From patchwork Sun Dec 11 21:39:28 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 9469881 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5B09960761 for ; Sun, 11 Dec 2016 21:41:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44FD928343 for ; Sun, 11 Dec 2016 21:41:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 369642832F; Sun, 11 Dec 2016 21:41:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, HTML_MESSAGE, MIME_HTML_MOSTLY, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 664F22832F for ; Sun, 11 Dec 2016 21:40:57 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,333,1477958400"; d="scan'208,217";a="1476614" IronPort-PHdr: =?us-ascii?q?9a23=3AfLNSTRZakVWQdZPAnaKIW9//LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZoci5bB7h7PlgxGXEQZ/co6odzbGH6Oa+ASdfut6oizMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVr?= =?us-ascii?q?O+/7BpDdj9it1+C15pbffxhEiCCzbL52Ihi6twTcutUZjYZgJKs61wfErGZPd+?= =?us-ascii?q?lK321jOEidnwz75se+/Z5j9zpftvc8/MNeUqv0Yro1Q6VAADspL2466svrtQLe?= =?us-ascii?q?TQSU/XsTTn8WkhtTDAfb6hzxQ4r8vTH7tup53ymaINH2QLUpUjms86tnVBnlgz?= =?us-ascii?q?oJOD4j9GHcl9J+gqRVrhm8oxBz2pPYbJ2QOPd4Y6jTf84VRXBZU8lTWSxPAo2y?= =?us-ascii?q?YYgSAeQfJeZVrZTxqlUSohSgHgmhH+bvxiNSi3LswaE2z+YsHAfb1wIgBdIOt3?= =?us-ascii?q?HUoc31O6cTVeC1yKjIwi/Gb/hLxTn975PHfQ47ofGQRrJ7bM3cxlIuFwPBilWc?= =?us-ascii?q?s5DqMymP1uQKqGeU8fBgVf60i2M8pAFxpyKgxsYoioXTmo0VzVXE+Dx/zY0oJt?= =?us-ascii?q?O4UFZ2bcOrHZZfrS2XN5Z6Ttk8T2xnpio20KAKtYalcCQWzJkr3R3SZvydf4SW?= =?us-ascii?q?/x7uV/ydLDhliH9jZbmxnQy98VK6xe35TsS01VFKoTdbndTUrXAN0gDT6tCASv?= =?us-ascii?q?tg4ketwTaP2B7X6uFDOU00ibDUK4Qgwr4tjZofq1jDHy/ql0X2i6+abEMk9fSz?= =?us-ascii?q?6+v7eLnmo56cN4tshgH/NKQhhNC/DPwlPgUBUGWX4+Sx2KD58UHnT7hGkOc6nr?= =?us-ascii?q?TBvJDfP8sbp6q5AwFP0oYk7hayFyym38ocnXkGKlJFZR2Gg5HyNFHJPfD4C+uw?= =?us-ascii?q?jEq3kDpw2/DHPqHuApXKLnTZlrfhZqxy51RTyAo009BT/4hUBa0ZIPLvRk/xs8?= =?us-ascii?q?TVDx84MgyzxebqE9B91ocHVWKOBK+VKqXSvkWS5uIsIumMepEatCz7K/c7+/7k?= =?us-ascii?q?lWU5lkMFfam1wZsXb2i1Eep+I0qDe3rsg8wBHHwSvgUkVuzqiUaCUSZXZ3moQ6?= =?us-ascii?q?0z+Cs3CIW8DYfMXoqtmqCO3D+nHp1KYWBLEl6NEXbsd4WBRfgMcjmfIsF/nTMZ?= =?us-ascii?q?UrihUZUu1Qm0tA/9ybpoMPbb+jECuZLkzth16PXZlQsu+jxsE8Sdz2aNQnl6nm?= =?us-ascii?q?MSXTA22rxwoU1mylqY1Kh4m/1YGcVI5/JHSQc2L5ncz/Z1C9rqQALOYs+JSEq6?= =?us-ascii?q?QtWhGTwxTcg+w9wJY0ZgANiijQrM3ymtA78IjbCLA4Y08q3E1XjrO8l902rG1L?= =?us-ascii?q?Umj1Q+WMRAKHemhq9h+AjJHIPGiVmWl6OweaQbxi7N+3+JzXCSs0FATA5wTaLF?= =?us-ascii?q?UGgDaUTMqdT2+FjCT6OuCLQgKQZB0tKNKqpUZd3vkVVGRe3sNM7YY22vh2e6HQ?= =?us-ascii?q?yIya+UbIr2Z2Ud2z3QCEganAAX+XaGMhMzBiO8o2LCCzxuEEjgb1nr8elkp3Ox?= =?us-ascii?q?VlU0wB2Sb019y7q1/QYYheeSS/MJ2bIEozshpi5vHFa72NLXBd+AqBBnfKlGZ9?= =?us-ascii?q?My/ktH33rDtwNhJpygM7xihlkGfgV5pUzu0wl3BZtakcgxt34q0hR9KbiD31Nc?= =?us-ascii?q?cjOUx5fwOqfYKmPq5hCgd7bW2k3C0NaR4qoP9Ok3pEjivA6zEkov6Glo095Q03?= =?us-ascii?q?SA/JrKFxYSXYj3Ukkp6xhwv6vabTUl54PIyX1sNrG5sjnD29ItAOsq1A2gcsxF?= =?us-ascii?q?P6yaDg/yFNcWB8+0KOwlg1KpdA4LPPhO9K4oOMOrb+aJ17S3POl6gj2mg2tG7Z?= =?us-ascii?q?th3UKM7SV8UPLI0Igfw/2C2AuISSv8hk+7ss/rgYBEeS0SHm2nxCj6BY5eerFy?= =?us-ascii?q?fYERCWu0P8K3xtJ+h5jiW3ND8F6jBlUG19WzeRqVdVD92hdQ1UsPq3y9hSS41y?= =?us-ascii?q?B0ky0urqeH2CzOwv/idAYeNm5QWmZiiVbsIY6pj9EVR0WodBAplBqj5Ub726db?= =?us-ascii?q?v75zL2/NTkdUZyL2NX1tUrOstrqeZM5C8IkosSJTUOS4f1+aUKLyoxwU0i74BG?= =?us-ascii?q?te2Sw0dyqwtpX+hRx6h3qXLGxvo3rBZcFw2RDf6cTERfFLwzoGQDN0hiPNClen?= =?us-ascii?q?ONmp+cmUl5DFsu2lUmKtSptTcS73wo+asiu0+3FqCwWln/+vgt3nDRQ60Sjj2t?= =?us-ascii?q?lvUSXEtQjzYo/w2qSkL+1nek1oC0Hm68ZgHIFxjJcwjokK2XcGnpWV4WYHkWDr?= =?us-ascii?q?PNVYx63+amENSCUIw9HL5gjlw0tjIWyVx47jUXWd2MRhbcGgYmwKwiI989xKCK?= =?us-ascii?q?CM4bxchyR1v164ohzJYfdnmDcd1eUh6GQBjuEUowoi0D+dAqsIEUlDOizsig6I?= =?us-ascii?q?4Mygo6VZY2ava7ew21RkkdCnEr6CvhlWWGzldZc6AS9w8sJ/PUrS0H31947pY8?= =?us-ascii?q?fQbdQOuR2UiRvAifZaKI4pnPoQmSVnIX79vWEiy+MjlRxhx4y6vIycJmpx/aK5?= =?us-ascii?q?Hh5ZOiT7Z8wJ/DHhl6FentyZ34q3BJVuBi0LXIf0TfKvCD8StvTmNwKQHzAnr3?= =?us-ascii?q?ebHrTfHQGB50d6s3LPE5erN3SJK3UDy9VtWgWdLlRFgA8IRDU6goI5Fgeyyczv?= =?us-ascii?q?akh54CwR5ln9qhZXxOJnKQTwUmDFpAiycjc0Up+fLBhI4Q5e+0fZK8ue7vh8Hy?= =?us-ascii?q?tA5J2usBSNKnCHZwRPFWwJVUyECEz5Priu/dnA7++YC/G4L/TQfbWOsvBRWO2Q?= =?us-ascii?q?xZ2xyIdm+SiDNtmXNHl4E/I7wlZDXWx+G8nBhjoPTTYYmjnQYM6dvhiw4Cp3rt?= =?us-ascii?q?qw8P7zQgLg+ZOPC6dOMdVo4x22m72PNuCKiCZ8MzlY0pQMxH/TxbcFwFESjjti?= =?us-ascii?q?dz63EbQPrSTNVr7fmrdLDx4HbCN+LM1I77gm0QlVIc7Wkd311r9ijv4uF1dFW1?= =?us-ascii?q?3hmsezaswMP269NUnIBEKROLSBPz3LzNn9YbmgRr1IkOVUqxqwtC6GHE/4IDuM?= =?us-ascii?q?jTbpVwq1PuFSlyybJwZRuIKgchZ3E2fvVtbmagC9MNBtlz062KE0hnTJNW8cNj?= =?us-ascii?q?hwaUVNoaOM7SlAmPVwB3RB7mZ5LemDgyuW9OjYKpkRsfttGSl7ivxV7287y7RP?= =?us-ascii?q?6iFIXvt1mDHdrtR2uVGpjvGPyiZ7UBpJsjtEno2Lsl98OarH7ZRAXm7E8wwL7W?= =?us-ascii?q?WVERsKpt9lBcbou6Ff0NTPk7jzKDha+dLO4cQcH9TUKN6AMHc5LRrpHzvUABEf?= =?us-ascii?q?TT6sNGDQmUpdn+qI9n2SsJc6qYPhl4YJSr9eSFM6DOgaClh/ENwEPph3Qisuka?= =?us-ascii?q?SHg84Q+Xq+sB7RSd1avpDbVvKSBvDvJyyCjbRfYhsIwK/4LZ4NOYHh3ExicFZ6?= =?us-ascii?q?lpzQG0XMRdBNvjFhbggsrUVL7ndxVGkz1lnmagOq+38TCeS7nhgtigt9YOQh7j?= =?us-ascii?q?Hs7EkrJlDSvis/jFExmcn5gTCWaDPxNrm/XZpIBCXurUg+LpP7Th1uYg2zh0xr?= =?us-ascii?q?KTDER7xJj7t6a29qiBXQuZ1RFv5AVadEegMfxemLZ/U01lRRsjioylVZ5evEFJ?= =?us-ascii?q?RijxAnfoS2r3Ja3AJiYsU1KrLMK6pU1FhQh76Ovy+y2uA33gAeO14H8HmOdy4Q?= =?us-ascii?q?pEwIKr4mKjKm/ux29wONhiBDd3IKV/o2pfJq7VgwNP6cwCLlybJDLVqxN+OHJa?= =?us-ascii?q?ODp2fAjdKIQk831k4Qk0lF+qJ23tklc0uVUEAi17SRFxIUNcbYLgFVdcVS/mDJ?= =?us-ascii?q?fSmSqeXN3Y51P4KlG+DzU+COsKcUgkS5HAcmBIkD8sMBHpyw307CNsfnMKQJyR?= =?us-ascii?q?Mz6wT3PF+FFuhGeAqXkDcbpMGy1IJ40pVYJjEaB2V9LTi7663JpgA0mvqDXdY3?= =?us-ascii?q?YnAcXoceMHI5RtG6kTZDv3tcFDm3zv4ZyA+a4j//vCTRDCPzb9x/ZPeUfh5sB9?= =?us-ascii?q?a2+S0j/KSsj17Y7IneLXngNdt+ot/P9f8ap5GfBvNITLl9tkDcm5VYR32qSGPA?= =?us-ascii?q?DN+1JpjqZIY3d9D0DGi1UkCngTIvU8jxJMqtLrSPgQzwSoZUqpOU3DY/NcKmFz?= =?us-ascii?q?EeHBlxp+cf5KJ8ewIDYpw7YQL2uAQkLaC/JhmX0sm2SWa3NTRWV+Vfzfm9Z7FP?= =?us-ascii?q?1SUsau66x2c+QZ4iyum28UgNRJYMjh7E3vusfIheXjL1GnBEdQXPuDA1l25/Oe?= =?us-ascii?q?Yu2u0/2g/HsUEAMzCXc+xkcHdLsM86BV6JO3p5F3Q4SEGGjYrY+AGsxbAT8zFa?= =?us-ascii?q?n9ZO3u1PqGL+sYPHYDKwRKyrro3YszAmbdgnv6JxMYvjIs+dtJ3GhzLRUYPevx?= =?us-ascii?q?GCXiOhC/Vand1QLz5CT/lThWEpI8oGtpRd6UApTMcxO6RPCLUwprCtcTdrESwS?= =?us-ascii?q?wjUFWI6bwDMCheO827/blhiOapQiLAILv4lCgtcHVC52eCwerre5V4rKj2+EVn?= =?us-ascii?q?QLIAAL4ARW/g0AjIhwcfv+7YrUVp9D0SBWrOxwUivKEJlo+F/7SmCZgVj4VPWh?= =?us-ascii?q?nfam3RhXzP721NkURgJ/A1BHx+lKjksoNK13K64Is4/KqDCIbln1vGfsyOugP1?= =?us-ascii?q?RRyNHUeEfjDIXZr2XwSCsc9mMIRYVX0nHQCYwSkxZlaKYsvFhNLpqqdVr+5zwl?= =?us-ascii?q?woRpHqO3VcOwylYks3kJWTmlH8BGC+F8v1LdQCdlbIyzqJX5J5VSRXdd+IWaq1?= =?us-ascii?q?ddikptKSC4yZ1YK8FD+TMMWT9PoTKGvNSsVMJDw8h2D4QXItd+vXf9F7lIOJ+L?= =?us-ascii?q?o305orbv0GPW+yggsFemwzW+A7W3T/hE/20YAAkpJH+TqkguD+st7mfd6UrBsl?= =?us-ascii?q?Zq8OdHHrKPl1l+oC5hHpBSATZEzWylL1N2THRdr+VWNKHVfNdGT/k0exCvJwQ0?= =?us-ascii?q?FeQ60EyR4UF0gXD5bjRytgRA4SDSRQ00WjQOj7jwhzIestmnNiEeS51WdzUtdS?= =?us-ascii?q?DFKxiUmSpPphZQd1lqW4wFAtZC47wb34xU8dTZREmxNy4FRwJtNhgk0fVBiEFP?= =?us-ascii?q?qkOYdj7BDQCwb/bArgV3fduNrM6uNPn25wlHhZ/7vO066qkOSWarlhGqQdDbs4?= =?us-ascii?q?DzrMaKtleUeKf+LeK8fWfLTCLQghCombckE57K8jDJMAVFNpZ6yWArYYT6BG7P?= =?us-ascii?q?OhRGObwUK1RHWqB9dNpJvPpWZ8l6d6YV4aVtHA6IRgvzGIyzq/lLNk7TRS/CLy?= =?us-ascii?q?qb7+O/vZne7afaSej9fMyD22jIQ6RrPpdg8zb7H63m0YhE+kr5wv1t7F91SUDa?= =?us-ascii?q?MyCdq9TsPh8L5NO8eUT8o5IkBi7WAJNskHr33E5AacsXQyqu8JsG1JNV8nHwSf?= =?us-ascii?q?h30kLrqu1d66Fk6ZUr47Bu0cq0IL3dKfBesUB5HhiUGh9l+Y82DWh5WW9RfvQR?= =?us-ascii?q?J+vLcqQBk8/iseb3GLIL6BeN4exWdcPHJ13dmsm4EjycSwZLnB0GqT4BKguTze?= =?us-ascii?q?CFlrRxSca4oej5xkMt7ES/LhEcyrBt/p2I+q2SpO/YdxHR16QLWrD2RsPvqbQh?= =?us-ascii?q?o0GS6ucilL4AYGx1ZBCoH/YGW84B3Gjgy7sqzSU2H8PFAb3g5OZJV2glkTL4h5?= =?us-ascii?q?B9A1IWF+sbHbqW/IRemmM4lPLcNtANb69NhH2AFR++Hb8E03Kr7DGXIGZ9iBHU?= =?us-ascii?q?zx7wWX+z7EPxrSJgRyvMy8zukktTVrmyH0tSXiypOUFisDyVJwroqMD3ubkp40?= =?us-ascii?q?EqL2zkrsyCmHGmOLNNEM31PMacLjUspFILkJ0xQcSi2YUcGdq7PNcR/29xY+Db?= =?us-ascii?q?62OqiSBBpblIh5bQ48GS4PXXHmKgg7ecq7qT2DBS0mI4sk0n6tC8KvHO4MWHQ+?= =?us-ascii?q?612GkMVCp/tA7BXhGvprzdsV8UJVSB0F3Xl4wSItFZwX4421ni5Og4RdI+9B5T?= =?us-ascii?q?FojeaPwfojDzIiH7wU6FY9IwVCmRzSdYHk7vHVl/Aqg813r6vNjVmnfI510oWo?= =?us-ascii?q?5welTihRxzEYo4LEUt50YTwicYHggCdxebDKqwBUv/MYsEVFIMaRCG3Li8Zqc4?= =?us-ascii?q?w0lzwreu5O/cc+N8AbYCOehHgg6IgldbBoocsbcCT7JkZ19d6KnXqxD5C4f9Qf?= =?us-ascii?q?jpj3UwOuOuQs1B6sAWrWUi7RywRxW+8pdP9bAbh46UdqRce5jDoNh871t75T4I?= =?us-ascii?q?biFNghl/jxaiXOAZuu/i4sbUsICp6uaoW6YhXeMX+AYoB25mlZv/nEgjoc3L1+?= =?us-ascii?q?dbUoDViIX+/xpXLHGWo4vayAdzKfYQJI23Zrpg8G8HJycGLXIUIdWWc+U84zNq?= =?us-ascii?q?MDjL/FNCA9gMZN0CM8rPmABUllXpV6tO9srfAVKXF4BzeN024GXt1TA165w8Uv?= =?us-ascii?q?z65zOsIpDf9V5NNetZjCpwjNLCuPQVwf3KBSgP+3aZdwR6wiOMypmKEfbw/vyA?= =?us-ascii?q?yMrKWFMCHy42VZpdJTWZ9Ay/XOW1iInmUgOa68/0mpI+d1icRn+vk6QftKZDD+?= =?us-ascii?q?pAhj/83jhEGYD/n+iVvMa06GtLql1HF55+7QHfGKpBOpV0IxL4mdewS0dhByv/?= =?us-ascii?q?d8DUdgY0t+qN3OgM+fh+O1H4ZYAFPhIO06j65mZNTgtyVL72uU6UXe0La9t8Vv?= =?us-ascii?q?zEsnBV5JlkK68OIFiSupzqoS1VqFAtGgMpbqE/riBCfEnUgAJVQ7r0uKIHigYE?= =?us-ascii?q?Xt52p0lMGX63OGI54DbHTrpajK2QCPwT7zWSQbcDU0F2PSNkQxK6wo9ie723kv?= =?us-ascii?q?BbqmlGhD9yoOA20zx6QxuxoSvsp6MR1jIn/LG3ri4BtWZETuWZlCfIEk5Dwe8P?= =?us-ascii?q?jaoTBHfu81u8YGMMbIHq+rloOdzg9ZU943Q4eRgjcDEJXf+7Cy3pkq2GDYqBsN?= =?us-ascii?q?NahB6Qt8TDdrCzLS0IObQ71x3vXX990hLRnBxw6msEXi2g7MM4JIW6IcslxC2o?= =?us-ascii?q?GWjddFoW/qxJsM/xtUMWQ+o3aFNhxn5j0suGRiAWWszPGng1gRIgaWpZcZJP8x?= =?us-ascii?q?kaGLc0gjyQpKlJ4hkUYCvIEoSi4oTQnNnI1mM7TdpxwmLWu7CKhpIt0H1+gd90?= =?us-ascii?q?6TSOuHsKfezCT8BsGmTz1ptYyeHmZfWirO4HSIViyLm6Xv4NKM+j9nWq2JlwXE?= =?us-ascii?q?+q2KgeFUKjMOAf3rfbTzulSWqAVOSEd2iMmDg4PVD25RmsNVA3c8BKr0k8MuTe?= =?us-ascii?q?nJJckRPuUa9sTCWKuVDb1HAjMf8ddw8uuoenewwLTPYWZ+iYJOgu3OMxBUAJb3?= =?us-ascii?q?/IASt2EfG5vUSqnIhhNHVq+V/6bvj18gD6LNuSHQEJEYHHrp5w5PO6QXmMOWN6?= =?us-ascii?q?zBJsOkl06/3QF1Arue9ab5mRnMLfi8590eEba/dnKTc9tcILmoJ/9YmU19+HcQ?= =?us-ascii?q?3Qzpb3PtzVvvmYDOHcz0s0fmFWSLwZbh3p548iJN42R6XTHadFvRQbHaU6RZ0h?= =?us-ascii?q?N2Ty9KFzNw5zcBTeZLezgsnsuO2LYIFYp3nI4VIsNC3coQEMyuSoTQxnaJCnn2?= =?us-ascii?q?79L442RjJdtNBtER9mHIxTG8McsQqoHYOblLu8i9+r9ENwo/UKvrboCvDWyNS5?= =?us-ascii?q?2J18X5ZE6kyPPTbRHLdkj19kj+Szh/fA14f+CdnmedwaTuR7RXTFarDeFIWlNj?= =?us-ascii?q?2OIt78e1JB87OE3rN5Sg+RZCHlUKWYryCkMfRk4VkhyoNmZubTyyYt777D0tvo?= =?us-ascii?q?e25bvjujrWKONJZH61zKAfLRUglMSfqB6mllBrEXbYro++cSK9wt3saT7xN17D?= =?us-ascii?q?tczMuPO7KhoVPU2kJnaZLbK1Pk2yI4WYkMPRS+PlIggWvYqnTGHXRcNdOpKch3?= =?us-ascii?q?j9aTCRzh/U5xmXsiZmRZAGrnWc+ROXQH28K5fACK7xxED9ICn+6xZE45uaq+R+?= =?us-ascii?q?Z0OpVFh+qqrqsIkc5zJCzUR8hVITvQLLloMTpVFerPuVcobgQDs7gvVYc/fYKO?= =?us-ascii?q?L18fMEec1SPyyhPP0Un1d9y3yKaEOycX8mxBz73fyzRMoRe2ueqBiM35TL/ZdI?= =?us-ascii?q?32XOLVMCc9UzGVXyg9EUao+VeivPoJp+SYIWYZol8KZiKSCQgTpr1grNTKCW/T?= =?us-ascii?q?g+JjdoUQhP+GQyDwVDF4lK0qCyZJr0+MQP0DGhLNYn/8hmpcpAyiJvhR/XLqb7?= =?us-ascii?q?2Y2rBZW+oIDYtQaveZWcfXeehCJzc0kTUUIP2zcMbbo7Y901LIVncZE7LS+F2F?= =?us-ascii?q?UkGZXuaQxyn1UoURvog0vDco+93LkyBrE6XIJaufpyW0/o+2limYpfbeVm4rY0?= =?us-ascii?q?Avh+ICGmaBygFaKG4YE9EVpF3tQqmYakZDzn0mkvhu2x4SdwR3SXBuzHlWk+ym?= =?us-ascii?q?Gs1YVF4YlmWuT+MabFpvFjM/4VeK4hHuYdwHoc3TRWpe9rwWSYoHLfko85LaOK?= =?us-ascii?q?0Kz/Yswj1moTY2syKHD1NSlgiF6bbfHLpgxr1e4mk15+p2Xk+KQzzDc2XKyZGr?= =?us-ascii?q?C9xRyid0oHDl1s3UvuZ3OLtcuY55HE8AAThqKdDF4TBBTWb01ROwvxa8GjSeJC?= =?us-ascii?q?kU4DMVKiMYeOZ1yPV7vwrWedrb70Ofqb4h+wOWDx2WAO+x0Z1PFsa77gi8aC9W?= =?us-ascii?q?YXCvGplop95Rhd0SZuUhfoH4DFfffTT5WySZsCNE1wLjprm1DMFKijEYlKYEJ9?= =?us-ascii?q?buUI0HS9Le2Wcr7WxPwc8wzGmVA9raLqf+4cFiGWpGYpO8TX2ta9TTOD//ruwY?= =?us-ascii?q?+pgrHkeWLu4dOTQI4NYNim72Ygbwqs/L9SiXI/T9LGS0?= X-IPAS-Result: =?us-ascii?q?A2HUAABixk1Y/wHyM5BdGgEBAQECAQEBAQgBAQEBFQEBAQE?= =?us-ascii?q?CAQEBAQgBAQEBgwwBAQEBAR+BYAetOY1IBBhAIQGGJIE/B1MBAQEBAQEBAQIBA?= =?us-ascii?q?l8ogjMEAgMRBQg9DS8BAQEBAQEBAQEBHwIrJQEBGQYBAhcBCAQZAQ0OEgsBAgE?= =?us-ascii?q?CCQEBBQMCCwIBKgEFBAICAwEeAQ4DAQUBCxEGCAsFGASILwEDF487kQs/jACBb?= =?us-ascii?q?BgFAR4qAoJhBYNPChknDVSDCAwBHQIGEosHhBoRAYMggl0BBI8BfYptkSaKL4Y?= =?us-ascii?q?XSY1CgkkUHoEUVj0lHEURgx8PHIF+UYYER4FnAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 11 Dec 2016 21:40:55 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uBBLe9LN001343; Sun, 11 Dec 2016 16:40:17 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uBBLe7jm098410 for ; Sun, 11 Dec 2016 16:40:07 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uBBLe6bI001336 for ; Sun, 11 Dec 2016 16:40:07 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1C8AACFx01YhinaVdFdGwEBAQMBAQEJAQEBgzcBAQEBAT+BQAetOY1IBFuGIQKBXwdTAQIBAQEBAQITAQEBCAsLCR2FGQMDGgEIBBkBDQ4SCwEDDAYDAgsDKgEJAgIiAQ4DAQUBCxEGCAsdBIgvAQMXjz2RCz+MAIFsGAUBHoMNBYNPChknDVSDCAEBAQEBBQEBAQEBARoCBhKLB4QaEQGDIIJdAQSPAX2KbZEmkEZJjUKCSRQegRSBEyUcRRGDHw8RC4F+HTSGBIIuAQEB X-IPAS-Result: A1C8AACFx01YhinaVdFdGwEBAQMBAQEJAQEBgzcBAQEBAT+BQAetOY1IBFuGIQKBXwdTAQIBAQEBAQITAQEBCAsLCR2FGQMDGgEIBBkBDQ4SCwEDDAYDAgsDKgEJAgIiAQ4DAQUBCxEGCAsdBIgvAQMXjz2RCz+MAIFsGAUBHoMNBYNPChknDVSDCAEBAQEBBQEBAQEBARoCBhKLB4QaEQGDIIJdAQSPAX2KbZEmkEZJjUKCSRQegRSBEyUcRRGDHw8RC4F+HTSGBIIuAQEB X-IronPort-AV: E=Sophos; i="5.33,333,1477972800"; d="scan'208,217"; a="5872320" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 11 Dec 2016 16:39:31 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3Al0xVtBFFo68qbIzGmVfowp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ7zp8SwAkXT6L1XgUPTWs2DsrQf2rGQ7firBjdIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZb1/IA+3oAnNucUbg4VvIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1hi?= =?us-ascii?q?gHLTo5+3zJhMJ2gqxQvRatqwViz4LIZY2YMud1cKHActMAXWdOXMhRWSxPDI2/?= =?us-ascii?q?coUBEfYOMP1CoIXhvVYDtweyCRWuCe7p1zRGhmX23ao/0+k5EQ7G3QggH9YPsH?= =?us-ascii?q?vOqdX+KbscUeeuw6bW1zXDc+hW0ir65YfTcxAhpfWMUahsfsbL00kvEBjKgUuK?= =?us-ascii?q?qYz5JDOYzesNs22B4OphUeKjkXIoqwZ0ojW2wMonl4rHhpoNx1za6Sl0xJw5KN?= =?us-ascii?q?64RUJhf9KoDZhduzuVOodrRM4pXntmtzwgyrIcvJ62ZCgKx4ojxx7Yc/GHdpKH?= =?us-ascii?q?4hPnVOqIJjd4hW5pdKuxhxu97ESs0OL8Vs6z0FZFqipKjMPAuWwK1xzW8sSHS/?= =?us-ascii?q?198Vm92TuXyQzf9uVJLVo3mKfbMZIt3KM8m5kJvUnMAyP6gED2g7WXdkUg9Oio?= =?us-ascii?q?8ePnYrD+q5CHNo90jgX+Pr4ylcClG+Q4NRMBUHaB+eSgz73u5kL5QLBQgf03lq?= =?us-ascii?q?nVqozVJcMepqKhGQ9azp4j6wqjDzehyNkYhmcILFZEeBKBkojoNErDIOz4DPij?= =?us-ascii?q?g1Ssly1nx/bdPrL7GJnNIX/DkKmyNYt78FNWnQ86zNRD4MBvB7UAJu/jH0v8vc?= =?us-ascii?q?LVJgMoOAyzheD8AZNy0Z1NZWXaJK6SM+vxq1aM6/wuKOnEMIkTux7yLP8q4/Oo?= =?us-ascii?q?hng8zwwzZ66siKQWbHS5F/EuGUKTbGDwmZ9VG2YOukw1CvbtglCYTSV7aHO7Xq?= =?us-ascii?q?Z67TY+XtH1RbzfT5yg1eTSlBywGYdbMyUfUl0=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FbAABixk1YhinaVdFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBFgEBAQMBAQEJAQEBgwwBAQEBAT+BQAetOY1IBBhDhiECgV8HUwEBAQEBAQE?= =?us-ascii?q?BAgECEAEBAQgLCwkdMIIzBAIDEQUIPQ0vAQEBAQEBAQEBAR8CKyUBARkDAxoBC?= =?us-ascii?q?AQZAQ0OEgsBAwwGAwILAyoBCQICIgEOAwEFAQsRBggLHQSILwEDF487kQs/jAC?= =?us-ascii?q?BbBgFAR6DDQWDTwoZJw1UgwgBAQEBAQUBAQEBAQEaAgYSiweEGhEBgyCCXQWPA?= =?us-ascii?q?X2KbZEmkEZJjUKCSRQegRSBEyUcRRGDHw8RC4F+HTSGBEeBZwEBAQ?= X-IPAS-Result: =?us-ascii?q?A0FbAABixk1YhinaVdFdGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwwBAQEBAT+BQAetOY1IBBhDhiECgV8HUwEBAQEBAQEBAgECEAEBAQgLC?= =?us-ascii?q?wkdMIIzBAIDEQUIPQ0vAQEBAQEBAQEBAR8CKyUBARkDAxoBCAQZAQ0OEgsBAww?= =?us-ascii?q?GAwILAyoBCQICIgEOAwEFAQsRBggLHQSILwEDF487kQs/jACBbBgFAR6DDQWDT?= =?us-ascii?q?woZJw1UgwgBAQEBAQUBAQEBAQEaAgYSiweEGhEBgyCCXQWPAX2KbZEmkEZJjUK?= =?us-ascii?q?CSRQegRSBEyUcRRGDHw8RC4F+HTSGBEeBZwEBAQ?= X-IronPort-AV: E=Sophos; i="5.33,333,1477958400"; d="scan'208,217"; a="1476610" Received: from mail-oi0-f41.google.com ([209.85.218.41]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 11 Dec 2016 21:39:30 +0000 Received: by mail-oi0-f41.google.com with SMTP id v84so70498376oie.3 for ; Sun, 11 Dec 2016 13:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UxEp2NSDAR1Ryv8nN7tOD1JewPGJVjA5iSdCty8JxyU=; b=hDk5ktvfFedJGX2xefFrSLo/ntU+Es7tZe7piWimu7KZaWeZ01HpL4JBBHu02N+/nd uxCeAmknXwOKLQBppZBM74xKKKXp7eoMrXmn70vp6Xqy7xeQ5E+Id9drxOqPtQXh5o5f rN5qJ1se8DIxp6+JkbmHnuLVBl/JXFkF4Gh5i+ntnVMFbDK4gfdPocwXyp9DmaNKXlWe qDu0bPcpF+Ff9UE7MZUOga+L/R4KxWxdnhe1+efkWwlTh69FJzlC7+Xh/ptLfFzr0iE0 FgtKeNi8trDlnypznJwOc5jZoQqG0m0B8Qzqfsxkxb1Osm6qS/7X7ouTAeeQgZU+oNGb bbuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UxEp2NSDAR1Ryv8nN7tOD1JewPGJVjA5iSdCty8JxyU=; b=AOPXvPw36rlR5vxiAYSR2GsJtX/2CjlNqtOIGZs9B47xElhHAPyo3Al3IyWCF1ZmAp GVNpmkhRuZ3w2FnCw4o/7QnFkhIGxxmtr/8RMmGA+m9WZCg8iqQ8SIWXf4vabk3xDfBM Zs/TNFI/vbK60pudTb6VqMxCrFc+Ae9Ghh7QHnc1k/GUFobY6ZfaRpsYCc8TOePyPpr8 LZQPxqJ8hfKr4rqn/VHX5xLmuVSHi/FKF1pb9Z/ZojRL5pBvsCd/XSjSFFQEgY4IAynA W97xEFHqSGbZyNb5sEkq/F4CxnuTrQDfgQ77Op6sQa5gSfyMPYGB6SJ1w5OYVXOglZ0o 4S7A== X-Gm-Message-State: AKaTC01XyaBIhlI4P+2yZAAUVQNT3WNN95ABtrYAdyHNsqOdb4n/hFuJXSzSQ4Q5WI4jna0l0Y6fGIYTf2daxw== X-Received: by 10.202.82.150 with SMTP id g144mr46767727oib.197.1481492369830; Sun, 11 Dec 2016 13:39:29 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.37.198 with HTTP; Sun, 11 Dec 2016 13:39:28 -0800 (PST) Received: by 10.157.37.198 with HTTP; Sun, 11 Dec 2016 13:39:28 -0800 (PST) In-Reply-To: <1481477416-93493-1-git-send-email-nnk@google.com> References: <1481477416-93493-1-git-send-email-nnk@google.com> From: William Roberts Date: Sun, 11 Dec 2016 13:39:28 -0800 Message-ID: Subject: Re: [PATCH] libselinux: add O_CLOEXEC To: Nick Kralevich X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: selinux@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Do you know if "re" poses any Mac issues? I would assume not, but I've never checked. On Dec 11, 2016 09:32, "Nick Kralevich" wrote: Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich --- libselinux/src/audit2why.c | 4 ++-- libselinux/src/booleans.c | 14 +++++++------- libselinux/src/canonicalize_context.c | 2 +- libselinux/src/check_context.c | 2 +- libselinux/src/compute_av.c | 2 +- libselinux/src/compute_create.c | 2 +- libselinux/src/compute_member.c | 2 +- libselinux/src/compute_relabel.c | 2 +- libselinux/src/compute_user.c | 2 +- libselinux/src/deny_unknown.c | 2 +- libselinux/src/disable.c | 2 +- libselinux/src/enabled.c | 2 +- libselinux/src/get_context_list.c | 6 +++--- libselinux/src/get_default_type.c | 2 +- libselinux/src/get_initial_context.c | 2 +- libselinux/src/getenforce.c | 2 +- libselinux/src/init.c | 4 ++-- libselinux/src/is_customizable_type.c | 2 +- libselinux/src/label.c | 2 +- libselinux/src/label_backends_android.c | 2 +- libselinux/src/label_file.c | 2 +- libselinux/src/label_media.c | 2 +- libselinux/src/label_x.c | 2 +- libselinux/src/load_policy.c | 8 ++++---- libselinux/src/matchmediacon.c | 2 +- libselinux/src/policyvers.c | 2 +- libselinux/src/procattr.c | 4 ++-- libselinux/src/selinux_check_securetty_context.c | 2 +- libselinux/src/selinux_config.c | 4 ++-- libselinux/src/selinux_restorecon.c | 2 +- libselinux/src/setenforce.c | 2 +- libselinux/src/seusers.c | 4 ++-- libselinux/src/stringrep.c | 2 +- 33 files changed, 49 insertions(+), 49 deletions(-) -- 2.8.0.rc3.226.g39d4020 diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index 3135eed..857383a 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -201,7 +201,7 @@ static int __policy_init(const char *init_path) path[PATH_MAX-1] = '\0'; if (init_path) { strncpy(path, init_path, PATH_MAX-1); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", @@ -218,7 +218,7 @@ static int __policy_init(const char *init_path) PyErr_SetString( PyExc_ValueError, errormsg); return 1; } - fp = fopen(curpolicy, "r"); + fp = fopen(curpolicy, "re"); if (!fp) { snprintf(errormsg, sizeof(errormsg), "unable to open %s: %s\n", diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index ba9d934..4a38a78 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -97,7 +97,7 @@ char *selinux_boolean_sub(const char *name) if (!name) return NULL; - cfg = fopen(selinux_booleans_subs_path(), "r"); + cfg = fopen(selinux_booleans_subs_path(), "re"); if (!cfg) goto out; @@ -210,7 +210,7 @@ static int get_bool_value(const char *name, char **buf) (*buf)[STRBUF_SIZE] = 0; - fd = bool_open(name, O_RDONLY); + fd = bool_open(name, O_RDONLY | O_CLOEXEC); if (fd < 0) goto out_err; @@ -274,7 +274,7 @@ int security_set_boolean(const char *name, int value) return -1; } - fd = bool_open(name, O_WRONLY); + fd = bool_open(name, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -305,7 +305,7 @@ int security_commit_booleans(void) } snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -399,7 +399,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist) snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", bool_file); - boolf = fopen(local_bool_file, "r"); + boolf = fopen(local_bool_file, "re"); if (boolf != NULL) { ssize_t ret; size_t size = 0; @@ -518,7 +518,7 @@ int security_load_booleans(char *path) int val; char name[BUFSIZ]; - boolf = fopen(path ? path : selinux_booleans_path(), "r"); + boolf = fopen(path ? path : selinux_booleans_path(), "re"); if (boolf == NULL) goto localbool; @@ -536,7 +536,7 @@ int security_load_booleans(char *path) localbool: snprintf(localbools, sizeof(localbools), "%s.local", (path ? path : selinux_booleans_path())); - boolf = fopen(localbools, "r"); + boolf = fopen(localbools, "re"); if (boolf != NULL) { int ret; diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c index 7cf3139..ba4c9a2 100644 --- a/libselinux/src/canonicalize_context.c +++ b/libselinux/src/canonicalize_context.c @@ -23,7 +23,7 @@ int security_canonicalize_context_raw(const char * con, } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c index 52063fa..8a7997f 100644 --- a/libselinux/src/check_context.c +++ b/libselinux/src/check_context.c @@ -20,7 +20,7 @@ int security_check_context_raw(const char * con) } snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c index 937e5c3..1d05e7b 100644 --- a/libselinux/src/compute_av.c +++ b/libselinux/src/compute_av.c @@ -27,7 +27,7 @@ int security_compute_av_flags_raw(const char * scon, } snprintf(path, sizeof path, "%s/access", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_ create.c index 9559d42..0975aea 100644 --- a/libselinux/src/compute_create.c +++ b/libselinux/src/compute_create.c @@ -65,7 +65,7 @@ int security_compute_create_name_raw(const char * scon, } snprintf(path, sizeof path, "%s/create", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_ member.c index 1fc7e41..4e2d221 100644 --- a/libselinux/src/compute_member.c +++ b/libselinux/src/compute_member.c @@ -26,7 +26,7 @@ int security_compute_member_raw(const char * scon, } snprintf(path, sizeof path, "%s/member", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_ relabel.c index 4615aee..49f77ef 100644 --- a/libselinux/src/compute_relabel.c +++ b/libselinux/src/compute_relabel.c @@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon, } snprintf(path, sizeof path, "%s/relabel", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c index b37c5d3..7b88121 100644 --- a/libselinux/src/compute_user.c +++ b/libselinux/src/compute_user.c @@ -25,7 +25,7 @@ int security_compute_user_raw(const char * scon, } snprintf(path, sizeof path, "%s/user", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/deny_unknown.c b/libselinux/src/deny_unknown.c index c93998a..77d04e3 100644 --- a/libselinux/src/deny_unknown.c +++ b/libselinux/src/deny_unknown.c @@ -21,7 +21,7 @@ int security_deny_unknown(void) } snprintf(path, sizeof(path), "%s/deny_unknown", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c index dac0f5b..8d66262 100644 --- a/libselinux/src/disable.c +++ b/libselinux/src/disable.c @@ -21,7 +21,7 @@ int security_disable(void) } snprintf(path, sizeof path, "%s/disable", selinux_mnt); - fd = open(path, O_WRONLY); + fd = open(path, O_WRONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c index 2ec6797..dd628fb 100644 --- a/libselinux/src/enabled.c +++ b/libselinux/src/enabled.c @@ -36,7 +36,7 @@ int is_selinux_mls_enabled(void) return enabled; snprintf(path, sizeof path, "%s/mls", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return enabled; diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_ list.c index f3fa4a9..689e465 100644 --- a/libselinux/src/get_context_list.c +++ b/libselinux/src/get_context_list.c @@ -275,7 +275,7 @@ static int get_failsafe_context(const char *user, char ** newcon) size_t plen, nlen; int rc; - fp = fopen(selinux_failsafe_context_path(), "r"); + fp = fopen(selinux_failsafe_context_path(), "re"); if (!fp) return -1; @@ -437,7 +437,7 @@ int get_ordered_context_list(const char *user, if (!fname) goto failsafe; snprintf(fname, fname_len, "%s%s", user_contexts_path, user); - fp = fopen(fname, "r"); + fp = fopen(fname, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, @@ -451,7 +451,7 @@ int get_ordered_context_list(const char *user, } } free(fname); - fp = fopen(selinux_default_context_path(), "r"); + fp = fopen(selinux_default_context_path(), "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); rc = get_context_order(fp, fromcon, reachable, nreach, ordering, diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_ type.c index 27f2ae5..dd7b5d7 100644 --- a/libselinux/src/get_default_type.c +++ b/libselinux/src/get_default_type.c @@ -11,7 +11,7 @@ int get_default_type(const char *role, char **type) { FILE *fp = NULL; - fp = fopen(selinux_default_type_path(), "r"); + fp = fopen(selinux_default_type_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 522ed78..5e919f4 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -25,7 +25,7 @@ int security_get_initial_context_raw(const char * name, char ** con) snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c index 03d3abc..d909dce 100644 --- a/libselinux/src/getenforce.c +++ b/libselinux/src/getenforce.c @@ -21,7 +21,7 @@ int security_getenforce(void) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/init.c b/libselinux/src/init.c index ddf91f8..2690a72 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -61,7 +61,7 @@ int selinuxfs_exists(void) size_t len; ssize_t num; - fp = fopen("/proc/filesystems", "r"); + fp = fopen("/proc/filesystems", "re"); if (!fp) return 1; /* Fail as if it exists */ __fsetlocking(fp, FSETLOCKING_BYCALLER); @@ -101,7 +101,7 @@ static void init_selinuxmnt(void) /* At this point, the usual spot doesn't have an selinuxfs so * we look around for it */ - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) goto out; diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_ customizable_type.c index 0b33edc..92876f4 100644 --- a/libselinux/src/is_customizable_type.c +++ b/libselinux/src/is_customizable_type.c @@ -16,7 +16,7 @@ static int get_customizable_type_list(char *** retlist) unsigned int ctr = 0, i; char **list = NULL; - fp = fopen(selinux_customizable_types_path(), "r"); + fp = fopen(selinux_customizable_types_path(), "re"); if (!fp) return -1; diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 60639cf..5c9d8c1 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -96,7 +96,7 @@ struct selabel_sub *selabel_subs_init(const char *path, struct selabel_digest *digest) { char buf[1024]; - FILE *cfg = fopen(path, "r"); + FILE *cfg = fopen(path, "re"); struct selabel_sub *sub = NULL; struct stat sb; diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_ backends_android.c index 4d6ec86..4ad71f9 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -159,7 +159,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, return -1; /* Open the specification file. */ - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; if (fstat(fileno(fp), &sb) < 0) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index a4dc3cd..0d4029b 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -520,7 +520,7 @@ static FILE *open_file(const char *path, const char *suffix, } memcpy(sb, &found->sb, sizeof(*sb)); - return fopen(save_path, "r"); + return fopen(save_path, "re"); } static int process_file(const char *path, const char *suffix, diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c index 622741b..d202e5d 100644 --- a/libselinux/src/label_media.c +++ b/libselinux/src/label_media.c @@ -90,7 +90,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_media_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c index 700def1..9674529 100644 --- a/libselinux/src/label_x.c +++ b/libselinux/src/label_x.c @@ -117,7 +117,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, /* Open the specification file. */ if (!path) path = selinux_x_context_path(); - if ((fp = fopen(path, "r")) == NULL) + if ((fp = fopen(path, "re")) == NULL) return -1; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index b7e1a6f..327cc6a 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -34,7 +34,7 @@ int security_load_policy(void *data, size_t len) } snprintf(path, sizeof path, "%s/load", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; @@ -173,13 +173,13 @@ checkbool: search: snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); while (fd < 0 && errno == ENOENT && --vers >= minvers) { /* Check prior versions to see if old policy is available */ snprintf(path, sizeof(path), "%s.%d", selinux_binary_policy_path(), vers); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); } if (fd < 0) { fprintf(stderr, @@ -335,7 +335,7 @@ int selinux_init_load_policy(int *enforce) /* Check for an override of the mode via the kernel command line. */ rc = mount("proc", "/proc", "proc", 0, 0); - cfg = fopen("/proc/cmdline", "r"); + cfg = fopen("/proc/cmdline", "re"); if (cfg) { char *tmp; buf = malloc(selinux_page_size); diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c index 46cba46..23d01af 100644 --- a/libselinux/src/matchmediacon.c +++ b/libselinux/src/matchmediacon.c @@ -18,7 +18,7 @@ int matchmediacon(const char *media, char ** con) char *ptr, *ptr2 = NULL; int found = 0; char current_line[PATH_MAX]; - if ((infile = fopen(path, "r")) == NULL) + if ((infile = fopen(path, "re")) == NULL) return -1; while (!feof_unlocked(infile)) { if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c index 284a7f7..c97dd9d 100644 --- a/libselinux/src/policyvers.c +++ b/libselinux/src/policyvers.c @@ -23,7 +23,7 @@ int security_policyvers(void) } snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) { if (errno == ENOENT) return vers; diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c index 8cd59af..ebc0ade 100644 --- a/libselinux/src/procattr.c +++ b/libselinux/src/procattr.c @@ -143,7 +143,7 @@ static int getprocattrcon_raw(char ** context, return 0; } - fd = openattr(pid, attr, O_RDONLY); + fd = openattr(pid, attr, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; @@ -235,7 +235,7 @@ static int setprocattrcon_raw(const char * context, && !strcmp(context, *prev_context)) return 0; - fd = openattr(pid, attr, O_RDWR); + fd = openattr(pid, attr, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; if (context) { diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c index 24e5e2c..55d4e03 100644 --- a/libselinux/src/selinux_check_securetty_context.c +++ b/libselinux/src/selinux_check_securetty_context.c @@ -14,7 +14,7 @@ int selinux_check_securetty_context(const char * tty_context) ssize_t len; int found = -1; FILE *fp; - fp = fopen(selinux_securetty_types_path(), "r"); + fp = fopen(selinux_securetty_types_path(), "re"); if (fp) { context_t con = context_new(tty_context); if (con) { diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_ config.c index 88bcc85..d8e140c 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -88,7 +88,7 @@ static const uint16_t file_path_suffixes_idx[NEL] = { int selinux_getenforcemode(int *enforce) { int ret = -1; - FILE *cfg = fopen(SELINUXCONFIG, "r"); + FILE *cfg = fopen(SELINUXCONFIG, "re"); if (cfg) { char *buf; int len = sizeof(SELINUXTAG) - 1; @@ -163,7 +163,7 @@ static void init_selinux_config(void) if (selinux_policyroot) return; - fp = fopen(SELINUXCONFIG, "r"); + fp = fopen(SELINUXCONFIG, "re"); if (fp) { __fsetlocking(fp, FSETLOCKING_BYCALLER); while ((len = getline(&line_buf, &line_len, fp)) > 0) { diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_ restorecon.c index e38d1d0..7ebfbdc 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -247,7 +247,7 @@ static int exclude_non_seclabel_mounts(void) if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) return 0; - fp = fopen("/proc/mounts", "r"); + fp = fopen("/proc/mounts", "re"); if (!fp) return 0; diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c index e5e7612..09cad3c 100644 --- a/libselinux/src/setenforce.c +++ b/libselinux/src/setenforce.c @@ -21,7 +21,7 @@ int security_setenforce(int value) } snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDWR); + fd = open(path, O_RDWR | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c index 09e704b..572a7b0 100644 --- a/libselinux/src/seusers.c +++ b/libselinux/src/seusers.c @@ -185,7 +185,7 @@ int getseuserbyname(const char *name, char **r_seuser, char **r_level) gid_t gid = get_default_gid(name); - cfg = fopen(selinux_usersconf_path(), "r"); + cfg = fopen(selinux_usersconf_path(), "re"); if (!cfg) goto nomatch; @@ -278,7 +278,7 @@ int getseuser(const char *username, const char *service, FILE *fp = NULL; if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0) goto err; - fp = fopen(path, "r"); + fp = fopen(path, "re"); free(path); if (fp == NULL) goto err; __fsetlocking(fp, FSETLOCKING_BYCALLER); diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 2dbec2b..2d83f96 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -80,7 +80,7 @@ static struct discover_class_node * discover_class(const char *s) /* load up class index */ snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) goto err3;