Message ID | 20180824224117.3356-5-casey.schaufler@intel.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 211F6920 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F43729ADC for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0D81629B0F; Mon, 27 Aug 2018 13:11:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa12.eemsg.mail.mil (ucol19pa12.eemsg.mail.mil [214.24.24.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C8C829B07 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:08 +0000 (UTC) X-EEMSG-check-008: 625665284|UCOL19PA12_EEMSG_MP10.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="625665284" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa12.eemsg.mail.mil with ESMTP; 27 Aug 2018 13:11:08 +0000 X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="17471473" IronPort-PHdr: 9a23:VUy1iRJDBAq3qn3dSNmcpTZWNBhigK39O0sv0rFitYgTLP/9rarrMEGX3/hxlliBBdydt6obzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlKiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr86QzSi67pgRgHuhikJKjU19HjbhtFsgK5eph+quh5xzJPOYIyNNPRwYK3Tc9AdS2VDUMZfSjRBD4GhY4YBAOUOIelWoJfmp1YVsRuzBxOhCP/1xzNUmHP727Ax3eQ7EQHB2QwtB8wDv27PrNrrNKYZTP27w7XIzTrZcvNW1zP955bSchs8pvyDQah/cdHPxkgvDQ/FlUmfqYz/MDOI2OQNt3aU7/B7WOKujW4ntx9+ojy1ysgwjYnJg5sYx1bZ/it62IY4PcC0RUF0bNK+EJZcqjuWO5V5T888WW1kpT42xqACtJO4ZiQG1ZYqyh7FZ/GDd4WE+BDuWeCMKjlinn1lYqiwhxOq/Eilze3zS9e73U5RripAjtnMrncN1wHP6sSfSvty4EOh2TGX2gDP8O5EO0E0lbfAK5I7w74wkJQTsUPYHiDohEr6lrOWd0U49eio7OTreLPmqYOHN4BokA3+N6UumsinDeQ5NAgBQXSb9Pyh2LDs8kD1WrVHguAsnqXHv53WO94XqrOhDw9QyIkj6hK/Dzm80NQfmHkKNElFdwyDj4joPVHOPf/5Ae6kjFSrjTdrwezJMaP6ApjWMnjCkKvufbZ660JGzgoz1spQ64hbCrEGPvL/QlXxu8DADh8lLwy0xP7qCNd61oMYQ22PHq+ZP7nUsVKT5OIvJO+MZIoPtzbmN/gq+eTujWQjlV8aZ6mp0oMdaGqkEfR+P0WZfX3sj88DEWcIpAUxUO/qiEaFUT5VZnayQbkx5j8/CIK7AobMXZ2tgLqd3CemBJFWYXpGCl+UG3fya4qEQ+sMaD6VIsJ5ijwLS6OuRJEn1RGvqA/6zKFqLuvK9SIGq53vzt915/fclRsq7zx7E9yd032RT2Fzhm4HWjg23KZ5oUNg1FiD1al4judCGtNN/fNJVR02NZnGz+x1E9ryQB7Ofs+VSFa6RdWrGSw+Ts4rzN8UeEtyB9KijhXf0CWwGL8Vi6aHBJoq/aLAx3LxPdpyy27a1Kk9iFkrWspPNWu6hqFh8wjcGYvJnFuFl6awdaURxynN9H+dwmqIuUFXSg9wUaHeUnAYaUrat9P55lnNT7W2E7QoLhNBydKeKqtNctDog1RGRPPmONvAeWK8gGmwCgiVybOLdorlYX0d3D/aCEgGjQ8c4WqGORI5Bie7rGLUFCZuGk73Y0Pw7el+r2u2TkwuwAGJaE1hyqG4+h0PivyfTPMTw6gIuCA7qzV7BFy9xc7ZC8Kcpwp9e6VRecky70pd1WLYqQN9JIetILp+iV4baQh3uFnu1xpvAIVajccqtG8qzBZ1Ka+AzFxObTeY0o7rOr3LKmjy+wuia7XK1VHfztmW/LsP6PUipFn5ugGmCFYi+W1909ZJy3uc+onKDA0KXJLrT0k46gN3p77fYigy/Y/U02NjMbWsuD/Yx90pHPclygqnf9pHK6OEGhXyE8oBB8iyM+EqgF6pbhUKPeBX7qE0Odmqd/2Y1663JOxghi6pjXxb4IBh1UKB7yR9RfTM35YZ3f6YxBCHWizijFi/qMD4gp1EZTQIEmq40yjkC5ZbZrducoYTFWeuP8q3y814h57sX35Y8ECsB0gd1cCzZxWSdVv90RdX1UQNrnytgTG4wCBskzE1sqqf2zTDw/rjdBUbJm5LQ3NigU3wLoi0iNAaWkeoYhMtlBuk40b13bJbpKNlI2nUW0dIcDD8L3t+XauoqrqCf8lP5YsssSVWS+S8fUmWSqXjrBse0iPjGXZexT8gejGxopX5nhp6iGOBI3ZotnbZf99/xQvH7tzGWfFRxiYGRDV/iTTPHFi8ON2p/dGKmJfZru++UGygW4ZIcSn20YyArzG35WpwAR2wh/qzgMHoERAm0S/n0NlnTSbIowj6YonwzKm6Mvxofk9zBF/69cV6BptykowqhJEfwXIanIma/WIbkWfvNtVWwbr+Y2AQRT4P3dHV+BLq2Et/Ln2X3YL0TWidwtB/aNmgeWMawDk978dXCKeO8LNLgyV1ol2irQLef/dxhDEdxuUy6HQCmeEGpBItzjmBArAVBURYIyrsmAmT4tCgqqVYeWavfaK21EVggdCrFKuCrR1EWHblZpciGjd97t1lP1LR1H3+8Z3reNjMbdMTrxGUnQ3Pj+5PJJI2jPoKijJtOXjhsn091+47kRtu0Im5vImHL2Vi4rm0AhtfNj37acMc5C3tjbpensaR2oCgAI9tGjMVU5v0VfioCi4dtez7NwaSFz0xsnmbFqDZHQ+D70dmqmnCE561OH6KI3kZ189tRAGHJExYggAbQik1noIjGgCt3szhf19z5ioN6V7gthtM1uVoOgHxUmfFugindyw0R4KZLBpK6QFC/FzYPtaC4eJ2BS1Y+YehrAOVIGyBewtIFX0JWlCDB137Jbah/t7M8+yZBuqlM/vOeq+CqfdAWPiU356vyZVp/zKNNsWJI3ljAOY21VZDXHBjBsTZgC8DSiINmCLRdM6boxG89jdwrsCl//ThQBjv6peXC7tOLdVv/Ai7jryCN+6fgyZ5Ly1V2Y4SynDTybgQxlgShztpdzm3HrQKrTTNQ77Imq9LEx4bbDt+O9FH760mwAlCJ9XWitTt1rFmiP41Dk1KVV3lms6yYswLLHuxNFTdBEaELL6GPyHEw9nrYaOgTr1dlPlUtxq1uTqBCU/jOTWCmCfvVx+0K+FMiz+UPB9FtY6hdRZtDHTsQ8j9ah2nKtN3iyM5waEsjHPQKWEcKSR8c19KrrCI7yNYgvV+G3RG7nphLOmEhziW4vLdKpYXrftrGDp7m/hd4HQgxLtf9DtES+BtmCvOst5upEmrnfeXyjV9ShpOqy1LiZmTvUp4I6XZ94JAWW7A/B0X8WqfFQ4Gp9x/Ct3go6pQ0MTAlLrvKDde9NLZ5c0cCNbOJ8KDK3chMh3pGCXIDAQfSz6rLmLfh01HnPGU6HKVsoAwqoLwl5oWVr9bSFs1G+sACkt7B9wNPo14Xik4nr6bl8MH/nu+rAPMS8VdsJDHTuiSDuvvKTqDi7lLeQcIy6viLYsPLo37x1Bial5ikYvXAUXQQ9FNrTB6bgIvukpN6mJ+Tmo92kL+dAyi/GITFeS1nh4qigpye+It+ynw410vPFrFuDMwkFUtmdXimT2RdDnxLL2uUoFQCiv0sFM8Mpz9QwZodwGymlZkNDjcTbJLk7RgbXxriBPbuZZXAv5TU6lEYB4WxfGKaPQlykhTqiKixUBb/+TFEodimBEscZGys3JKwxhjY8ItJazMOKpJyUBdib+SsS+t0eAxxhMeK1sW/WOMZiEIok0IN7ghJyqu5OBs7xKNmydbcmgWS/Uquu5q9l86O+mY0yLg0rtDKketN+yfL6KUoHXPlc+IQ1wqzUwEjU9F8qZq0c07aUqbS1gvzKeNFxQOLcfNMwVVb8tO+3fNZSmOtOXMwZRyP4W7DO/lVvSBtKcOjUKiBQopEZkM4t4HHpayzEHSNd3nI6IdyRUx+ATrI02IA+9XdxKNizoIudywzIFp0olHPTESG399MCWt6rbQvA8qj+KJXM0qbXcCQosEKnU2VdWgmy5fvnRPEDm30uUdyAiZ9zHyvzneAiPgYtRkf/qbeRRsCNSq9jol6Ki2lUTb8pPAKGHmLd5ioMPA6fsGp5abDPNZVaVys0XGlIZEXHGlT2nPEdqxJ5jxdYYsd8D0BWimXVy/kT41SN3xPNm1JKiSnQ7oXZpUsJWc3D07L8+yDCseGxBrqOwY+KJ8fxcMY4Qlbh7stgQ+MaO/IAOZ0tWhQ2atNTVWQONFzeW/fbBXyTQjbvOiwns6Up461/W38VIKRJwSgBDS3+qsZ4lfUSj2G3xSYQbPqDE4l2d/KOk93P0zwBTSsVkTKzqLbvBmaHRYv9EgAlOfOXB2BXAiR1+fk4XD/g+s37Yd/yZGkddby+tFv2T6vp/YfTKjRberpY/TsyU+cdgsu7dxPpD7IsuaqJPemSTSTIHXsg2BSiG6DfRbmt9UICJWW/RInGYlOcsduYVf9UUxTMA+J6dUCKktoLCqZiBoDSkIzS8WT4mAxiANgv+g27vGkRedaI4tMAYZsJVEmNcdUDV7YiIfpK+iS4XZjHWISm4VLwcP9Q5M/h4PlpdsfuD554rFVINMyzlTo/9vTivHCpxo+EDhRmGQn1f4VO2rk/a10gJK0PLszt4bVQZ9CUha2elbjVYnJ69sK6YOpI7KriGHel7gsGLr1uSmOEFbydfIeF3gEIrFqW38XzUS+X0OX4BPzm3QFZUJkwdibaYrvFRMLJm9ekfw/Dwo3YNpH6O3Vcqz3VYqsW4GRzu2E9pGE+xmrE/YVyBkY5+xrJXoIIldQmhV+JKBsVhZi1ltPzS/yZVCN8FH+iQMUyRXoTWBoNuyT9VO2ddtD58QONhwpmv9FbhfOJiWvn02oKDgxWHf+zAgqle13jGzF7W/T+JD8G0UAh8pKHiGqkkzE+ss9X/f/UvDsl9o4+tWBKWDgEtqrTlhGZBOAypG2mq+L1RvVnVGtftVKLjNecxGX/YyfQOvOwA5FfM+xUyG41x7nXfjbCxurQZa/yfdXxcqWiULnrjtniARpd+9NT8cVZ1IcS0rbz3ZJAKDhSBXoBFfZll2W5ADHNlK5awU0JBJ/srGVUasMzsKXAJjNgI/1fpQi1JDvF+feSDHAgqibezPvQFvfceNsM6pK+z0/AJdhYPjtOA36bkDR2G8lgK3Wt3eqZHztsGRtkSSbqj4K/OzbWXHTDfSkRC6na0kAIXS/yjPLApbLIF3yXg+bpj7Dm7LJhBGKLgFJ0dAUKB6dNFGovxbZ8B4eaYG46ltBgmdShPoAoyvo+FMLkzPSjTGMyWB7uu/rJrR7bPHT+jgaNaMx3HaTK1pJZp69SP0G7Hx0Y9Z4Eb23Oli9l9iQ1jcLy+BtMjhJh8M5MS6eUvio5wpHTfSAJhulXrg3VxPeNQMTC2r6psYzolV6HHqSeJ3ykLzqvFd96F46Ykr5LBk0cW0JabXKflBtE9oHBiVCRtw9pUsBmh/SHpdYukPJ/fNZa4Zl9zhq/jrF6wL7x2Y4+pZad/cKkHAnMm/DyuQSR1CnAcPsz4VNBCc1+Kfm69pVcmlufX52lgz7FSkKR4G1r9t75+e+qWUvO/XcwfRzb8cV6jvQcPzqKgsu0yM6vA/kb4Oe3Z6Ywu5H+gBWM8dwX3gzaMxzS42FcPMAa7g8uZZV30lhjLgh4x9H1IOF/MQBrqL+IRTk3w2m+PHK9IWdbpClXyXFR6+Fb8Cy2Ck5DeLIGV/hRHOyR7wS3up7FDqtS94XTfMz9D7n0pUV7i4H11dUDayNE9jrjyPIBTnu8bttaQy9kE2PXTutMiRm2u5JLNXA8r/KcSHLik1v1IWgoc+Rt6u2YAHAdqyOsoR8HVlY/TC7GOkjjFOrL1ah4rE5cGV4O/YEWOnj62ApLWH3CpYxWQgvVEj9tCgMenD58WQTPS0y2kRTyl+uwzbXx62s7DbtE4bOUiK0EfNhYwLMcpU3WEi2UH6+OcjQNwy9AJEFobDff8Cpi78OCHywVmBZ9I7TC6e0yFYHljtC1l3BLA82H7svMLOjXrQ9EMnRo9sd0zgghx7CJ44Jlwp6FgWxCoDDAcMZAufDL62H0TkLZELWVIFaRuZwLiwYr030lFrwrOz+O/TavRxB6wMNvlBiQ6OmEJUGokMva0fR7J8fERd9LXMqwjnBIXmUOLqlX0qNf26Wspa69wWt2M+4gajQBqt8ZhD4KoAiJCTb6JKfJfCssZ970dh+D4OeTdAgBd6jxyjV+ATuvrv4t/BsJqn8uyuTroiR/0L9xgoAGRzl5nwgFcjodHRzetTVo3ViYDi8A9QIn+KuYDa0wJ/KeoPMI+rYrdg92sdKCgaOn0OPMCaa/8i7C9xKD/T/UBNAtsQZdMEO8rAgQFUilPzV7FV7cfbHkKYBJpyd8Av9Gr70jc18YEzUuz48j+5OYjf701RP/NElChslszNpOYbwfrWEyUW72OWax5rzSOe0ZWNDej//fmUwtHOS1wGBjI2U5taJDea9gynQu21lZv3XQOQ7s/+m4k+dEWWRnywgKsJqKBMHvBcii/jxDhRCpj1h+6Js9qr8GZXs1xHEIVw7R3CA6hfPI90ORf/lsmtWEd8ADHzeMfKeRoyoOCW3PsD4/1iN0viYo8WOgkLxKz86XpJVQZuU7r2vlGFXeINettpVu7LompS6YJ6JK8FJEKdq4DyrjdUtFA2BxckaLEuoTxed0nOhBNaVr31ub4BjwscVMB2uVVIGW2uIm4+4CDHVatNhqmLFPMV6imTTrAJU0hwPCJ+Wwm12JRydLS3hv1Ht2JGnj9noPc0yTBmQwG8uSL0raIXxT0g4K24tCkGuXFdSeWelznHBE5bzPQOl6gcEGri6V2gb3kfdov9/qdoKd7m9YY//3Q1eQ8jcDEeXeS8FyHwiLuFAoiOsNJamR6Mt9zCbbuyLSgJKrQ90gnuR3ln3QjYmxZk6mwLQi+v7NU8PoWyJd4lxja0GWjcbFsM57lGv9fxtV4KSus2bkhswHti0siBWCINQM3PG2Aojgkrc2lEd4hD6RACHakynjmIprVG/h0TYDrMEISq4IrQncDT1nQmUNdqwH7Wpq2ChpM3331lm8904jSIuHsMa+zSS9VsDWTr1odD1ez+YO2gsuICSIth0rShSv4CMtK49GuwwppqX1GqxrUEE1q+Ku8Dya/RUz25Rm2AReSLb2+Mki4iMk784BmnMlw6ZcRRok8jLOTCnJ9clgzmUbNyXCmQo0HUzHBwed8dIgE7ooGqf0kKRfQdau6dI+cGxPwlFEBKaGfEGzR/D+vwulmo2MB/OnN98QD5bP7r/wTOLtSfAF8HHJTco5o3/ua1AiqFOHl93FhpMUJp7ebDBhE0seNBd5u5g9fdnZJ43PQDevMrNjcy/pYIl4Zi75SE+NubehHWiJDpLJfapebcS/bW1Ek7PHpRUrMEbwf4/a07OMI0X/vYGr4d9RgVG6V8QJUnLGr33KByMA53NAXWYfD8jsTsq++NIIcSq3jd7XoxKjvRv1sIzfnwBQ9hbou2inPaJJE2WyIHrttxBx8gF4xKX4sJtQiuBbaQmaemm5mw/V93v6kBtq+jJOrN0YGS1p58TtBh7kyCITjVCbMj1k9slemjxOzL0pDsB8fvY/sFUvR2RijObbqQTdb3ES6HJs+pIx0OyLWbyr8sF0zJaQ== X-IPAS-Result: A2AJBABJ94Nb/wHyM5BbHQEBBQELAYUzFhKMYI5KlS4UgVoXGBSICDUXAQIBAQEBAQECAWwogjUkgl8DAwECJBMUIA4DCQEBQAgIAwEtFREHBwsFGASDAIICo3YzimGLLj+BEoJdhQABEgGFdwKNWzCNIQcCggQEjVwLF4E/hy2FXZNJgUMBNWFxTSNQgmmCJReON099iV+COwEB Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 27 Aug 2018 13:11:07 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7RDB5vC027232; Mon, 27 Aug 2018 09:11:06 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w7OMfpTC010446 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Fri, 24 Aug 2018 18:41:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7OMfpEe009524 for <selinux@tycho.nsa.gov>; Fri, 24 Aug 2018 18:41:51 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHoMFlSqBeguEbAKDECE0GAECAQEBAQEBAhQBARY6hWcDAydiUVcHEoMhggKkJTOKZ4kggVg/gRKCXYsLAo4GjR0HAoIEBI1cCxeBPocphVyTRIFBN4FTTSODOYIlF443T49ZAQE X-IPAS-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHoMFlSqBeguEbAKDECE0GAECAQEBAQEBAhQBARY6hWcDAydiUVcHEoMhggKkJTOKZ4kggVg/gRKCXYsLAo4GjR0HAoIEBI1cCxeBPocphVyTRIFBN4FTTSODOYIlF443T49ZAQE X-IronPort-AV: E=Sophos;i="5.53,284,1531800000"; d="scan'208";a="354309" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 24 Aug 2018 18:41:39 -0400 IronPort-PHdr: 9a23:4govbBGIjwRwj3doIkNJTJ1GYnF86YWxBRYc798ds5kLTJ7yr8qwAkXT6L1XgUPTWs2DsrQY07WQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDiwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/KhMJ+j6VVrxCvpxFk34LYfJuYOOZkc6/BYd8XQ3dKUMZLVyxGB4Oxd5UCAPAaPelGr4j2ukYAoge+BQa2GePvxDtIiWHs3aYn1OkuDRvJ3Bc+ENMOqnjUt8n6NKcIXuCowqnIySvMb+lN1Df87ojIbg4uofWWUb1sdsrRzFAiGgXYhVuTsYzoJy6Z2+AOvmSB8uZtV+Kih3Qjpgx1uDSiyMchhpHUio8RyV3I7zh1zYQ1KNGiTEN2ZcSoHZlWuiqHLYV5WNkiTHttuCsiyr0Jp5q7fC8SxZQpwh7fcPmHc4eS7R7/SOqdPy50hHN5d72jnRqy/02gxvf9VsmyzFZFsC5FnsPQuXAK0hzf8smHSv1j8Ue9wTuDygTe5+JeLUwpl6fWK4Qtz7o0m5YJv0nOHjf6mEDsg6+XckUk9PKo6+PiYrj+upCTLZR0hR/+M6g0gcywHeQ4PRITX2iV/eSzyqfj8Fb4QLVMkv05jK3ZvIrGKsQco661GxVV3Zo76xajEzem18wVnWIZI1JBeRKHiZXpOl7VLfDkDfawn1SskDBxy/DAJb3uGI/BLnfEkLf/Lv5B7BtfxRA1wNQa55tOBrwHIfT8ckvwr8DDSBghPgqryuLjTt5608dWXWOJH7/cM67It1KMzvwgLvPKZ4IPvjv5bf8/6LqmiX4/hE9YZqSiwIEWdGH9G/NqPkGUSWTjj81HEmoQuAc6CuvwhxnKSjNXZnCvT4og9zo7D8SgFo6FSYezxPSK1Ty2D9tNbWBPF16IHG3AdoOYVvNKYyWXZodtmyIJE7ioTZQs0zmvshP3z/xsKe+QsiEVs5/u0p5poeHUnhIa9DpoAsDb2GaICyl3hGITWzIw9KR+p1FtjFaFzaV8xfdfEJgb7ulLWwESMZ/a0vw8CtbuVwaHddCMG3i8RdDzKjgqQ8N5+NQOaltzH9i4xkTI1jGnEvkOnLyCGZIw/7j03n7tKsI7wHHDgvpyx2I6S9dCYDX1zpV08BLeUtbE X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0EeAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH4MFlSqBeguEbAKDESE0GAECAQEBAQEBAgEBAhABARY6L4I1IoJiAwMnYlFXBxKDIYICpCUzimeJIIFYP4ESgl2LCwKOBo0dBwKCBASNXAsXgT6HKYVck0SBQTeBVE0jgzmCJReON0+PWQEB X-IPAS-Result: A0EeAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH4MFlSqBeguEbAKDESE0GAECAQEBAQEBAgEBAhABARY6L4I1IoJiAwMnYlFXBxKDIYICpCUzimeJIIFYP4ESgl2LCwKOBo0dBwKCBASNXAsXgT6HKYVck0SBQTeBVE0jgzmCJReON0+PWQEB X-IronPort-AV: E=Sophos;i="5.53,284,1531785600"; d="scan'208";a="7625033" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 22:41:39 +0000 Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7]) by fmsmga002-icc.fm.intel.com with ESMTP; 24 Aug 2018 15:41:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; d="scan'208";a="84307219" Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.2.129]) by fmsmga001.fm.intel.com with ESMTP; 24 Aug 2018 15:41:19 -0700 From: Casey Schaufler <casey.schaufler@intel.com> To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Fri, 24 Aug 2018 15:41:16 -0700 Message-Id: <20180824224117.3356-5-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180824224117.3356-1-casey.schaufler@intel.com> References: <20180824224117.3356-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Mon, 27 Aug 2018 09:03:59 -0400 Subject: [PATCH v4 4/5] Smack: Support determination of side-channel X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
Series |
LSM: Add and use a hook for side-channel safety checks
|
expand
|
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 91750205a5de..85dc053e610c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2299,6 +2299,23 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) isp->smk_inode = skp; } +/** + * smack_task_safe_sidechannel - Are the task and current sidechannel safe? + * @p: task to check on + * + * A crude value for sidechannel safety is that the current task is + * already allowed to read from the other. + * + * Returns 0 if the tasks are sidechannel safe, -EACCES otherwise. + */ +static int smack_task_safe_sidechannel(struct task_struct *p) +{ + struct smack_known *skp = smk_of_task_struct(p); + struct smack_known *ckp = smk_of_task_struct(current); + + return smk_access(ckp, skp, MAY_READ, NULL); +} + /* * Socket hooks. */ @@ -4718,6 +4735,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_movememory, smack_task_movememory), LSM_HOOK_INIT(task_kill, smack_task_kill), LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), + LSM_HOOK_INIT(task_safe_sidechannel, smack_task_safe_sidechannel), LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
Smack considers its private task data safe if the current task has read access to the passed task. Signed-off-by: Casey Schaufler <casey.schaufler@intel.com> --- security/smack/smack_lsm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)