7HzJdqs7R+Fk5M7V0Hycfjs?= =?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6?= =?us-ascii?q?KfroEYDOkcu3y/qy+5rOaAlUmTaxe7x/IAm4oAnLt8QbgYRuJroyxxDUvnZGZu?= =?us-ascii?q?NayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnD?= =?us-ascii?q?VhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0ji?= =?us-ascii?q?oMKjg0+3zVhMNtlqJWuA+vqRxhzYDaY4+aNvR+c7jBcd8GX2dNQtpdWzBdDo66?= =?us-ascii?q?coABD/ABPeFdr4TlqFQOrAe+DhSrCuPoyD9Jh3723bYn2OkmDwHG2QsgH9APsX?= =?us-ascii?q?TVt9X4L70SXv6ow6nI1zrDc+la1iv66IjNax0sp+yHU7x3ccrU00YvFgXFg02K?= =?us-ascii?q?qYP7IjyV1v4Cs3SB4+V8UuKvjmgqoBxyrDi33soglJTFi40Pxlza+ih12pg5KN?= =?us-ascii?q?KiREN0YdOoCJpduiCAO4drQc4vQXtktDg0x7AIo5K2fiYHxZI6zBDFcfOHaZKH?= =?us-ascii?q?4hf7WeaRPzh4gHVldaqxiBus6EauzOPxW9eu3ltWsiZIkMPAuW4T2BzW8ciHRe?= =?us-ascii?q?Fx/kK71jaO0wDf8OREIUEwlabDKp4hxKA/loYLvEjdAyP7l1/6gLGZe0k+5OSl?= =?us-ascii?q?5P7rb7rmq5OEMo97kAD+MqAgmsylBuQ4NxADX3ae+eS71r3i/Ez5QK5Rg/0sjK?= =?us-ascii?q?bWrZDaKt4HpqKjHwBV1YMj5w6lDzi6yNQYgWUHLFVddRKckYfpP1DOIPblDfaw?= =?us-ascii?q?mFmsjDdqyOzGPr3mGJnNKGPDn637cbZy7E5c1ll78dcK/J9QC7ccMNrvS0Txs5?= =?us-ascii?q?reFRZ/PAuqkMj9D9Ao6IICEUeIAL2YK+uGr1qP5PAuOMGWaYMVsSq7IP8gsa29?= =?us-ascii?q?xUQlkEMQKPH6laAcb2q1S6xr?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ByAACSgJZaly0YGNZdHAECBAELAYMkK?= =?us-ascii?q?mlwKI12dIx9gxiUKoIVCiOFDQKCUlQYAQIBAQEBAQECARIBAQEBAQYYBleCOCK?= =?us-ascii?q?CSgMDJ2JRVxmDRYFXAw2sOTqEcoQCghYMASAFhSOCJ4FXgWaFCIFTBBmHRQWIH?= =?us-ascii?q?JI0CYZQihQNiQGFdIl6h1aBLh6CCU0jFYJ9gkMQDBaBZnYBjQYBAQE?= X-IPAS-Result: =?us-ascii?q?A0ByAACSgJZaly0YGNZdHAECBAELAYMkKmlwKI12dIx9gxi?= =?us-ascii?q?UKoIVCiOFDQKCUlQYAQIBAQEBAQECARIBAQEBAQYYBleCOCKCSgMDJ2JRVxmDR?= =?us-ascii?q?YFXAw2sOTqEcoQCghYMASAFhSOCJ4FXgWaFCIFTBBmHRQWIHJI0CYZQihQNiQG?= =?us-ascii?q?FdIl6h1aBLh6CCU0jFYJ9gkMQDBaBZnYBjQYBAQE?= X-IronPort-AV: E=Sophos;i="5.47,405,1515456000"; d="scan'208";a="9169910" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from ucol3cpa07.eemsg.mail.mil ([214.24.24.45]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 28 Feb 2018 10:15:34 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;102c8bea-3153-4b5f-bfef-f3cf265412ab Authentication-Results: UCOL3CPA11.eemsg.mail.mil; dkim=none (message not signed) header.i=none X-EEMSG-check-008: 15443295|UCOL3CPA11_EEMSG_MP26.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 66.187.233.73 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BEAACmfpZah0npu0JdHAECBAELAYMkgRNwKI12dJAVlCqCFQojhQ0CgyYYAQIBAQEBAQECEwEBAQoLCQgoL4UkAwMnYlFXGYNFgVcQrDc6hHKEAoIWDAEgBYUjg36BZoUIgVMEGYdFBYgckjQJhlCKFA2JAYV0iXqHVoEuHoIJTSMVgn2CQxAMgXw/NwGNBgEBAQ X-IPAS-Result: A0BEAACmfpZah0npu0JdHAECBAELAYMkgRNwKI12dJAVlCqCFQojhQ0CgyYYAQIBAQEBAQECEwEBAQoLCQgoL4UkAwMnYlFXGYNFgVcQrDc6hHKEAoIWDAEgBYUjg36BZoUIgVMEGYdFBYgckjQJhlCKFA2JAYV0iXqHVoEuHoIJTSMVgn2CQxAMgXw/NwGNBgEBAQ Received: from mx3-rdu2.redhat.com (HELO mx1.redhat.com) ([66.187.233.73]) by UCOL3CPA11.eemsg.mail.mil with ESMTP; 28 Feb 2018 10:15:33 +0000 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 72F27FE3BA for ; Wed, 28 Feb 2018 10:15:33 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.43.12.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 17FBF10B0F45 for ; Wed, 28 Feb 2018 10:15:32 +0000 (UTC) X-EEMSG-check-009: 444-444 From: Vit Mojzis To: selinux@tycho.nsa.gov Date: Wed, 28 Feb 2018 11:15:10 +0100 Message-Id: <20180228101510.21023-3-vmojzis@redhat.com> In-Reply-To: <20180228101510.21023-1-vmojzis@redhat.com> References: <1498485334.13301.9.camel@tycho.nsa.gov> <20180228101510.21023-1-vmojzis@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 28 Feb 2018 10:15:33 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 28 Feb 2018 10:15:33 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'vmojzis@redhat.com' RCPT:'' Subject: [PATCH 3/3] libsemanage: replace access() checks to make setuid programs work X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP access() uses real UID instead of effective UID which causes false negative checks in setuid programs. Replace access(,F_OK) (i.e. tests for file existence) by stat(). And access(,R_OK) by fopen(,"r") Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431 Signed-off-by: Vit Mojzis --- libsemanage/src/direct_api.c | 132 +++++++++++++++++++++++++-------------- libsemanage/src/semanage_store.c | 14 ++++- 2 files changed, 98 insertions(+), 48 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index f4d57cf8..d42a51cd 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -140,6 +140,7 @@ int semanage_direct_is_managed(semanage_handle_t * sh) int semanage_direct_connect(semanage_handle_t * sh) { const char *path; + struct stat sb; if (semanage_check_init(sh, sh->conf->store_root_path)) goto err; @@ -302,10 +303,17 @@ int semanage_direct_connect(semanage_handle_t * sh) /* set the disable dontaudit value */ path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT); - if (access(path, F_OK) == 0) + + if (stat(path, &sb) == 0) sepol_set_disable_dontaudit(sh->sepolh, 1); - else + else { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto err; + } + sepol_set_disable_dontaudit(sh->sepolh, 0); + } return STATUS_SUCCESS; @@ -1139,6 +1147,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, int status = 0; int i; char cil_path[PATH_MAX]; + struct stat sb; assert(sh); assert(modinfos); @@ -1155,9 +1164,13 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh, } if (semanage_get_ignore_module_cache(sh) == 0 && - access(cil_path, F_OK) == 0) { + (status = stat(cil_path, &sb)) == 0) { continue; } + if (status != 0 && errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno)); + goto cleanup; //an error in the "stat" call + } status = semanage_compile_module(sh, &modinfos[i]); if (status < 0) { @@ -1188,6 +1201,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) struct cil_db *cildb = NULL; semanage_module_info_t *modinfos = NULL; mode_t mask = umask(0077); + struct stat sb; int do_rebuild, do_write_kernel, do_install; int fcontexts_modified, ports_modified, seusers_modified, @@ -1226,10 +1240,16 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Create or remove the disable_dontaudit flag file. */ path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT); - if (access(path, F_OK) == 0) + if (stat(path, &sb) == 0) do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1); - else + else { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } + do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1); + } if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { FILE *touch; touch = fopen(path, "w"); @@ -1251,10 +1271,17 @@ static int semanage_direct_commit(semanage_handle_t * sh) /* Create or remove the preserve_tunables flag file. */ path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES); - if (access(path, F_OK) == 0) + if (stat(path, &sb) == 0) do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1); - else + else { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } + do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1); + } + if (sepol_get_preserve_tunables(sh->sepolh) == 1) { FILE *touch; touch = fopen(path, "w"); @@ -1291,40 +1318,24 @@ static int semanage_direct_commit(semanage_handle_t * sh) * a rebuild. */ if (!do_rebuild) { - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } - - path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; - } + int files[] = {SEMANAGE_STORE_KERNEL, + SEMANAGE_STORE_FC, + SEMANAGE_STORE_SEUSERS, + SEMANAGE_LINKED, + SEMANAGE_SEUSERS_LINKED, + SEMANAGE_USERS_EXTRA_LINKED}; + + for (i = 0; i < (int) sizeof(files); i++) { + path = semanage_path(SEMANAGE_TMP, files[i]); + if (stat(path, &sb) != 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } - path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); - if (access(path, F_OK) != 0) { - do_rebuild = 1; - goto rebuild; + do_rebuild = 1; + goto rebuild; + } } } @@ -1457,7 +1468,7 @@ rebuild: goto cleanup; path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED); - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { retval = semanage_copy_file(path, semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS), @@ -1466,11 +1477,16 @@ rebuild: goto cleanup; pseusers->dtable->drop_cache(pseusers->dbase); } else { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } + pseusers->dtable->clear(sh, pseusers->dbase); } path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED); - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { retval = semanage_copy_file(path, semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA), @@ -1479,6 +1495,11 @@ rebuild: goto cleanup; pusers_extra->dtable->drop_cache(pusers_extra->dbase); } else { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + goto cleanup; + } + pusers_extra->dtable->clear(sh, pusers_extra->dbase); } } @@ -1809,6 +1830,7 @@ static int semanage_direct_extract(semanage_handle_t * sh, ssize_t _data_len; char *_data; int compressed; + struct stat sb; /* get path of module */ rc = semanage_module_get_path( @@ -1821,8 +1843,8 @@ static int semanage_direct_extract(semanage_handle_t * sh, goto cleanup; } - if (access(module_path, F_OK) != 0) { - ERR(sh, "Module does not exist: %s", module_path); + if (stat(module_path, &sb) != 0) { + ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno)); rc = -1; goto cleanup; } @@ -1851,7 +1873,12 @@ static int semanage_direct_extract(semanage_handle_t * sh, goto cleanup; } - if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && access(input_file, F_OK) != 0) { + if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno)); + goto cleanup; + } + rc = semanage_compile_module(sh, _modinfo); if (rc < 0) { goto cleanup; @@ -1996,6 +2023,12 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh, } if (stat(path, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + status = -1; + goto cleanup; + } + *enabled = 1; } else { @@ -2322,6 +2355,12 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, /* set enabled/disabled status */ if (stat(fn, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno)); + status = -1; + goto cleanup; + } + ret = semanage_module_info_set_enabled(sh, *modinfo, 1); if (ret != 0) { status = -1; @@ -2730,6 +2769,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, int status = 0; int ret = 0; int type; + struct stat sb; char path[PATH_MAX]; mode_t mask = umask(0077); @@ -2830,7 +2870,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh, goto cleanup; } - if (access(path, F_OK) == 0) { + if (stat(path, &sb) == 0) { ret = unlink(path); if (ret != 0) { ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno)); diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 4bd1d651..83c188dc 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -514,6 +514,7 @@ char *semanage_conf_path(void) { char *semanage_conf = NULL; int len; + FILE *fp = NULL; len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE); semanage_conf = calloc(len + 1, sizeof(char)); @@ -522,7 +523,10 @@ char *semanage_conf_path(void) snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(), SEMANAGE_CONF_FILE); - if (access(semanage_conf, R_OK) != 0) { + //the following replaces access(semanage_conf, R_OK) check + if ((fp = fopen(semanage_conf, "r")) != NULL) { + fclose(fp); + } else { snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE); } @@ -1508,8 +1512,14 @@ int semanage_split_fc(semanage_handle_t * sh) static int sefcontext_compile(semanage_handle_t * sh, const char *path) { int r; + struct stat sb; + + if (stat(path, &sb) < 0) { + if (errno != ENOENT) { + ERR(sh, "Unable to access %s: %s\n", path, strerror(errno)); + return -1; + } - if (access(path, F_OK) != 0) { return 0; }