Message ID | 20180824224117.3356-3-casey.schaufler@intel.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C9FAF13B8 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:10:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B885329A84 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:10:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B6C1D29AEB; Mon, 27 Aug 2018 13:10:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UPBD19PA09.eemsg.mail.mil (upbd19pa09.eemsg.mail.mil [214.24.27.84]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D5B729AA7 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:10:31 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UPBD19PA09.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 27 Aug 2018 13:10:29 +0000 X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="17471419" IronPort-PHdr: 9a23:NID+mBV/iop5dIPIXXeTThfxo63V8LGtZVwlr6E/grcLSJyIuqrYYRKEu6dThVPEFb/W9+hDw7KP9fy4BipYud6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLhi6txndutULioZ+N6g9zQfErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxkRgXoiCMaPDAn9m/ZhNF7gKZCrB68uxBzxojZa5yXOvVjZKPQZdMUS3RPUMhSUCJOAI28YZYXD+cDIOpVoYbyqEcBoxSgHgmhH//vxz1Si3Pqx6A2z/otHAfb1wIgBdIOt3HUoc3rOagISuC60qnJxijeYfxK2Tfy8pXIch4lof6SR7J7bM3cxlU1GAPekFqRqZbpPyiJ2eQNqWeb8uRgVeaxhG49sAxxoz6vxtsyhYnNnI4a1lfE9SBgzYszONa2S1Z7bMa5HJZfuCyWLYt7Tt44T212tys21KcKtYOjcCQXzJkqxATTZ+GFfoWI+B7uUOKcLS16iX9jZbmxnQy98VK6xe35TsS01VFKoTdbndTUrXAN0gDT6tCASvtg4ketwTaP2B7X6uFDOU00ibDUK4Qgwr4tjZofq0XDHin4mEXxl6+ZaFkr9vK06+XnfrrmppicO5Vyig7iKaQhhtazAeE5MggKR2Sb+OK826P//UDhXblHgfI7nrPZvZzHP8gXuKG0DxFP3oo+8xq/Ci2p0NUcnXkJNlJFfxeHgpDyO17QJPD4DPG/g0mjkTty3P/GOaDhApPRIXfdi7fsZqp96k5AxwozytBT/ZRUCqobL/7pVU/xs8LYAgcjMwOo2+bnFMl91oQGVGKNBa+ZNrndsUOI5u01JemBf40VuDH7K/gg/fHulmM5lkEHfamyx5cXb2q4Hvt+KUWDfXXsmssBEXsNvgcmTuzqikeNXiJQZ3apWKI84DA7CJy9AIfNQoCtnbOA0zymHp1QemBGF0qAEXDyd4WLQ/0Mcj6dItd9kjwYUrisU5ch2g+1uwDkzbpnL/bU+ioDuJLiytd6+fPcmQs19TxuAMSXy3uNQH1snmMUWz8227hyrlF6yleF16h3nuJXFdhS5/5SSAg1K4Tcz+tgB9D1QALBcc+DSEy6TdW+HTExUtUxzscTbEZhAdqilAvO0DatA78Qi7OEHoc08r7G03j3Ocl9127M1LM9gFk+XstPKWqmi7Z+9wjVG47GjUGZmLivdasCwC7N7meCwHGJvEFATgFwV6DFUmoeZkvSttv54UzDQ6WpCbQ9PQtL0dSCJbdSat31kVVGQ+/uN8rGY22rgWewBA2Iy6iUbIXwYWUd3T7dCFAAkw8J4XmJKxIyBiC7o2LRFDZuD07gY1vw8elir3O2VkE1zwCOb01kybW14AUYhfKCRPwO2bIEoj0uqy1uHFa63dLZFcaPpxZ7cKVbe9M9709N1XjFuAxlIpygM6dii0YQcwRtpUzu0Ql4CoRbkcUxqXMq1AtyJbuD0FJPbDOUx5fwOqfYKmPq5hCgd7bW2k3C0NaR4qoP6+43q1bkvAG0DUci8G9o09pS03uB/JnKCxASUZ3pWEYt6xd6v63aYjU6547Mz3JjLLO0sj7c1NIzH+Yq0Aqvf9JFPKODDg/yHNUQB9KyJ+wyh1ipchUEMfhO+6EuO8OpaeCG2LKrPeZnhz+mlnhI4IFj3UKK6yp8S/TH04wDw/6GwguNTy38g0u5ssDrhYBEYikfHnCixif5H4NRaahyfIkRBWeoPcK32s10h4TxVH5A6F6jG1QG1deyeRqcdVz92hZQ1VgMrHy8nyu4yDJ1kzQzoaqZxiDOxfrtdAYfMG5RWGZilUvsIZSzj90CUkmndQwplAe76kbg3KhWv7p/IHfJQUhTYij2KntuUqyqtrqNe8RP8o8nsT1LUOSgZlCXUrj9oxoe0yPnAWRe3ys2eCu0tZXjmBx2kmWdLGx8rHDBY8F/2Q/f5MDARf5WxjcGWih4hiXLBli7Jdml58mbl5fEsuC4WGKsTZlTcSjtzYyariu74ndmARqln/C8gtfnCxQ10Tfn19l2UiXFtBL8Yojw16SmKO5nZVdnBFv968p8B4F/nZA9hIoI2XgbgJWV/GYIkXzpPdVdx63+cGIHRSQXzN7N/AjlxEpjI2qTx4L+UnWdxtVuZ8OmbWMR1CMw9NtKCLqI47xfhyd1pUC4rQ3Ja/hngjgd0ecu6GIdg+wRuwoi0COdAqsJEElbIyPskQ+I79ago6VLfmqvdqKw1EVml9C7EL6Cuh1cWGr+epo6BS9/9Nh/MFbS333r8I7kfsXQYswJthCPjhfAlPZaKIgqlvYQnipnPn/9vWc5xOElgxxu2ou6vIeZJGl3+qK2HAJYPCXvZ8wP4jHtkbpensGO0oCxGJVuBy4GXIXuTf21EDIer/LnOBiSEDcksHeUBaLfHROD6Edht3/PC4qkN2yTJHQC0dpiRQWdJUxGjAAaRjo6mIQ1FgewxMzuaE15/Cwe5kbkqhtQzeJlLxr/U2fbpAi2cTo0TZ+fLBRY7g5c+0fVLcye7uV2Hy5G5JGhqhKCKnCDbQRSEW4JQlCEB0zkPrS269nP6e6YBva5L/vLeriOp/JRWOqPxZK1yIRm5yyMNsKNPnZ8E/I7xlBPXXdjG8TWgz8PUTAYlzrRb86Hoxex4iN3rtqh//v2QwLg/42PC6dVMdV04B25m7uMN+uKiCZ+MzZY2YsGxWXUx7gHwF4SlyZueiG2HrsbsiLNSKPQmrRLDx4AcS9zL9VH4L4m0glWJ8HbjtL11rhljv86EFpKSVzgmtu0ZcwROW28OknIBFqQNLSBIz3H2cb3YbmzSbdIluVbqwWwuSqHE0/kJjmMjDjpVx+oMeFKlyyUIQJRt5q8chl3D2jvVtXmage0MNVvlz053aU0hm/WNW4bKTVzaUxNoaeO7SxGmfh/HHRB4WRjLemBgSmZ7u3YJY0RsfpkGCh0kPha4HsiwbtP8C5EXOB1mDfVrtN2v1GmleyPxiB9UBpJqzdEmoSLsl54OaXe6JZAWm3J8w4K7WWVFxsFvcBlCsH1t6BW1NfPiLr5KC1e/NLM4cscG8/UJdqFMHohMRvpADnUDA8ETT63K27SnEldkPCO9n2PsJc2sJ/smIABSrVDTlw6CusaClh5HNwFOJp3WC0rnqSfjMMT5nq+qwLRRNlAsZDBTfKSAvTvJCyfjbZaexsC2an4IpgLNo3nx0xibUF3nJ7UFErLQ99CuDdhYRM0oEhW63d+T3cz1F/iagOj+H8TD+C7nx4shgt4f+st6C/m400rKVrSuCswjE4xlM34jj+Lbj7xLbq/XZpNBiXurUgxKJT7QghubQKsgUNkKS3ER7NNj7pgb2xrjhHTuYdXE/5GUaJEeAMQxe2QZ/gw1VRcrT+nylFB5erEDptvjwQqcZixr35a3AJjdtE1L7TKJKVV1lhQmr6Oviiw2+Aq3gAeI0cN8GWPeC8Ho0EHKr4mJy+08eN28gyChyFPeG4SWPo2uvhq7F8yO/yczyL81L5OMl2+OPCaL6OevWjAidOET0gu1kwWjUlF/Ll30cAlc0aOUUAg0qeRHQwTNcXeMQFVc9ZS9H/LcCaSsOXNxJV1P5m9FuHoVuKBqacUg0K+EwkyBYgM6NoOHoW02kHCMcjnNKIFyQkq5AnzPlqFCPVJdw6VnzgfpsG+zJl33Y5bJj4HGmhyKiS36azRpgMzjvqDQc06YnEEUYsYLng2QtG1mzZFv3RcCzm6yvkWxxaE7zLnvCvfESf8YMR5ZPePfxxsEtG39S8486ishl7d6o/eKH3iNdR+pt/P7vsXp4yBC/NVUbZ9s0Dcm41DR3KySmDBDMS7KoT3ZYQ3cdP0DXO6XUClhDIuU8f9JtCtIbaUgQvwX4ZbrJGb3Cw/Nc+6DjwRBxVwqPsf669neQIDZJ47YRrptwsgLay/PBmX3cmuQ2q3LjtWVfZfx/2gZ7NL1yoscvO6yHw4Q5Eg1ea360kNS4oRgxHC3/asfZdeXjb3GnxcfQXPqi45l2luNuYy3uc/zgnHsUMZMzyRcuxmdnBEtckmBVyOOXV2FnY4R1iEgIvN+AKjw7AS/ypYn9ZVy+JFs2Pzvp7Bbz2yRqOns5LVszAvbdI+ua1+LZTjIteatJPZhjHfSYPfsheGUCGkC/pam95QIC1DTfhGg24lP9AJuY5G6UosS8g+PKZDCK8yqbC2cTBkFzIdzTcFV4Oc2zwPmv+827zelhiKapQjPhsEsJFMgtYGVi52ZSQepLS9WIrKjW+ETXMLIBwS7QRK6wIMjIhwfvrq4IDQVp9D1yZWo+5oUivMDpRn7UH7SnyQgVTiS/WsiO2p3QNTzPLwydYXQhh/BlZBx+xOjEsnNKl3K7UMvo7NqjKIaUT6vGf2xeu6OFVRzNbbe0f+DIXbqWr2Sjcc9mEMRY9T1HHfEowfkwh+aKk1v1hDPZ6pel3g6Dw+24RmAaS3Wdqtx1k7sXYMXz2qHMZZC+F6rFLXXyVoY4y2p5r4OpVdWGtQ9YaBpFdelUViLzS2yYFAK81X5D4DQiRPqy2HvNSuUM1DxdN2D5gUL9dnoHf9BLlLN4WNo3AtobzvzWLZ+yogv1ikwjWzB7W4QPhd/2EEHQUpPWueoFE1D+Qw6mfS7kzNslds8uhACLiAkVl9rTRgEp1AHTtGyXelL1FvQ3ZcqOVaNL7Zc8pCTPkufRWvIQAxFeY630yV+kF5hW35bDJvuQta4S/dQxI5VS0SgrfzhzIStN2oOTgHRJ1WdzkhaTnKKx6DkyBNoBlfc11qW4weAttd57Ebx5Vb8dTfRku3NCEFWABiNhgi3vpBlE5Dt0GYdj7BDQaycvbPqBJ3d9+LrMG1NPT54BtHioT/veA97aoDQ3mmlhOxQdDCtYDzrMaHtk2Qe6fkKO2zfWXOTCDSghyqg7crEYXK9TDJMAVHM5l61WYkYZ/5BG7JJxtGPaUbJ1FfVa9gd9VLueVaZ9JgeKYV+K9iGhOHSQnpGIy0tvVGKUzTRTvGJSWb7uO/uZ7T7aDaSeX4ZMyD3XDHQ6xtPpd99Db0Bazn0ZNE9Urwwfdt8Vl2SV7YPCCdtN7hPB8E5NG+dkv+uZ0kBTzWAIpxkHrpwkFPac8XTja3/5sG05xZ6Wz/SeRi3kj0qu1S+KFu6ZMr7LBx1ce0OaDSJOxYsU9mBxiZHQBq+YstAWdhXWBRY+kRKPjLcaQfk8/ut/j9F7YL5x2N5+xZddzHKlnHmsm7ETycSBpEnAIbpT4bKAuc2eSFlLVvSca5v+j5x14i40SjLh4c0r9h/4CE+rCHpOXPdRve0aAEWrT2RsP0trksvkSS5fs4lL4BZGN4eAinEOkHWc4b2Gjg0a4rzSU2E8PABLLs4vhDWGwlnjj4gZByA00WGu8IHbqM5Ylemnw4m+nZO9ANfKBNhHuAFRm+ErAY0X6r8SyXIGt7jR7SzxH8W2Sz7EX5rSVgWyvD08/jklZJVrmwHUpSXiuoNlVivzyTJwfor8T4ubgr404qKGDks8iNlGS5MrNNA8L/PMCcITUzpF8Pl5IxR8ev2I4BFtq/IdcR7Gl+YeHD62OviCJOv6BHiJfA7c6P5/XXB36gj7eApLmXwzBY0Hc4t0kl6t+8LvHO+8GKQ/Ow2mYJVSh/pxfOXx67q7zctVAUOlWH0FzVl4wOP9FZ22Q410796eg7Wt0z6BlRFobOZvMFvzDzOyH4wVWBbNItUCmRzT9XEkjyEVliF6g2wHjws97RlXfM510oQZF9d0P5ihxxE4U4LkUt5F8MwiUdFQgNaBabDKynBEn+KYsLS1IDaBSd07SgfKc4w1FzyKu15ODPdex8G7YNNvFFgw6InVhUBpUWsakET7JnYVNd9anXpg/5C4j8RPXmkHU9NPKvTsBd68AZuGMo4hyjSBq49ZdD87EbhYiHdqFYepjMp9lw4Vpo6zAJdyxNhgV/jhyiXOAToeDs+N7bv4Sy5uapTqYtSP0d9wIoCGRmk5vwnFcjrMnV1+dbSo3Vj57z/xxNI36OpYbVzhh9KesIK4Kwf7Zg9m4KJzYfJ3IQJ9WWb+Qz4y53PDXV+VNCHtsGZckEM8rVhQBUlkrpValS9srFAFCYDZx+d8Q172XqyTA19oA8Xvzn6D+sKpDV90tNMO9bjCVwiNLCo/AYwfjMBygZ73mZbwN4wy2YxJmLFfnw4f+AyNfKWFMaBiQ2SZtSJCKe+Qy7Qeq4jJrpUgeT6s79np0+cEaQS2eqnKQCtKZMEPJPhj/93jdACoD/n+iVvMa06GtLql1HF55+7RjEGKVcPZV7Pg/1lsuxSUh/ASv/ft/bdhw0tOqQ2OgM//10N1Hiao8DPhIE17X65GJOQQRwTr72ok2UXfkVZNthVPPEsm5V5px9JKMVO1idvpPqpC9SqF8qGA8pdKMwrjtCe0nAggJVX6f0uKYehQYHUN95uEpMGWeuN2Ik4zrIS75ZjK6LCPwa6j+TVLABU110MiNiRBO4wJtve6OznfBGrmxJgDhwoP0r0zx6Xhuzpzfgp6UX2TIv4Lu4rikOuWRZTuWClCfFEVJDzPAUgqoHE3bi7UazYGIfbIvz/LZnOd7g+pc/7HglZxUsYTEGV/y6Cy7sl6OIHpCPsNVEiR6JucXOa6KzLCcLOrQ5yBLjXGR90hPFkRZp6mQLRDKg4MUjJIWnNsYv3jCoFnTDdFYQ/qNJt9P8tVsRQ+QqaVNhwWNj0s+cSy0TRczPHXg6jgwlaWVCbZJC5gUWF64ygjaHpqNG5B0bYC/IEoS5/YndhcXI1mM+Tddt3W3bvbCFhpU20H1lnNN08yGOuHQOd+DCVc9jHGTz3J9FyePif/WtrvwHSIx+xbSjVf8CNdOj+XG32JVxQUKlwK4RH1+nP+8C3LvbVD2lSWKAU+SRb2eMhyo5MlL15RSwNV03ZsJKoFM8P+bBnZNciRPuUal1RiSRol/bynYvMeUEeAIq68+bfFkJQfQXauzZJeE0zPA4CV0DR3vIBjdtTeiuvFiylYx/fX5n5AGyZeXr7xCjM9aIHBQAOZDVo4Q3+vGgQG+Ff3h6w1k6OEhy6veaDFk6q/Vdb4fUmN/cmtB2+fAKeu0rMiAnvNMX3IV55s3cy8qOcBfM3r7uNNrVpb6eGPSZwEM0PilRW6EUcEXu7IUzI9A9Vqf7HL1FsBBaDq8/BNQtPnn8sqF9Khh+dCbQYqi5ho/hoefPLpdZoXLb6BQsaivbsB4ry/qoQAg9ZJevwz3xOpErWj9Hh9lsDAZ2WopJB84E6QGgBtrckbu5gtmZ/0J8pv9MsKzsB/SM39O8jKtrWJ0PzkWQMSeZP6Jri1lriumoyqPL24L8GIX5ctMNSeZ/T3Tta7naE4H5ITWLbJGvM3Va+qKRheoqGi6aYzr0Cu/f7CA= X-IPAS-Result: A2CPAQBJ94Nb/wHyM5BbHQEBBQELAYUzFhKMAV+jeBSBWhcYFIgINBgBAgEBAQEBAQIBbCiCNSSCXwMDAQIkExQgDgMJAQFACAgDAS0VEQcHCwUYBIMAggKjdjOKYYsuP4hvARIBhXcCjVswjSEHAoIEBI1cCxeOSZNJgUE4YXFNI1CCaYIlF443T32JX4I7AQE Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 27 Aug 2018 13:10:28 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7RDA8Ov027205; Mon, 27 Aug 2018 09:10:17 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w7OMfpL8010447 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Fri, 24 Aug 2018 18:41:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7OMfnDL009522 for <selinux@tycho.nsa.gov>; Fri, 24 Aug 2018 18:41:51 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwMnYlFXBxKDIYICpCUzimeJIIFYP456Ao4GjR0HAoIEBI1cCxeOQ5NEgUE3gVNNI4M5giUXjjdPj1kBAQ X-IPAS-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwMnYlFXBxKDIYICpCUzimeJIIFYP456Ao4GjR0HAoIEBI1cCxeOQ5NEgUE3gVNNI4M5giUXjjdPj1kBAQ X-IronPort-AV: E=Sophos;i="5.53,284,1531800000"; d="scan'208";a="354307" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 24 Aug 2018 18:41:38 -0400 IronPort-PHdr: 9a23:ABzObRAmeTJHbL7yXM0yUyQJP3N1i/DPJgcQr6AfoPdwSPXzocbcNUDSrc9gkEXOFd2Cra4c1KyO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykCoJNyA3/nzZhMJzi6xUohyhqgdjz4LIeoyZKOBzcr/Bcd4cWGFPXtxRVytEAo6kcYYAFfEBMvhYroLgulUBsRu+ChOxBOPhzj9HmGX21rA93us9Cw7GxxIvHtIUvHTPsNr1NL0dUf27zKnM0zrDdehb2Tb76IjUbB8hpeuAUq53ccrU0EQiER7OgFaIqYH9Ij+Y0ucAv3KG4+diVe+jkWoqpgVrrjWhxsogkpTFi4YWx1ze6Cl0woY4Kce8RUN/e9KpEp1dvDyAOYRsWMMtWWRotT46yrIYvZ67ezAHyJoixx7EbvyHfJKH7g7/WOqPODt4hW5qd66lixa89Eis0Oz8Vs+o0FlUqipJiMXDtncI1xDL68iHTOVy/lu51DqS0w3e6ftILV02mKfbMZIsxro9moAdvEnDBiP2nV/5jK6SdkUq4Oio7OHnb636qZCGLI97lAH/Pr41msOjAeQ3KBUOX2af+euizr3u5kz5QLNWjvIolqnVqozVJcMepqKhGQ9azp4j6wqjDzehyNkYhmcILFZEeBKBkojoNErDIOz4DPijg1Ssly1nx/bdPrL7GJnNIX/DkKmyNYp6vk1R0gw+yZVf7ohYB7cAJv3bXk7qqMeeCQc0NRO9x+KhA9J4kssaWGSSEuqaPbnUvFug+O0iOa+PaZUTtTK7LOIqo7bqjHkkiRoGcKK0x5oLeTW9Gfh7J0ixf3XhmJECHH0Msw54S/blzBWZXDpSYWuid74t7TE8ToS9BMHMQZ7pyLeIxyqqWIZdZmlbBFSBC1/pcZmJX7EHbyfWasNojDFCVbGnUIIn/RCoqAL+jbFgK66c9iAeuJ/lksQz6+rYljkz8yB5C4KW1GTJB2Jun3gUSjke2KF5vFw7y1Gf3Kw+iPtdUZRa/fFAVC8+NJjB36p7Dcz/XkTKedLaZkyhR4CNCCo8X5oKyN8Hfkh5Fs/q2hvKxCe7RaQel7WWCpg56Ird2WT8I4B2zHOQh/pptEUvXsYabT7uvaV47QWGX4M= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDJ2JRVwcSgyGCAqQlM4pniSCBWD+OegKOBo0dBwKCBASNXAsXjkOTRIFBN4FUTSODOYIlF443T49ZAQE X-IPAS-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDJ2JRVwcSgyGCAqQlM4pniSCBWD+OegKOBo0dBwKCBASNXAsXjkOTRIFBN4FUTSODOYIlF443T49ZAQE X-IronPort-AV: E=Sophos;i="5.53,284,1531785600"; d="scan'208";a="7625031" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 22:41:38 +0000 Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7]) by fmsmga002-icc.fm.intel.com with ESMTP; 24 Aug 2018 15:41:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; d="scan'208";a="84307214" Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.2.129]) by fmsmga001.fm.intel.com with ESMTP; 24 Aug 2018 15:41:18 -0700 From: Casey Schaufler <casey.schaufler@intel.com> To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Fri, 24 Aug 2018 15:41:14 -0700 Message-Id: <20180824224117.3356-3-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180824224117.3356-1-casey.schaufler@intel.com> References: <20180824224117.3356-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Mon, 27 Aug 2018 09:03:59 -0400 Subject: [PATCH v4 2/5] X86: Support LSM determination of side-channel X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
Series |
LSM: Add and use a hook for side-channel safety checks
|
expand
|
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 6eb1f34c3c85..8714d4af06aa 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -7,6 +7,7 @@ #include <linux/export.h> #include <linux/cpu.h> #include <linux/debugfs.h> +#include <linux/security.h> #include <asm/tlbflush.h> #include <asm/mmu_context.h> @@ -270,11 +271,14 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, * threads. It will also not flush if we switch to idle * thread and back to the same process. It will flush if we * switch to a different non-dumpable process. + * If a security module thinks that the transition + * is unsafe do the flush. */ - if (tsk && tsk->mm && - tsk->mm->context.ctx_id != last_ctx_id && - get_dumpable(tsk->mm) != SUID_DUMP_USER) - indirect_branch_prediction_barrier(); + if (tsk && tsk->mm && tsk->mm->context.ctx_id != last_ctx_id) { + if (get_dumpable(tsk->mm) != SUID_DUMP_USER || + security_task_safe_sidechannel(tsk) != 0) + indirect_branch_prediction_barrier(); + } if (IS_ENABLED(CONFIG_VMAP_STACK)) { /*
When switching between tasks it may be necessary to set an indirect branch prediction barrier if the tasks are potentially vulnerable to side-channel attacks. This adds a call to security_task_safe_sidechannel so that security modules can weigh in on the decision. Signed-off-by: Casey Schaufler <casey.schaufler@intel.com> --- arch/x86/mm/tlb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)