From patchwork Fri Apr 20 14:17:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 10352803 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 21FFD6023A for ; Fri, 20 Apr 2018 14:16:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1194228782 for ; Fri, 20 Apr 2018 14:16:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0388F28789; Fri, 20 Apr 2018 14:16:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CF51028782 for ; Fri, 20 Apr 2018 14:16:56 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.49,301,1520899200"; d="scan'208";a="542827718" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa12.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 20 Apr 2018 14:16:55 +0000 X-IronPort-AV: E=Sophos;i="5.49,301,1520899200"; d="scan'208";a="10948905" IronPort-PHdr: =?us-ascii?q?9a23=3ALQ750RwP9/LuOITXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd1u8QKfad9pjvdHbS+e9qxAeQG9mDsLQc06L/iOPJYSQ4+5GPsXQPItRndi?= =?us-ascii?q?QuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBg?= =?us-ascii?q?vwNRZvJuTyB4Xek9m72/q99pHPbQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0B?= =?us-ascii?q?vJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PG?= =?us-ascii?q?Av5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb5Q6o0WT?= =?us-ascii?q?C/5Kl1ThHmhjoMOzog/G3JlsB8iaRWqw+jqRNi2Y7ZeIGbOuRwcK3eet0UWH?= =?us-ascii?q?JBU8RMWyFPHIy8dJACA/YdMetCs4XwvUcCoQe4CAKxBO3v0DhIhnru0KMnz+?= =?us-ascii?q?QuDxnG3Aw+ENIIrX/asdD1O70WUeCx0qbJzSjIYvRN2Tjg84jFaQwhoPGQUr?= =?us-ascii?q?Jwdsrd008vFxjfgVmKpozlOC2V2/0LvmOG7ORgTfqih3Mopgx+uDSixtoghp?= =?us-ascii?q?PXio8a1FzI7zh1zYAoLtOiUkF7e8SrEJ5IuiGfMIt5X90tTnlzuCY/1r0GoZ?= =?us-ascii?q?m7fDUWyJg/xx7QdfiHc4+Q7xL/TumROzZ4hG9+eL6lmxaz8VSvyu37VsWu1l?= =?us-ascii?q?ZFsjFFncXWunAI1hzT7tCLSvp7/ki/xTaCzx3f5+5LLEwulafXNoQtzqA/m5?= =?us-ascii?q?YNq0jPAzf6mEDsg6+XckUk9PKo6+PiYrj+vZ+TKYt0igD4MqQzlc2zGP83Mg?= =?us-ascii?q?8TX2id5euzyqbj8FblQLRKkvI2kq7ZvIrcJcQAvKG1GQBV0oE96xqnFTepzM?= =?us-ascii?q?wYnWUbLFJCYB+HjY/pO1fUL/DkDfewmVKsnSxpx/DBOL3hB4/CLmPfkLj/Z7?= =?us-ascii?q?Z98FRQyA0pzdBQ/5hUEK0OIOrvWk/ts9zVFh05Mw6uzOn7C9V9zYQeWWSOAq?= =?us-ascii?q?+HK67Sv1uI5v8gIuaXeY8Vvir9K+U/6/7pl385lkcXfbO10psPdHC4AvNmLl?= =?us-ascii?q?2XYHrthtcBFHkFvhAlQezkllKNTDlTZ2yoUKIk/DE7D4CmApnfSYCxmrCB2z?= =?us-ascii?q?27HpJObGBcFl+MCWvod5mDW/oUdS2dPsphkjsCVbi9VoMszg+uuxHgy7pmL+?= =?us-ascii?q?vU/SsYuYjl1Ndr++3ZjQsy+iBsD8SBz2GNSHl5kX4URzAsxqByulByylCG0a?= =?us-ascii?q?dkmfNYDsBT6+lPUggkKZ7W1/Z6BMzqWgLdYteJT06rQ9WnADE2SNI82NoOY0?= =?us-ascii?q?JkF9WjiBDPxSyqDKUPl7yIBZw07LzT02L3J8lj13bMzLMhgEU+QstTKW2mgb?= =?us-ascii?q?Zy+BbLB4HTiUWZlr2qeL8E3CHX7meDzHGOvFlcUAFqTarKQ2oTZkzMrdT2/k?= =?us-ascii?q?nCVaOhCaw7Mgtdzs6PMqVKasfzglVAWPjjOc/ebnm0m2eoBBaE36iMbYTxe2?= =?us-ascii?q?kH2yXdEkcEmRgJ/XmaLQg+Gjuho2XGATxtD13vYETs8fRlpXO4VEA0zAaKb1?= =?us-ascii?q?B727qy4B4ViuSWS+kP0bIcpCchtzJ0EU6n0N3LEdqAphRufL9HbNwn/FhH0H?= =?us-ascii?q?jVtwtnPpyvN6pinEIRcxxrv0Py0BV6Ep9AntU3o34xwwpyLK2Z3ElHdzyGwZ?= =?us-ascii?q?D6IqfXJXXq/BCzd67W3UnT0M2Y+qcV7/Q4sEnjsRqyFkok9HVm3dxV3GGa5p?= =?us-ascii?q?nQCgodT47xWF4t9xdmv7HafjU954TM2HxiK6a0tiPC1MwzBOs+0RugYclQML?= =?us-ascii?q?mfGw/vFs0WHc+uKPYlm1KxdBILIPhS9LIoP8Ohb/aG3q+rPOJknD24lmRK+5?= =?us-ascii?q?py3VyW9yp7UOLI2IwFw/6A1AudSzj8lEuhstzwmY1cezESH3awyTTjBI5LfK?= =?us-ascii?q?F9YYYLCWCoI8243dh+g5/tW3hC+165AFMKwsipeQCdb1blxw1fyVwXoWC7mS?= =?us-ascii?q?u/1zF0lzAprrGD3CDX2OTtah4HOm9NRGl/glbhOpO0j8gbXEiubggmiACl6V?= =?us-ascii?q?z8x6dFuKR1N3PTTltQfyjqM2FiVbO9tqCFY85L7JMnrz9XX/i7YVGUUbP9uA?= =?us-ascii?q?Ya3D/4H2dEwzA7bT6qsI3jnxNmkGKdMGpzrH3BdMFz2xjf4sfcSOVS3jUYQi?= =?us-ascii?q?l4kj/XCUagP9Wz+tWUjZjDuPikV229Tp1TbTXrzYSYuSuj/2JqHBm/kO6rmt?= =?us-ascii?q?L9Fwg6zTH018NxWCXVtxbzfJPr17+gPeJ8eUloGUX85NZkFYFwlYswnp4Q1m?= =?us-ascii?q?YAipWT43UHjX/5Mc9H1qLmcHoNWTkLzsbL4AjjxUJuNWyJx4TkWXWd2MdhYc?= =?us-ascii?q?e1Yn8O0CIn889KELuU7KBDnSZtulq3tx/RYfxmkzgByPsu9H4bj/gHuAU3yC?= =?us-ascii?q?WRGLcSHVNXPSb0jRSH88i+rLlLZGaoabWw2lBxnda9DLGFpwFRQ3j5dYk/Ei?= =?us-ascii?q?939MVwKkrM0Gf06oHmZtbfcc4TugeTkxfagOhfMIgxmeYShSp7JWL9umUoy+?= =?us-ascii?q?shghxq2ZG1opSHK3l3862jGRNYMCP6Z98I+j7xl6lehtiZ05qpHpp/BjUBRI?= =?us-ascii?q?HoQu6wEDIOqfTnMB6DEDMmqniFBLXfBhWQ6EF6r3LICJCmLGuYK2Uczdl4Qx?= =?us-ascii?q?mdPkNfihgOXDomhp45ChyqxMv5fUd//DAe/Eb4qgNXx+JmNhn/SHzfpBumaj?= =?us-ascii?q?c1TpiQNhxW4R1D50jPNcyS9OVzHztX/pe5tgyCNnSbZxhUDWEOQkGEH07sMa?= =?us-ascii?q?Kw6tnG8uiYGu2+IuDPYbqQt+NRSe2ExZW10otp5zyMLNmAPmF+D/0n3UpORW?= =?us-ascii?q?t2FN/elzULSiwXjD7Nb9WBqBen5CJ4stqz8O/1VwLr5IuPDaZSMNp09h+qga?= =?us-ascii?q?aDLfOQhD1jJTdWzJwM2WTIyL8Z3FIIjCFubTatG6watSHRVKLQhrNXDxkDZi?= =?us-ascii?q?xoNctI4KU83g9WNMHGlNz6zb94geQzC1tfUlzhgM6pb9QQI26hLFPHGFqLNL?= =?us-ascii?q?OeKDLRzMH4e728RqNLgeVTrx2/pzCbE0r5MTSCkznmTBevMO5WgCGcJhxet5?= =?us-ascii?q?m3cgxxBmj7UNLmdhq7PcdrjT0xxL04nGnKNWkdMDdidUNCtaeQ7SRGjfV8AG?= =?us-ascii?q?FO8n1lLeyYlCmD9OnYNowasf11DSRoj+ha+mg1y6NJ7CFYQ/x4gCnSrt5uol?= =?us-ascii?q?G+lemPzjtnUAZQpTtQgYKLvFliOb/H+ZVaXnbE5h0N532KCxsWv9tlFsHvu6?= =?us-ascii?q?dIx9jMlKPzLClN/snR/csbCcjUJtyIMGY9MRrpHz7UCRUKQSStNW7Bm0xXiO?= =?us-ascii?q?uS+WGNrpgmtpjsn4IDSrlFW1MvEvMXEUdlHNsZIJdrRDwkl6WbjM0J5Xakqh?= =?us-ascii?q?neWtlatIjdVv2OGfXvNCqZjb5cahsS37z4NpocOZfh20N+all3h5/FG0vKXd?= =?us-ascii?q?9QpS1hYBc0oF9T/3l+VGEz3Vzqah+16n8JCfG0hgI2ihd5Yek16Tjs5FE3Jl?= =?us-ascii?q?zXqyQulEkxmM7ojiqPfz7rK6e8R4ZWCzD7t0IpKJP0Xx51bRGunUxjLDrLWq?= =?us-ascii?q?hej6VhdW92kw/RooFAGeRGTa1Dbh4Q3u+YaOk10VRGqyWn2U9G6fHDCZR8iA?= =?us-ascii?q?sgaYSsoG5Y2wJ/cN41IrTdJK5OzlhKmK2OuC6p1ucqzQ8RIUYN7XmeeCkSuE?= =?us-ascii?q?wHLrMmPTan/vRw6QyenDtOYHMMWOQuovJr8EM9JuuBwjn83L5EL0C+K/aQL7?= =?us-ascii?q?iFu2Tak86HXE8w3FsSl0ZZ5bh2zdsjc02MWkAzzbuREhMJNdbCKQBVdMdd6X?= =?us-ascii?q?nTfCaUvurW2551OZuyFvzwR++UqKkUml6kHBouH4kU9MsBGpis313GIsj/Kb?= =?us-ascii?q?4EyRMt5APtJFqfF/lGYxOLny0Bo82mwp93wJNRJjcDDmVhKS+3/KrYphc2gP?= =?us-ascii?q?qfW9c7emwVUZUCNn8tQsK1hjBZsGpaDDmsyO0Z0giD4yX7piTKAzn2d8Bja+?= =?us-ascii?q?uMZRNwFNG2/i0y86eriV7W9pXeI3/1NdF5t9DS9+wVvJeHBOlSTbVntEfcgY?= =?us-ascii?q?ZYTWSwU2HTCd61O4Twa440YNzuDHa6U0CwizIyT8f1J9ajNrGGjxzyS4tIt4?= =?us-ascii?q?eWxywsNci4Fj4CARhwvP0D6Lh6ZQIdf5oxeQTouBgmN6yjPAeY1c2jQ3y3Jj?= =?us-ascii?q?tMSPlQ1v63Z6BNzyU2cO+11n8gTpA8z+m49U4NRZ4KjhHCxfatfYZeSy3zFm?= =?us-ascii?q?ZbewrRuSozj3JhOfoqwucj3BPItkERMj6ReON1aGxEvtQ8BVKILnV1EWc4Rk?= =?us-ascii?q?GTgpTd7QK22LAS5SRdlc5O0eJZqHj+ooPfYDW0Vayus5rVqSkgYsY6o61wN4?= =?us-ascii?q?zjLdCLtZ3EkTzZUJbQtgqFUDOnGPpBgNRQJjxXQOVQk2E/JcMGoZZB6VY2Vs?= =?us-ascii?q?omPbNPErQsprawZTpnFiMSzC4ZV4Kc3DMZmOu83aXVlguIepQ4LBMEqIlCgs?= =?us-ascii?q?caUyNuYyMeorOjWJvSl2CaT2gEPhsT7R5M5Q8bkY9wZv7q4IzNTJBWyj5Wp+?= =?us-ascii?q?l7UizEF5Vy8Fv7UG6Wi0DiSPq9i+ypwR5SzPX039kHXx5/DFNQx/pKmkstM7?= =?us-ascii?q?57Ma8QsZDWsjWQb0P1oHrtyPe6JFlW0cDUd0f3DJDfumr4TyIR4mAbSpFXyH?= =?us-ascii?q?HHC5sSlxR2aLwxqFVLOoCmdV705yY4yIRxA7m4Sceryk4nrXYBWSinCMdOBP?= =?us-ascii?q?99sF3JQj1lf46kp4j/N5VUXGBQ5IWXq01Fn0V1Ly651Z1cJtlR4jERQTdPoC?= =?us-ascii?q?+SvN+pRcJf3s92CoMDLc1ku3fhAq9EPoaeo2EusLz11nDZ4yw8sEu9xDirAK?= =?us-ascii?q?C4Qf5W83EcFwk0KWmTsVUgD+wp8mjO6F/NqUx08/1dBreRkUV7uCx9EYxWBj?= =?us-ascii?q?ZVyXClKEx+TGNYvOpHKKTaadBcTuI2ZR+oJRwxC+Aq0FCO/U5pg3j1eSpyuR?= =?us-ascii?q?VG+yrFRQk7STEVgqvxmT0ZssynISQaS45SYjo8cyfIMBmbmSdKvBZFd05lRZ?= =?us-ascii?q?YZAspf+74B2YtY5M3CSVyjKSsdRhxtKho40eZDlU5EqEiYZTrdAhS2evnSqR?= =?us-ascii?q?B3YMORrNKzLPvj4gdHi4TnsOQm+KUfXXGmnhetQd/GpY/mqtKKrleOdLv/M+?= =?us-ascii?q?CkY3/OViLMjRerhbcgFZbK4TPeMA9GK5l+1XokYITuCW/RMhRAPKIXPU1bVb?= =?us-ascii?q?p1ad9euOBVe9dkeLoV+a9qHh+HRAngGIqhrPlcKVbcWCrRIj6d8uOlp4LT9r?= =?us-ascii?q?vdRfLmZsOS23bNW7h3MYti6TnnB7fq1pdT+kzy2vp290N6T13GPzqArNTnKA?= =?us-ascii?q?ML/tOtdlD+vp0zADPZHItwkGf3xk5ebcYXRDeq8JsAwpND9HnwUf540lT0sO?= =?us-ascii?q?BK8blk6JU447dtyciuPqfeM/VasUhgAhiPHQVn7ZAtDWdwRmxLZe8RMvjRd7?= =?us-ascii?q?wDjc/ys+D3C7AX6BqN9uNFc9THI1/OmtKjCjCcThxJhxwBpiIbLgSC0f6Fh6?= =?us-ascii?q?50Rty/qej/xE0t/0C0LgQaw7B1+YeE5q2IqffTbxvKyLgJWrPnRs3tobsxvE?= =?us-ascii?q?OS/+crlKYUemxyYQ2oDvQSVtIHymfn16AqwjomE9nfELL45P5DS3U5kyrim5?= =?us-ascii?q?B8GlUbAfYUEqSL/ItAhGc4murZNtIMfqBEhGmPCQauEqUexn6z9yuXPG5ljw?= =?us-ascii?q?nP0xDxW2y89kP5oDRjQSTS09fsjFZaWqOwBUdIUCqjIVV4vy+XPAr0qNr3vr?= =?us-ascii?q?w441o3Mmz/utOCjmmhOLJLH83nPtOcPC00qUkLg502W9Ogx5oUGcenINcW6n?= =?us-ascii?q?FxdOHS62Sxky9Ou61HnZbR4tmJ+vXLGnmtl7WapK+RxD9Eyng5s1Y/6sqjNv?= =?us-ascii?q?3X/N2FXfCo12cXTyditArMRAa1pabHr18IOUyK3kDLmJYJPt1D3nk3yFvm5O?= =?us-ascii?q?49T9I37gleEZzAZ/warzDpJDT02UqfY84wViSG3DtYBEj1HkdkGKg8w2/wuM?= =?us-ascii?q?PJlWvO9F0oXIZwalfniQZxD4omNUIn8EIXzTYbEQgRdRCbC6mlBUv7IosCSU?= =?us-ascii?q?gDbhOH0L+heqgp2U1zw7Wv5PLcbOFnA6oCKOxdjw6Uk1RBHJIZr7EeSqpme1?= =?us-ascii?q?BB7K7XuhTiC4//Uvf6l3o/L+G6T9tG/sAes3si5ge/SAS66Zdf8bkUlJCIer?= =?us-ascii?q?RDYZjWs8B2911n6iIXdixRnBh/iAu0UeUbpODl/tjbv4Sn5/2rVKYsXeoX8Q?= =?us-ascii?q?Y7B3hwjpv3mlAjosrX2/1aSoLLlYT16BpNLGKSuIbGzxl8LvIDK423c7Z77H?= =?us-ascii?q?ULPjUQKX0IM9qXbfk8/iBsPS7c51xHGMwMY80XMNDKmQBOhU3jQKtT+dbDGl?= =?us-ascii?q?+EF4dzcNgl72jwyDA195swSPrv6D+yJZDC8l5MPvJDjCN3lNLBpegY2uTSCC?= =?us-ascii?q?kJ4XaDbxh63yKCx4OLC/nu4eWG0MvUWE8eHi4qT4ddIyKP+Q25RuWvkpXkSQ?= =?us-ascii?q?eU6tLuj5I/c0KQXWa9nKMfsqZDCeRAkDn03iBCFoDpgPKYq9is53VZtl1JFI?= =?us-ascii?q?Z+9hPEF79ZPpplJRT0jM+rSVZgBiHnYsHbagIuuPaKxucL++h+OE/+ZYgVIx?= =?us-ascii?q?0az7L67WFYThBpSL7wv1aWQfgdZN14R/PYtnpV855vK7cTPFiBo5zntjJIqF?= =?us-ascii?q?E1AA8qb789tT5aeVPNnA1SXab7prgAhhEaUdFnpU9GAXiwN34m5zrbSaRVi7?= =?us-ascii?q?GcB+cL/TWVUqwDSF5oMid5QxOpxJVuZaWmku1dvmNBhCN9r+Ag0yZ6SxukpS?= =?us-ascii?q?3su6UN1Co4+LG/sDUOo2ZFT+uZkyfMB1VO1/EKjaAbC3b591OzfGMDbIzp4L?= =?us-ascii?q?l8JMTg84Yh7244YRU5cC0MRf6gBD3oj6OUHoyPt8pRhBCTt8XKbL+zNTYdO6?= =?us-ascii?q?88yBLiQnh91xbRnAxs8GQVWDmg68UkJIqlM8Y/2iWoAXTbdEoL4q5RvsrxrU?= =?us-ascii?q?QLTOoqZlx/22hj18mHRjEXRMPRAWo1iRIkaWpcepJZ9RAaD7UogiqPvqRe+Q?= =?us-ascii?q?EUZCnbH5+9+onUh8jIwmU9TdZ2yWLKvK2KmI0l3Gdjm9xq8i6EoG4SePDAU8?= =?us-ascii?q?9wHnjz0Z9Syej/Z/Wrr+AGR5JqyLCgUP8ZLsmj4nC72JRwVU+jwbQSBV25MP?= =?us-ascii?q?UMxr3DSSeqVXWYWfiXc2iLhzs5N1T96gWoLl02bsdKqFQwMvXDhp5aiQLhVb?= =?us-ascii?q?J0RiONpV7U1mAjNvkadw0usoe9ZwMKVPIRZ/SbJeU2wv0xElgMb3jSEiZtFu?= =?us-ascii?q?+2t0KtnIh8O3V97kX6Yfjt/hrgMNSMBhkOCZTaoYJp+fymWmKBPmdtzB93PE?= =?us-ascii?q?lz7effDVUxtvRHfpaXh9fQgsp00e8fe/dqKy09tcYZmph/5omMzMeKbRbRw4?= =?us-ascii?q?7pJdHbp/iXH/zSwkcxd2FETLUZewL15oQ9Pt4/QbHTG6VWvQhPTZQ9FYcsM2?= =?us-ascii?q?b36bFcMBJ4cgmXYq+9xMbtuLGlfJxR8kTK40owISGUgBgKzvi5XEQvdJyxr2?= =?us-ascii?q?njK5A3ADRapptiDQUwT9gHIN8JswfyW83co6q8kdLkvhkitg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2DdAwBc9dla/wHyM5Bcg0grgVsVE4xKjBiDA5J4gXEqh?= =?us-ascii?q?xghNBgBAgEBAQEBAQIBayiCNSSCUQIkUgMDCQJICAMBbAWCV1qBSg2oSzOEW?= =?us-ascii?q?INngimIBoITjkEgApdxCI40C4xNASuRIxw4gVIrCAIYCCEPgn6CIBeOM1ONI?= =?us-ascii?q?yuCGQEB?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 20 Apr 2018 14:16:54 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w3KEGbx8028546; Fri, 20 Apr 2018 10:16:47 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w3KEGVDR001688 for ; Fri, 20 Apr 2018 10:16:31 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w3KEGZ0V028544; Fri, 20 Apr 2018 10:16:35 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Date: Fri, 20 Apr 2018 10:17:54 -0400 Message-Id: <20180420141754.30272-1-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.14.3 Subject: [PATCH] Revert "libselinux: verify file_contexts when using restorecon" X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP This reverts commit 814631d3aebaa041073a42c677c1ed62ce7830d5. As reported by Petr Lautrbach, this commit changed the behavior of selabel_open() when SELABEL_OPT_VALIDATE is 0, and this would be an API change. Reported-by: Petr Lautrbach Signed-off-by: Stephen Smalley --- libselinux/src/label.c | 7 ++++--- libselinux/src/label_backends_android.c | 2 +- libselinux/src/label_file.c | 2 +- libselinux/src/label_file.h | 2 +- libselinux/src/label_internal.h | 6 ++++-- libselinux/src/matchpathcon.c | 5 +++-- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 591815a7..8d586bda 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -121,11 +121,12 @@ static inline int selabel_is_validate_set(const struct selinux_opt *opts, return 0; } -int selabel_validate(struct selabel_lookup_rec *contexts) +int selabel_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts) { int rc = 0; - if (contexts->validated) + if (!rec->validating || contexts->validated) goto out; rc = selinux_validate(&contexts->ctx_raw); @@ -142,7 +143,7 @@ static int selabel_fini(struct selabel_handle *rec, struct selabel_lookup_rec *lr, int translating) { - if (compat_validate(lr, rec->spec_file, lr->lineno)) + if (compat_validate(rec, lr, rec->spec_file, lr->lineno)) return -1; if (translating && !lr->ctx_trans && diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index 49e39ec8..cb8aae26 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -122,7 +122,7 @@ static int process_line(struct selabel_handle *rec, spec_arr[nspec].lr.ctx_raw = context; if (rec->validating) { - if (selabel_validate(&spec_arr[nspec].lr) < 0) { + if (selabel_validate(rec, &spec_arr[nspec].lr) < 0) { selinux_log(SELINUX_ERROR, "%s: line %u has invalid context %s\n", path, lineno, spec_arr[nspec].lr.ctx_raw); diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 169fed70..560d8c3d 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -328,7 +328,7 @@ end_arch_check: spec->lr.ctx_raw = str_buf; if (strcmp(spec->lr.ctx_raw, "<>") && rec->validating) { - if (selabel_validate(&spec->lr) < 0) { + if (selabel_validate(rec, &spec->lr) < 0) { selinux_log(SELINUX_ERROR, "%s: context %s is invalid\n", path, spec->lr.ctx_raw); diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h index 1ab139e9..2fa85474 100644 --- a/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h @@ -509,7 +509,7 @@ static inline int process_line(struct selabel_handle *rec, spec_hasMetaChars(&spec_arr[nspec]); if (strcmp(context, "<>") && rec->validating) - return compat_validate(&spec_arr[nspec].lr, path, lineno); + return compat_validate(rec, &spec_arr[nspec].lr, path, lineno); return 0; } diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index b0d05882..0e020557 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -112,7 +112,8 @@ struct selabel_handle { * Validation function */ extern int -selabel_validate(struct selabel_lookup_rec *contexts) hidden; +selabel_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts) hidden; /* * Compatibility support @@ -127,7 +128,8 @@ extern void __attribute__ ((format(printf, 1, 2))) selinux_log(type, fmt); extern int -compat_validate(struct selabel_lookup_rec *contexts, +compat_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts, const char *path, unsigned lineno) hidden; /* diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c index c66739af..58b4144a 100644 --- a/libselinux/src/matchpathcon.c +++ b/libselinux/src/matchpathcon.c @@ -35,7 +35,8 @@ void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) myprintf_compat = 1; } -int compat_validate(struct selabel_lookup_rec *contexts, +int compat_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts, const char *path, unsigned lineno) { int rc; @@ -46,7 +47,7 @@ int compat_validate(struct selabel_lookup_rec *contexts, else if (mycanoncon) rc = mycanoncon(path, lineno, ctx); else { - rc = selabel_validate(contexts); + rc = selabel_validate(rec, contexts); if (rc < 0) { if (lineno) { COMPAT_LOG(SELINUX_WARNING,