Message ID | 20180824224117.3356-6-casey.schaufler@intel.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D409F13B8 for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C03B129AFF for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B211129B1D; Mon, 27 Aug 2018 13:11:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from UCOL19PA13_EEMSG_MP11.csd.disa.mil (ucol19pa13.eemsg.mail.mil [214.24.24.86]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C201129B1C for <patchwork-selinux@patchwork.kernel.org>; Mon, 27 Aug 2018 13:11:14 +0000 (UTC) X-EEMSG-check-008: 616624144|UCOL19PA13_EEMSG_MP11.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="616624144" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by UCOL19PA13_EEMSG_MP11.csd.disa.mil with ESMTP; 27 Aug 2018 13:11:13 +0000 X-IronPort-AV: E=Sophos;i="5.53,295,1531785600"; d="scan'208";a="17471484" IronPort-PHdr: 9a23:eOGqHRxv6u6AaXXXCy+O+j09IxM/srCxBDY+r6Qd1uwVLPad9pjvdHbS+e9qxAeQG9mDtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb5Q6o0WTC/5Kl1ThHmhjoMOzog/G3KlsB8iaRWqw+jqRNi2Y7ZeIGbOuRwcK3eet0VR2RBUNtJVyFDH4+xYYQAAPYOM+lGtInwvEcOoBmkCAWwHu7j1iFEi3nr1qM6yeQhFgTG0RQ+Et0Uq3TbstX0P7oPX++pzKnH1yjDb/1S2Tjj8ojDbxcsru2WUrJrb8XQyVMjFxjZgVWQs4PlIj2V1uATvGiB9OdgVOSvi3I5pAF1uDSg2sAsiozQi48T11vK9j15zZ4oKdC3R0N3e96pHIZKuy2EOIZ6XNkuT3xwtConzrALuoS3cDUIxZkn3RLSb/iKf5KK7x/lSe2fOy13hGh/d7K6nxuy9E+gxfDiWcSsy1ZKqzZFksHLtnAQyxzf8siHReV5/kemwTuPyxrc6vtFIUApjqrXMZ8hwrg+lpoUqkTMADP5lF/qjK6Wakok+u+o5/7hYrr6vZ+TK5V4igT/MqQqgsC/AOI4PRYSX2WD5Oix27Lu8Vf5TblXlPE6jKbUvI7AKcgGvqK5BhVa0ocn6xaxFTem19EYkGEcLF1bfBKHjo7pO0zBIfzhFvi/hEmskDF3yP/YJb3sGYnNL3jfn7fherZx8UhcyBEpwtxF6JJUDa8BLOrpWkDtrNzYEgM5MwuszublD9V90JkRWX6PAqCDNqPfql2I5uUpI+mJfoAVoyr9JOY/5/71l3M5nkUdfaax15sNdH+4BuhmI1meYXf0gNcBE30FsRY9TOzxj12CVz9TZ2ipUqIy4jE7FY2nApzeRoCrnLyBwT23HppMZmBJElqMC2vnd52YW/cQbyKfOsFgkj0AVbikVYAhzwqjtAHkxLV6KerU4DcXtYr51Nhy5e3ciw099SBuA8SayWGNQHl+nnkUSD8uwKB/vUt9x0+e3qdkhvxYEtpT5+9UXgohK57T0fZ6C9HzWwLGeNeFUlCmTcu6ATspVNI+38cOY1phG9Wllh3MwjaqDKUPl7GQGJM09afc0GTrKMZm13bKzq8hgEc6QsFXL22pmrZ/9xTPB47Oi0iWib6qer4G3C7M72eO1nKOs1tCUA5xSqXFRXQfaVHKotvn/E/CSKWuCbs/OAtb1cGCMrdKasHujVheR/fsItfeY2Wsm2qrBhaH3LCMbI33e2kH2yXdEkcEmRgJ/XmaLQg+Gjuho2XGATN0CF3veULs/vdkqH6gVEA70wSKY1dm17qv9R4fneacRO8L3rIYpCchrC15HEyg0N3LENeAqA9hfapGbdM7/lhHyXrTtxZhMZy4M6Bimlkefhxsv0PgzRV3DZ5AkdQxoXMxygpyLqyZ0FZbeDOex5zwPKPYKnXq9hC1d6HWwk3e0MqR+qoX5vU3sVHjvB23GUo46HVqyMdV3GWG5prREQoSVIj9UkEt9xh1v7vaeDUy55vI1X1wNqm5qjnC29MtBOsh1BmgZMxSP7maGw/oFM0WHc+uKPYlm1KxdBILIPhS9LIoP8Ohb/aGxq+rM/p8nDKhl2RL+pxy0kKL9yp6Re7FxJIFw/Ce3gSdTTf8i02tssftmYBLfTsSBHawyTD4BI5NYa1/ZYILCWa1I82r39l+nIDiW3pZ9F6lGlMH19SkeQGKb1z82w1Q1FgYoWe9lSu+0TN0jykjrrCD0yzW3+TiaB0HN3ZRRGlliVfsJZa7j8oGU0ivYQkkjwCl5VvmyKhAvqh/KHPTQUhQdSjsM25iSrewtqaFY8NX65MnryNXUP+nbFCZVLH9pQAa0yX9EGtC3jw7cCuquprhlRxglG2dNGpzrGbeecxo3RfQ/sHcRfpP0ToeXiZ4jyXXCUamP9Sy4NWUjInMsvqlV267TZ1TdjTrzZmcuySl621qBge/n/+tldH9Fwg1zzP73cFwVSrUtBb8fpXr16OiPOJ5eElnGUTx69R8Go5jkos8npcQ1mYGhp+N53oIjX/zMclH2aL5dHcNXSQEw8PR4AX+xEJjL26JxoLgWnWT2MRhYcO2YmQM2iIy98pKErub7KRYnStppVq1tQzRbuJ7njcBzvsu7WUXg+8XtwUwySWdGKodHVFCPSzrlRSH8cyxrLlNaGaoa7iw21J0ncq9A7GavgFcRHH5d48nHSBq6sV/NEzD0GHv6o7+YtbddtQTuQOIkxfbk+daMooxmeQQiSphJ239oWUvy/Qnghx2wZG6oI+HJn1j/KKjHBFXKyb1aNkV+jHxiqZehd2b0JqzEZVkADkLW4HoTf2wGjIIqfvnLxqOECE7qnqDAbrQAxSQ51lgr3LOD5CrMGqaJHgHwtp8WhaRPktfgBobXD8ihJ42ChiqxND9cEd+/j0e/UX3phxIyuJpLBn/TnzfqB2zajgqVJeTNgFW4R9G50fUN8ye8+1yEjpE8ZyhtgyNN3ebax5GDG4TRkyEHFfjPr+06dnH6eiYCfK0L+HSbrWWtexeS/CIyIq03Ytn8DaMMcOPM2J/APIlwUVDXGp2G8LDlzUIUSwXmDrHb9SHqxek5i13sse//ezxVwLg/4SPFaVdPM5o+xCun6iDMeuQizx4KTZczZwMwnDJxKIY3F4IhCFkbyOtHqgYtS7RUKLQnbdaDwIcayN2LsdI9aU83whTNs7dkdz1zLl4geA2C1peSVPhncSpatAQLGGmKFPLHkCLO6qaJTfT2cH4fbu8SaFMjOVTrxCwuzabEk/7PjSEkznpVgyvPv9XgSGePRxepJu9fQh3BWjkVtLmZQWxMMVrgj0u3b00mnTKOHYfMTl8d0NCsKad7SZfgvVxFWxO8GZlLfWEmyae6unXNIwasf11DSRoj+ha+mg1y6NJ7CFYQ/x4gC3SocB0rFGiieSPyT1nUAFSqjlRgoKLpkZiOaTD+plGR3nE4AoH7X+MBBQSu9tlFtrvtrhKytfRj6L8Ni1N88jI8sscHMXbM8OHMGA8PhruFj7UFBEFQiCrNG3FgUxSju2S/GWPrpcmspjshIYOSrhDWVMoEfMaDEJlE8EcL5dzXzMpiqSUg9AS5Xq5thXRQ99avp/fXPKIHfrvMCqZjaVDZxYQ3Lz3N5oTNozm1Ex5cVR1hp7KG1DXXdFDuS1ucBM7oFhX8Hh/Um0y21jpagWz738PDfS0hAI5ihNiYeQx8zfh+1M3Jl3QpCQulkkwmNLljCuecD73Mae8R4ZWCzD7t0IpKJP0Xx51bRGunUxjLDrEXKxej79hdWBtlQ/dtoBCFuJbTa1BfBAf3+qXZ+ky3VRatCqn2VdN5fHZBpt6iAsqbZmsompc2wJiad41IrDQJKpJz1VLm62Ovy+p2foqzwMEIUYC7n+ScjYSuEMULrkmOzao/ut05AOYnztDeXQDWOQyrfJv9kI9PeOAzyT63LNYMU+xNvaQL6WAt2jOiM6EWFUw2V0Ul0Nd57h5zd8jc1aIV0Ao1LaeDAoGNczZJA5PcsVS6mbcfTyVserX25J0P5+xFufyTe+BrKwUmF6rHB41H4QQ6cQMBpas0FzZLcfjKL4K1xAt6R/2K1qbF/tJeQiEkDEdr8G41p930pFXJisBDmVlLSW3+rHXqxcwgPqFXdc5fncaXowANnItQMO0gjNXsW5cATewye8W1A+C7zrgqSvKFzn8c8BvZPGKahNwENu24ykw87CqiV7L9ZXTP3v6Os54ut/I8uwXvIqHC+lOQrljrUjcn4hYR3qlU27LEN61KJjwa5UibdPuEHa6V0azizQrQMftJNytNLSHgRn0RYZIt4mWxD4iOdWhGTEeGhdwouAD67h/ZQAYYpo0fwDnuBokO6y4OgeY3c2kQ3yxJjtOU/lf0eK6aqRSzyU2dO+6y2UvTo07z+mx/k4AX58LgQvYxfm/Y4leVjXzFWFGewnVoyo2iXRhPP4owugj2BPIrUUcMzeTeeNzcmxEotc8CUmRIXhtC2o4Rl6cjZbY7QK22bAd4Tddlc5O0eJZqHj+ooPfYDW0Vayqr5XVrzQvbdw4rK10L4PjPtGGtZPFkzzYVJnfrAuFUCugGPpbnthfOyVYQfZSlWEiI8wGtpJL6VAtWccmO7xPFK4sq6i2aTpjCC4f1jMZW5+F3DMZmOu83aXVlguIepQ4LBMEqIlCgscaUyNuYCMeo7GsWp7LmGCaUWgEPh0T7RhS6w0djINweP7q4JbQRp9W1zFWu+50UjfMFpRw+Vv7UHuZgV7kR/WgiOykxgdSzOrt0tUCQx5+B1Ndy/xRlksyJ7F9M7MQsZLSsj+UaUP6u3rgyPe7K1ZMyM3bbVn4AZHZumr7Vy0T5WcbRZRTyH3FE5QdjRZ5Yr4xpFpQOICmZlr+5zs8yoRxBLm4SdqkyEs5rXsdXCeqFMdBC/t6v13JXj1lf4qrp4/hO5lIRW9Q4pKdoU9DkEpxKy651YZcK8ZV7zEXUjhAvSmRsdmvRMBNwsJ5E5gMItJjtHjnA6NEJIKdo3sotbzz0nXZ4SwzsE+mxDWvHK+1V/hZ8HMDFQUpPWuetlIiD+8r8mfM7F/BrEx7/+BGCbeRl0lxpihyHoxWDDZTyX+lN0hzTGVBs+hCNKTVadJTTOcvahK0Jhw+EeIm31aT8kFqnHf5ZChyuRVG+yzHWAk0TyYViK/3mTICssGnJSMaS5VQYDUjdSjFMQWbmTtTvBlFdUFnQJUZAstB+7EH3Itb4svCRlyqKSEeRhBiMRg40fVHn05ZrEqYYTzdDRavdfvXsB14Z8GRrMCzLPT+4QhIlJjqsPwi+KUFXH2mnhehQdbAoI/grteKrFeBdL/kM+2gZn/MVD7MjRSriLclCZnK+jLfMAtdK5l003ore4PhCXLRPRRbO60bO1dbVbpkZtlcpeBafcBkcr4T+aBxHhKHWg/vGIu3oflAL1bcWTPeLyGb/eyku47T7LvdSe/7ZsyX3HvHRq16P5hg5Tn8Abfq3pdU+lDq1fd16kN6VV/GPjido9v7IgME+tKidlfiv50uBj7WG4t/kHvzyUFGa8oXQjel/I4eyJxH9Hb6Ufh43VTrsO1O67lk7pE647RyycexJarfMvpavlF6DRiTHAVl7I0tAHJ4R2BTfOAeNOvRcb4ejcD0pOD9D7YX5wGN++xFddvHIFnMmsu+CjGZUhFEmRkOqD4EIQuG1v6FnaB0RdyjpefnxkIn+0K+IQIezLBx+YeE/bKFpO7WbhTL17cLRrPnRtjtobQwpUyd+ecolLkUemx6ewenCvQSVtYBxmf8yqAn1TkjE8LYH7Pu4vFDVXM5ni74m59nAlUWHugZEqaM/YtDgGg3gfHZNscRcqBYgGmDDxmkEqUNyXSz8SuYPHFlgg3S0xH3WW6z9EX5rTNkTivMwdbjlVBVVrquCUdJQSWpPU54sDWSPAvnr9f3ob467F0qPWzkutONk3GhOLBNE838OtOcOy80q0wTjJErQdyvw48bE8KnINgN6HF+cufe62Szni9OvahHgZbe4saS+vnQBnmvkamaq7SLxDBFxXk1plU/5c66NvDO/dKGWfKo2HgNTy1noQvOQwa1qqDHr1ATIUGEzEXLl5YWMdxCwXY40UXm5OwiQN0t7gVeCpjPaO8CpTzpPzv021mfacotViaCyztXAk71EV5gFag532Lwut7JlXjO9FAzQ4lwdlbohRppAIUkJ0Mt70IXwikYEQQXbxCUEq2oD1z/LYQYTUgDdQiH3L+id6c4wUJz2aiv6PbOY+JzAaQNN/BdjhOBnVVAFZIWtLcRQLRidFNH867XvAfiAZD9X/f6jXowKeG1QsdC/MAbsHsi4gC/SwC85pdD67YblY2Hd69FYZjKp8B87EZn6CURdixMnhhwlRe5Xv0dpOz55NjUroao4P60VKkxX+UX6wQ0B2NmgpvxnlAsu9fX2vxYSo3IlIv/8QdNI2WQtIbdyRl8JvIEK5i3c7Z463UHOy8eKmoMPdWIZfk87SttPS7d5lNYBMMDe88YMNDLmQ9Klk3jQKtT+dbDGl+EF4dzcNgl72XzyDAy/5ozTOLg6DutKJDE6FFNOfJDgzl2mNLEuucV3eLYCDIL7nmBdxh13iSCxoGIC/bx/uWMy9bUWkgEHiEsUIddIzyC9hKhRuavkpXmTB+U4NfpgJ0ibEKQWmCxnKMdv6lXD+FAjDn70yNFFoDxgPKVr8as6HVJuVJaCopz6gfFGKpHNJVhJRv4jtWrRlR7BibnYMHUcR4ut/CMxuYC5OV+M0X+aJQeIhIDzLL68mRaQRd0SL7xpVaZRuMRZN1pSP/eqXBV841gIbcVPFeBvJzqsitIqFcuDQ8ndrAwqj1adlHQkwBOWqf0ubsAig4CXt5jvU9DB3i8OGUk5zrITa5VlrWeCOQJ8jWPSawDS0tpMjtkQxO0xJphZaCknfVGsmNahCNyvuIm0zt8RBuzoSfsvb4C2So8+LGkszUMoXtFTuGAnCrTEVVDyO4FjbwAC3bj9VO8fGMDY5Xs77V9I8Tv65Uh6WwlYRo/Zy0GQfigCybogqOMA4yPts9chRGUtMXKbL+zNjQSNq8mxBLiXXd91A/ekAxv8GsRTTWq9MUkK5mlOcY52iqoHnDWdFMW7axVsMvxtFgLTOwtZFN/wWVj1NaIRikMRMzJBmY0gRIoaWJecJJM8RUaDbUngi6Uvqla+QEZeDXUHZ6m+onXhsjFwmQ9TdF2xmLWoa2Fm5wq0H15m99u6C6BpmgSffTCU8BwGnjzyptfyevmavWvt+AHT5FmyK6gUP8ZKcSj/3G52JB0VU+k3LgeGEC5MOAbzLfBTyilUXGYWfiMc2WUhDY5PEvy6gWpI1A0c8pKsVEyMvHDhp9dkA3hV6l4RiOOql/HnyQfNrYZehgwtYPiewUQQOMXZu6TDewv2+ElTlwUYnnWFC9yTeSxtBrlmIl9JmUl4kjgZ+np2h7pPcHUGRQeF4Pe6Jlr9rjyQmOHJG8l1xB5IVN16/aaElM9q+tRW4iekMKWhNlh1+MBMfB3Pml1odMXm4R++aGIwcyKdlfX1Z+0KtbL5rCTCubS3gIxcWFTT7QdbBnd5oMmM9p/ULrWWfNVtAoRQ6gzRocsMU/w8r15KEV4dQuVLLi5hMTnoKSXIJdTrHz+71QsISOasBoGjrS3Vw1gc52sr3HzJo0gADNHs9BpTBBhGc8HEtkCpgyPB5+ShbH9itmt9kc8sOgP4oTqDfWf/92i0pQ5ZJNa7FGFODvLTP1gi19on6KpiffJz5f1BNnKeNUYWew9SWnAPOyVVr6jIy6Db5qvM3VN9KSRhfcgChg= X-IPAS-Result: A2CPAQBJ94Nb/wHyM5BbHQEBBQELAYUzFhKMAV+jeBSBWhcYFIgINBgBAgEBAQEBAQIBbCiCNSSCXwMDAQIkExQgDgMJAQFACAgDAS0VEQcHCwUYBIMAggKjdjOKYYsuP4NvhQABEgGFdwKNWzCNIQcCggQEjVwLF45Jk0mBQThhcU0jUIJpgiUXjjdPfYlfgjsBAQ Received: from tarius.tycho.ncsc.mil (HELO tarius.infosec.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 27 Aug 2018 13:11:12 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus.infosec.tycho.ncsc.mil [192.168.25.40]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7RDBAfS027242; Mon, 27 Aug 2018 09:11:11 -0400 Received: from tarius.infosec.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w7OMfpAx010448 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Fri, 24 Aug 2018 18:41:51 -0400 Received: from goalie.tycho.ncsc.mil (goalie.infosec.tycho.ncsc.mil [144.51.242.250]) by tarius.infosec.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w7OMfpEf009524 for <selinux@tycho.nsa.gov>; Fri, 24 Aug 2018 18:41:51 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwMnYlFXBxKDIYICpCUzimeJIIFYP4NviwsCjgaNHQcCggQEjVwLF45Dk0SBQTeBU00jgzmCJReON0+PWQEB X-IPAS-Result: A1D1AQBJiYBbfSNjr8ZaHgEGDIUzFhKYHpgvgXoLhGwCgxAhNBgBAgEBAQEBAQIUAQEWOoVnAwMnYlFXBxKDIYICpCUzimeJIIFYP4NviwsCjgaNHQcCggQEjVwLF45Dk0SBQTeBU00jgzmCJReON0+PWQEB X-IronPort-AV: E=Sophos;i="5.53,284,1531800000"; d="scan'208";a="354310" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 24 Aug 2018 18:41:40 -0400 IronPort-PHdr: 9a23:xjBoTRXZFEQhoYu8LbYzbRRPfnPV8LGtZVwlr6E/grcLSJyIuqrYbRyBt8tkgFKBZ4jH8fUM07OQ7/i/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9wIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/XlMJ+kaxVrhGmqRN9zY7Ze52ZOOZkc6/BZ94WWXZNU8BMXCJBGIO8aI4PAvIfMOlCtInyuVsPpgajCwawBOPg0CJIhnHy3aIkyeQqDAbL0xA6ENIVrnvVrM/5NLwOXuC11qbI0DvDb/dI1jfn84XIcxYhoe2SUrJ0a8be1U4vFwbcg1iWtIfrPCuV2/wQv2Wf7OdsT/+jhmwnpg1rpjWiwt0gh4fJi44N11zJ8SZ0zJwoKdC6SEN3e9qpHZ9KuyyYMYZ9X9ksTHtyuCkgz70LoZ67czYOyJQg3xPfZfmHc5ON4hLsTumdPSt0iGx8dLK+mxm97VKsyuP5VsWu0VZKqDZFncfItnwXyxPT7c2HRuN8/kenxzmPyxje5vxALE03j6bXNpwsz74qmpcXtUnPBCH7lUXugK+TbEok++yo6+r9YrXho5+RL5N7hRvlMqswms2zG/84PRQOX2eB5OS82rnj8lPjQLhRj/02lLXZv47eJcgBuqG5BApV3p456xmjFzemzMgYnX4fIVJeZh2Hi4npO1fTIPH3Fvq/n1Stnytrx/DBJLHhBI7NIWLZnLfuerZ99R0U9A1mzt1F4Z9QT7EIOv7+XE73u/TcDwQlKEqz2+vhF9x50sUVXmfLSquYNr7C9FyF/OQiJ8GSa4IP/jXwMf4o47jpl3B90Vsce7S5mIAaY22iH+h3ZkCebWfoj/8fHmoQ+AkzVurnjBuFSzEXL22/W6M6+yETFJOtDYCFQJukxrOGwmPzFZRNa3EAEVuMGGrmc4iec/YKdC+WZMRml3hMWbG/Rskh3Be1uQnSyrx7I+6S8Sod8drv2d546uuViVc+8jd3J8Wbz2yJCWpzmydARCU3x7xyp2R5y1Gewe55heBVEZpY4PYNGg4gN5fa5+h7Dc3iHAPHYtqNDl2hR4aIGzY0G/k42NIfK312G9y/gBTOxWL+CLYOmq3NH5c0+7/S23XrD8d713vCkqImig91EYN0KWS6i/snpEDoDInTnhDBmg== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDJ2JRVwcSgyGCAqQlM4pniSCBWD+Db4sLAo4GjR0HAoIEBI1cCxeOQ5NEgUE3gVRNI4M5giUXjjdPj1kBAQ X-IPAS-Result: A0EdAgBJiYBbfSNjr8ZaHgEGDIUzFhKYH5gvgXoLhGwCgxEhNBgBAgEBAQEBAQIBAQIQAQEWOi+CNSKCYgMDJ2JRVwcSgyGCAqQlM4pniSCBWD+Db4sLAo4GjR0HAoIEBI1cCxeOQ5NEgUE3gVRNI4M5giUXjjdPj1kBAQ X-IronPort-AV: E=Sophos;i="5.53,284,1531785600"; d="scan'208";a="7625034" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 22:41:39 +0000 Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7]) by fmsmga002-icc.fm.intel.com with ESMTP; 24 Aug 2018 15:41:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,284,1531810800"; d="scan'208";a="84307220" Received: from cschaufl-mobl.amr.corp.intel.com ([10.254.2.129]) by fmsmga001.fm.intel.com with ESMTP; 24 Aug 2018 15:41:19 -0700 From: Casey Schaufler <casey.schaufler@intel.com> To: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, casey.schaufler@intel.com, dave.hansen@intel.com, deneen.t.dock@intel.com, kristen@linux.intel.com, arjan@linux.intel.com Date: Fri, 24 Aug 2018 15:41:17 -0700 Message-Id: <20180824224117.3356-6-casey.schaufler@intel.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180824224117.3356-1-casey.schaufler@intel.com> References: <20180824224117.3356-1-casey.schaufler@intel.com> X-Mailman-Approved-At: Mon, 27 Aug 2018 09:03:59 -0400 Subject: [PATCH v4 5/5] SELinux: Support SELinux determination of side-channel X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
Series |
LSM: Add and use a hook for side-channel safety checks
|
expand
|
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a8bf324130f5..992f2402edaa 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4219,6 +4219,14 @@ static void selinux_task_to_inode(struct task_struct *p, spin_unlock(&isec->lock); } +static int selinux_task_safe_sidechannel(struct task_struct *p) +{ + struct av_decision avd; + + return avc_has_perm_noaudit(&selinux_state, current_sid(), task_sid(p), + SECCLASS_FILE, FILE__READ, 0, &avd); +} + /* Returns error only if unable to parse addresses */ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto) @@ -7002,6 +7010,7 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_movememory, selinux_task_movememory), LSM_HOOK_INIT(task_kill, selinux_task_kill), LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode), + LSM_HOOK_INIT(task_safe_sidechannel, selinux_task_safe_sidechannel), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
SELinux considers tasks to be side-channel safe if they have FILE__READ access. Signed-off-by: Casey Schaufler <casey.schaufler@intel.com> --- security/selinux/hooks.c | 9 +++++++++ 1 file changed, 9 insertions(+)