From patchwork Wed May 9 22:02:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 10390913 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3942160236 for ; Wed, 9 May 2018 22:05:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 250C420453 for ; Wed, 9 May 2018 22:05:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 231472040D; Wed, 9 May 2018 22:05:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from USFB19PA14.eemsg.mail.mil (uphb19pa11.eemsg.mail.mil [214.24.26.85]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C1CB288B4 for ; Wed, 9 May 2018 22:03:37 +0000 (UTC) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by USFB19PA14.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 09 May 2018 22:03:35 +0000 X-IronPort-AV: E=Sophos;i="5.49,382,1520899200"; d="scan'208";a="13107431" IronPort-PHdr: =?us-ascii?q?9a23=3AVePRnx245D0tXl8hsmDT+DRfVm0co7zxezQtwd?= =?us-ascii?q?8Zse8RL/nxwZ3uMQTl6Ol3ixeRBMOHs6kC07KempujcFRI2YyGvnEGfc4EfD?= =?us-ascii?q?4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFA?= =?us-ascii?q?nhOgppPOT1HZPZg9iq2+yo9JDffwtFiCChbb9uMR67sRjfus4KjIV4N60/0A?= =?us-ascii?q?HJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L2?= =?us-ascii?q?81/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUj?= =?us-ascii?q?q+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3?= =?us-ascii?q?RHUMhfSidNBpqwY5YTA+YEO+tTsovzqEYUrRamBAmjBu3vxD9GiHH1w6M1z/?= =?us-ascii?q?kvERnE0QA9Ed8Brm/Uoc7pNKsOS+250LXEwSnBYv5QxDzz6JLIchckofyUR7?= =?us-ascii?q?x/a9fRyU0yHA3CiVWQrpblMC2I3ekKq2iU9fdgVea0hm4/sQ5xvzyvyt4pio?= =?us-ascii?q?nOgYIV0E7L+T9lz4YyIN21UUh2asOqHptXsiGVLYp2QsU6TmFwoik617kGtY?= =?us-ascii?q?e+fCgNz5Qn3QDQZ+abfIiP5xLuUvuaLzRghH99Zb6yiBm//VKgx+HhTMW4zl?= =?us-ascii?q?lHojRfntXRrnwByh3e58mdRvdj40us2CyD2x3T5+xHO0w5lavWJ4Y/zrIskp?= =?us-ascii?q?cfq0fOEy/slEnokaObdl8o9+er5unhf77ovIWTN5VuhQH7Kqkun8u/DvkmPQ?= =?us-ascii?q?UWRGib/Pi81KXk/U3kXLVGlv02nbfdsJDdPckburS2AxVU0oY+8BazFSum0d?= =?us-ascii?q?QEknkHK1JJYhSHgJTyO17SOvz4CPa/g1C0nDdqwfDJIKHhD43QInXMn7rtZ7?= =?us-ascii?q?Zw51NGxAYtwt1T+YhYBqwZLPL2QEDxtdjYDhEjMwyzxubqEM592Z0aWWKOBK?= =?us-ascii?q?+ZLazTvUaT6eIoPumMYpMatyjmK/U++/7vjWM2mV8afaWz25sXc2q3Eu5pI0?= =?us-ascii?q?Wef3rgms0BHnsSvgoiUOzqj0WPUTxUZ3a0Ra08+jE7B5igDYrYRICth7qB3C?= =?us-ascii?q?KhEZ1NemBJFEqMEWzye4WDQfcMZzqYItV9nTwcSbihV4gh2AmstA/40bVoMu?= =?us-ascii?q?nU+jYftZLl1dh1+fbelR829TxpAMWSyHyNT2donmMVXTM227p/oUNlwFeZza?= =?us-ascii?q?d4m+BYFcBU5/5RXAY6NJrcz+lkBNDoQQ/BcMmGR0uhQtW8Gz4xVsgxw9gMY0?= =?us-ascii?q?ljB9qikgrP3y2wA78aj7aLHoA78rrA33jtIMZw02vJ27Ukj1khRMtPKXCqi7?= =?us-ascii?q?Vh9wfNHY7JkkSYl6GsdagG2i7C6nuDx3KUvE5ESA5wTbnFXXcHa0TLsdT2/F?= =?us-ascii?q?nCQqSyBrQgNwtO1dSNKrBWatHzi1VJWuvjMszEY22tg2ewGQqIxrSUYYvqem?= =?us-ascii?q?Qd2yPdBVMBkwAX5HqGNA4+Cj2no23EFjxuFlPvY13y/uVkrnO0UFM0xRmQb0?= =?us-ascii?q?J9z7q15gIVhfuERvMdxLILoiEhpCl1HFamxN/WDsKApwt4cKVHb9I9+01L1W?= =?us-ascii?q?XDtwxyJpagNbxthkYCcwRruEPjzxZ3BZ9DkcgtsXMn1wlyJrib0FNGajOUx5?= =?us-ascii?q?fwOqfYKmPq5hCgd7bW2k3C0NaR4qoA8uk3q0/ivA63DEov6G9o3MVQ03eG4Z?= =?us-ascii?q?XKFgUSW4rrUkkr7xh6u63aYi4l6oPOyHJjLLK5sjDH29MmHuclzAivf8tHOq?= =?us-ascii?q?OeCADyC9EaB9SpKOEygFipYAgEPOdJ9K4oJM6mbP2G2KmlPeZlhj2mi35L4I?= =?us-ascii?q?Zj3UKQ7yB8UPLH344Zw/GE2QuKTzn9g02lssDrh49EfyoSE3GhySf6Ho5efb?= =?us-ascii?q?ByfYMRBWepOc23yc10h4TxVH5A6F6jG1QG1deveRqTa1z92RNf1V8MrHO9hy?= =?us-ascii?q?S41Tt0nysurqqF0yzE2/7iewYfOm5XWGliik/hIZa1j98GQEioaBIpmAG56k?= =?us-ascii?q?b6wKhboqt/InLXQUdJeSj5NXtiUqyqurqFec5P54sisT9LX+SkfVCaVrn9rg?= =?us-ascii?q?Me0yPiBGte2Ck3dyq0tZX9nhx6jn+dLXlooXrCYcFwxBHf5N3ASv5KxDYGQj?= =?us-ascii?q?d3iSXPDFimI9ap5cmUl4vEsu2mTWKhUZlTcS31woOaqCS74mNrDAakn/Cuht?= =?us-ascii?q?LnChI20Sjh19llTS/ItgrzYpH316SmNuJqZkpoC0H668phAYx+kZU/hJcL2X?= =?us-ascii?q?gcmJqV4WALkWDpMdVUwaj+dmYCRSYXw97J5wjowFVjIWiUx4L9SHqd2tFuZ9?= =?us-ascii?q?+mYmwIwCIw9N1KCLyK47xehit5uEG4rQXMYfhngjgS1/Uu6HkAg+EGpgUh1C?= =?us-ascii?q?OdDa4OHUNAJyzjiwyI78yirKVQfGuvb76w21dlkNC/CrGNvwFcVGz/epg8AS?= =?us-ascii?q?969t9/P07U0H3v9oHkf8HdbcoJuR2JlxfNlPRaKJMtlvsKnCZnN3jyvXs/x+?= =?us-ascii?q?48lxxu0omwvJKbJGV14KK5HhlYOyX7Z8wJ/DHtkaFensON0oChAJpuBzILXI?= =?us-ascii?q?HyQvKwCjISsvbnOBiSHz0gsHubHqDfHQCH4kd8s33PC4yrN22QJHQByNVtXh?= =?us-ascii?q?2dJEhBjwAIQDU1hIQ2GxusxMP/bEd5/Swe6UTgqhRS0O5oMQfwUnvHrgeydj?= =?us-ascii?q?g0UISfLAZR7gxa6UfVK9KR4f9oHy5C+J2hsAuNKneAagtSEW4JX1aIB1f5Pr?= =?us-ascii?q?mh/dPA6fSXBvKiL/vSZrWDsepeV+2SypK3yotr5DiMNsSVPnl5E/071EtDXX?= =?us-ascii?q?ZjFMTfhzoPSjYYlybXY86cvhe89TV9rtqj//TzRALv+YyPBqNKMdpx4B+5n6?= =?us-ascii?q?GDN++MhCZ+MjtY140DymHWx7QF214SkS5ufSG3EbscrS7NUL7QmqhPAhEAcC?= =?us-ascii?q?x/M89I76Mn3glRIs7XkMj12aBkgfIvEFdKS1jhmsCvZcwXLGCwL0/IBUaRNL?= =?us-ascii?q?SbPj3H2c/2brmgSb1Li+VUsQe8uTGBE0/sJj6DjSXmVwizMeFQiyGWJAdRuI?= =?us-ascii?q?CychZqD2juV8/pZQOgP992lzI2x6c4hnTQNW4TKTJ8aV9CrqWM7SNEhfVyA3?= =?us-ascii?q?ZO7nV/IumahSmU9O7YKo4IvvttByR7jeNa4HAhxLtS4yBIXvt1mDHdrtR2uV?= =?us-ascii?q?GpjvGPyiZ7UBpJsjtLmIWLvUB4NaXD8ZlBWGjL/BQW4mWKDBQFudhlB8bztK?= =?us-ascii?q?BXz9jAiLj8KCxe897O+8sTGdTUItqdMHU9KRrpBCLUDAwdQD6pNWHeh1RdkP?= =?us-ascii?q?aW9n2Uspg1tIPhmJ8PSr9HTlw6COkWCkN/HNwNOJ13RC8rkaaHjM4U4nqztB?= =?us-ascii?q?rRRcVevp/ZTf+SBPLvKDiXjbZaexsI3bP4LYMWNoLlwUBibEd1nJjSEUrKQd?= =?us-ascii?q?9NujFhbhMzoEhV9nhxUHc820b+ZwOu538TDuK0kQQwigtlYuQt9S3g41EpKV?= =?us-ascii?q?rWvCEwilU+mc35gTCNdz78NL2wUp9NCyXqrUcxKI/0QwZuYAKpnExkLirLR7?= =?us-ascii?q?Vfj7t4b2Bklg/dtYFJGfFCUa1OeAUQyu2PZ/U0zVRcrT2qylJA5evDD5ttiR?= =?us-ascii?q?UlcZqtr39bwQ1scsQ1JavKKKpO1FhQibqEvjW02eAp3A8eO0EN/XuPdyESpk?= =?us-ascii?q?wIN6QpJzGz8+N28wyCgTxDeWYXV/U0vv1q61k9O+WczyPgybJDLF6+N/CHJa?= =?us-ascii?q?ODp2fAjdKIQk831k4Qk0lF+qJ23tklc0uVUEAi17SRFxIUNcbYLgFVdcVS/m?= =?us-ascii?q?DJfSmSqeXN3Y51P4KlG+DzU+COsKcUgkS5HAcmBIkD8sMBHpyw307CNsfnMK?= =?us-ascii?q?QJyRMz6wT3PF+FFuhGeAqXkDcbpMGy1IN33YhYJjEaHWV9MSW2663KqQ8rgP?= =?us-ascii?q?uMRsw5bm0cXoQaKnI8QNe6lDJBv3RcEDm31foUxxKG7z/9uivfEiHzb99jZf?= =?us-ascii?q?eSYhNsDsu59C4k/Ki3k1HX9IzSJ2/nNdh4vN/A9/8arY6dC/xIVbl9r1vcm4?= =?us-ascii?q?5ASnOxTWHPF8W4KILtZIkyc9P0EG26XUalizM1VcvxO8ytLqeQiwHyWYlUqJ?= =?us-ascii?q?Wb3CwkNcKlGTEeBhZwp+UH5K1iYA0OeIc0bgDzuAQ/LaO/Jh2U0tK0Q2aiMT?= =?us-ascii?q?FWVeVQzf2mZ7xLyCohdvW6yH0hTp4mz+m39koNRIoSgB/H2PitfZVTXy/oF3?= =?us-ascii?q?NBfAXPoDY2mHJ6NuYu2Os/xg3HsUUEOTCRaONpcHBEv807BV6KO3V5EHA4R1?= =?us-ascii?q?iHgofY/g6sxaod/zVDkNZQ0O1Ftnf+vpveYDKjWKyrtZvVvDA6bdgjuaFxN5?= =?us-ascii?q?LsIteevpPEgjPfVIXQshGCUCOiGftWgMRfICJZQPlNmGEqI88GtJFA6UUvSM?= =?us-ascii?q?gxOaZDCK42prClcTBkFzIdzTcFV4Oc2zwPmuK81KHAlheTbpsiLB0EsJNNgt?= =?us-ascii?q?YGXS95eCUeq7OnV4XRim+LV3MLLB0V7QtS+AIKjpVwcfz94IrUUJ9MzCZbrO?= =?us-ascii?q?huUivWEJlk7Vj7R3qXgVj5SfWhj/em0RhUzP3yztkRQAR/BlRFx+ZKiksoL6?= =?us-ascii?q?l6K6gWvo7WrDCIcV31vGfzx+u6PllQydbZd1rgDIXbs2r8VzcT+XwQRYBUz3?= =?us-ascii?q?HeGo4ekw1jaKYkvF9MOpypel7i5zw4wIRkB6W4Vceux1s+sXYKWyKqHMFbB+?= =?us-ascii?q?Fgrl3XRCVvY4q3p5X9J5VSXmhQ9YWdq1hDikViKSq5xodHJs5Q/DEMRCBPri?= =?us-ascii?q?uZvNSsUs1Pw8h2D4UDIt1noXfyBLtEOISNo30xorHvyHjZ9C4nvVin2jqzAL?= =?us-ascii?q?G3T/hF/2IABwolPWKepVczD+E06Gfd7kjNskxo/+dcHrWPkVh+ryt8Hp9UAj?= =?us-ascii?q?ZEzmyqL1N2THZaqepaM7jVf9ZaQ/YseR+lIwY+GuI+30yV4UF0mm/0bDd8tg?= =?us-ascii?q?RG5yzQXRQ4WCcOj7jxnj0er92oNiUBS5JUdzkhaTnKKx6DkyBNoBlfc11qW4?= =?us-ascii?q?weAttd4bEUw5Zb/srYRkawMiwFWBtiNhwm3vZBiUFDt1iXdj7HAQqua/nPrg?= =?us-ascii?q?V9fd2No86xMPT54ABHh5v/sOAj66UMXWCpmRG2TNDFqI/8q8eKuVeQe6f+L+?= =?us-ascii?q?28e2XOTDzWgRC3n7ckAIHA/zLPPwpDN5l61X0kbID9CW7RIxtJOb8UKlFGVa?= =?us-ascii?q?B+ddVGuPpVZ9FleKYO/a9iGA6HSgnoGIy1o/lMNkzTSijGLyWd7uy/ppre7b?= =?us-ascii?q?7HRuj6YcyM3HLHTLhpPpph7Dn7BrPq0ZNf+kXq2/di7EV6SUPcPyCGttThKR?= =?us-ascii?q?sB5NO+eUv6op0pATTWDY9ykHX3wEFAedAXQyq3/5sG055Z9Gz/SeRj0kj0qu?= =?us-ascii?q?FS8adr6ZUv6bBz1ci0PbvSKehdsUJ/BBiUAh5n9pQrAGh6XWxRY+kRKPnLfa?= =?us-ascii?q?sDlsDut/r3F7EL5x2J5uxZc8XIK1vGmsmlBTGWUQZEkxsZqT4GMguc0OaIm6?= =?us-ascii?q?l1Scm5ouj53lgi40OkIh4Hy7Bt4pyE+rGTqe/SYBbQwqIIWq/wRsP8tr4soV?= =?us-ascii?q?+d5eU4lL4SfWx4exGoH/IZVsED3Wfg0aArzSU3HsPYA73g+eBMV3QlnjLhgZ?= =?us-ascii?q?9xBVMWFe0IHbCT54RRgn84m/DFNt0Raq1Cnn2PFRukH7IZx36k9TaYIG5/gh?= =?us-ascii?q?7UyxHwW2Sz7F3ooiBkXSvA1dDjklBaVrOvH0ddQzKpOVNksDOIJAfottv3ua?= =?us-ascii?q?Eu4UEzLGPltMyClHGgOLNREM3zPtqcLjcopFgPlp0+WsSv2ZwHGdq6ONoR8X?= =?us-ascii?q?B/YeHE5Gy3iCJBuLlIh5bA7c6J4PnXGmOgj6KCobWX2D9Y0mQ4vU046t24Lf?= =?us-ascii?q?7O5saKQvqy2GYTTid/pxPBUASoqrzftF0bJUuL31rVl4MQI9FZx3441lv86+?= =?us-ascii?q?Q5R9Iz7gpeHJ7aZ/wevTDzJCf0wVGHbtIvTCaezydYHlL7EFl/Aqg823v8vN?= =?us-ascii?q?nXmnfU+l0oQJRwdkP8iBxvFYo4NV4i6FgZwyoECwgNagqXDLK2CkT/K4sLS0?= =?us-ascii?q?wDZQ6A3Ligdac9xVdzza+35O/Pcex8ALIANvlHgQ6UgldbBpIWvLYaQLJ9Z1?= =?us-ascii?q?9S6q7XqRL/C4j8RfTmk2Q/NeGtSMBA7c8Zr2ci4hq4Rxe45pdM8bAbiIyPdq?= =?us-ascii?q?5DZpTMp95z70Nm5T4JayxMjwNyjxenXuAGpOHs+MLXsJy25eayTKwtXfkY9w?= =?us-ascii?q?AoB2RiiJv9mEwsodPN2OhAUYDalYP/8ARJI36LponayQV8JvQSJIKrZrpg8G?= =?us-ascii?q?8HJycGLXIUIdWWc+U84zNqMDjL4lxCBcUMZc8XPMXTgg1Uj0zpV6tV9sXFBl?= =?us-ascii?q?+ZBYBzd9or72rs0jw194UzUvr44j+sOZ/f901NP+9EjCh0m9LNuPMVweHLBC?= =?us-ascii?q?YK7neXbRl1wiWfy5iCEPvw8uCMx8vSV1wYBCI2VJ1dJDWa8wy9WuW1jInpUh?= =?us-ascii?q?+T6sLrgpI+c0KQRnqrkKsZsqZMFfNAhTj63zhfEID1nPGVs9u35WtJt11HDp?= =?us-ascii?q?x87RnYF6VeJJl7Pwr3ltWzTEhmGiT/YN3UdgYpuOeOx+cM/f9xN03laI8fPx?= =?us-ascii?q?IL1rP66X1OTgd0T772pFmZV/oLZNR6UPPEsmxV6YV4Jq8NIledqpLqrjNTpV?= =?us-ascii?q?E4GgApbqE/riBAeknIggJVR77+uKQchQsETd55pUhMFHq/OGI64DrGW7pajK?= =?us-ascii?q?2VCPEO6TWTSaoOU0R0PS9kRRO6xolucaOznf9bqmNGgj99oP8y3jxjRRu8ui?= =?us-ascii?q?7sp6UW1DIi4r64tzIBuXpbQeWYiSvID0tMzOgSh6cGF3ni8UC8YGUEbIbq+7?= =?us-ascii?q?ZoO8Lg9ZU67nQkZRUjeDEGXfi+Cy7ukqyEGIuPsMhThBSVosXBcaezLTQONr?= =?us-ascii?q?Q60R/jX3990gzEkxZy/moLRTGg7NE/KYW4PsYlwTGoFnbHe1YW5aNJq9DxtV?= =?us-ascii?q?8NTOs5c19hx39j0sefTC0XWMPPA3o1jhQjaWhcfpJM9xsaF6gwgjmWpaRH/w?= =?us-ascii?q?AUYDLREou74InQmdnH1WM6TddwyWLcvreFiY8y0H15h9N06TaDuXoKd+zCUs?= =?us-ascii?q?9jHmb825xayez/e/WtqP4IRJFhyLS7X/8IKtOj9neu2JV2Rk+lwawTH129MO?= =?us-ascii?q?Ad3brbSyOlRneDWeSXcmiDgyo5MlTs6ha2NFE3btlFr1MlOOvYmpFcjxHhUa?= =?us-ascii?q?9zRiiIoV/bzWojMf4Vdg4vvIenehcKTPIKZ+WHJOgh2vs+CFwWY3/OByt2BP?= =?us-ascii?q?e8sUSxk4hjJ3Vg/UL6bPzo8g/8LNSSGhgEEYjdrpNq5/y6R2SBNmFkzB1zOk?= =?us-ascii?q?l06ujeG042tu9GfJabhcLQiMhj0e4Za/dtNjUwutwJlYJg7omby9yHcQzXzp?= =?us-ascii?q?buJdHVpeWYA/Lfz0Q2YG1aVKQWYR/t7YUgItE5Q6HTHadevRkEB6g6RZshN3?= =?us-ascii?q?3r9KF1NwN+aQjRa66xgsb0p+KHfJxUp2XZ7lgoNifTpwUDyuCoTQx8d52qnH?= =?us-ascii?q?vyIJUsST9ArNBgEQVmE5VVG8MBrgunBJiUlLu9i9Cv50Mp89MN5JHsB+jK2d?= =?us-ascii?q?Lx5IB4W5xX9ATfJzrKLLV6iURiyOKpi7HP1YenTYvLfd4UWfkzYWnJY7nLAM?= =?us-ascii?q?3rIzaDKs/tPU1B/7ea3axRVQ+YbyT0GaGBsXvgfM9l6kUy0IAwXOPSyjE2p+?= =?us-ascii?q?XB2dDybntXkSyUrXeIMpZExFbWBOrCUghSRObD+2FgS/45d4zxod8HLNhq5d?= =?us-ascii?q?+b+QQ7uCxLzc+tO6G8qgrJ3UVheNTQK06/iHVxYpUDPBnqaRhkumTesHmIRC?= =?us-ascii?q?0FdpL+e8BwnNaYCADs7EBtmGYrI3RMAXfsWczIYTlJ5vqST1ahzCsTXpAOku?= =?us-ascii?q?usdgg9v6y2D+xpPsYg+62mt7QCxM5gMDqHBNNbMCfZMKJsM3JPA//Oqlklbl?= =?us-ascii?q?9h0fA1V445aILIIRYvKE6dzWb3ygzY3Aj/cNnqjv7QfX5IqC4BwLvdySNXoh?= =?us-ascii?q?Wh//2eh8A=3D?= X-IPAS-Result: =?us-ascii?q?A2BKBACKb/Na/wHyM5BcGwEBAQEDAQEBCQEBAYMYKANhI?= =?us-ascii?q?FooCoNliGCMEoF5dRqPDYU/A08nBwwBhy8hOBQBAgEBAQEBAQIBaxwMgjUkA?= =?us-ascii?q?YJPAQIDAQIgBBkBAQcwAQIDCQEBCgsDCgICIgQCAgMBHhIBBQEcBgESBRaDC?= =?us-ascii?q?AIogVcDnj48ihhtgWkzgm8BAQWFUIJACBJ3hHiCJFSBP4EPggxKNYdzglSHF?= =?us-ascii?q?5EXCIVniGhejAUrkBUwgQQzIYFSMxoIGxVsBoIMCYILDBcRgzSEWYYVUwF5A?= =?us-ascii?q?QEZjncBgRcBAQ?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 09 May 2018 22:03:33 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w49M38Dh001629; Wed, 9 May 2018 18:03:12 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id w49M2rPU175056 for ; Wed, 9 May 2018 18:02:53 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w49M30dm001580 for ; Wed, 9 May 2018 18:03:00 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1DrAgCKb/NalywbGNZcHAEBAQQBAQoBA?= =?us-ascii?q?YMYKGR6KAqDZZRygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIUAQEBAQE?= =?us-ascii?q?GGAZLhTUBAgMjBBkBAQcwAQ8WAwoCAiYCAiISAQUBHAYBEhuDCAIogVcDnj48i?= =?us-ascii?q?hhtgWkzgm8BAQWFUIJACBJ3hHiCJFSBP4EPggxKiCiCVIcXkRcIhWeIaF6MBSu?= =?us-ascii?q?QFTCBBDOBczMaCBsVbAaCDAmCCwwOCRGDNIRZhhVTAYEUjncBgRcBAQ?= X-IPAS-Result: =?us-ascii?q?A1DrAgCKb/NalywbGNZcHAEBAQQBAQoBAYMYKGR6KAqDZZR?= =?us-ascii?q?ygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIUAQEBAQEGGAZLhTUBAgMjB?= =?us-ascii?q?BkBAQcwAQ8WAwoCAiYCAiISAQUBHAYBEhuDCAIogVcDnj48ihhtgWkzgm8BAQW?= =?us-ascii?q?FUIJACBJ3hHiCJFSBP4EPggxKiCiCVIcXkRcIhWeIaF6MBSuQFTCBBDOBczMaC?= =?us-ascii?q?BsVbAaCDAmCCwwOCRGDNIRZhhVTAYEUjncBgRcBAQ?= X-IronPort-AV: E=Sophos;i="5.49,382,1520913600"; d="scan'208";a="273151" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 09 May 2018 18:02:59 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AHcvbLBE2Vdrqmquq57HFN51GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ7ypMuwAkXT6L1XgUPTWs2DsrQY07GQ6/iocFdDyK7JiGoFfp1IWk?= =?us-ascii?q?1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBA?= =?us-ascii?q?j0OxZrKeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmqsA7cqtQYjYx+J6gr1x?= =?us-ascii?q?DHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PG?= =?us-ascii?q?Au+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VC?= =?us-ascii?q?+85Kl3VhDnlCYHNyY48G7JjMxwkLlbqw+lqxBm3oLYfJ2ZOP94c6jAf90VWH?= =?us-ascii?q?BBU95MWSNOA4OzbYUPAeoPM+hbsYfyu0ADrQeiCQS2GO/j1iNEi33w0KYn0+?= =?us-ascii?q?ohCwbG3Ak4EtwUqnvUsdH1P7oVX+Cyy6nI1yvMZO5R1Dfl8ofIbxQhrOqUXb?= =?us-ascii?q?1qbMrRzVAjFwbCjlWXs4zqISmZ2fgKs2ie9udtU/+khWAgqwF0uDevx8Esh5?= =?us-ascii?q?HRho0P11DE8Tx1wIMyJd2/Uk50f8SoH4dXtyGfMYZ9X8AsQ3lwtSok17ELto?= =?us-ascii?q?S3cDYFxZg92RLSaeaLfoeH7x77SeqcIDZ1iGh7dL6ihhu+61Wsx+3/W8Wu0F?= =?us-ascii?q?tHrzJJnsfQun0JzRDe6ciKRuFj8ku82TuDzQ/e5+JCLEspj6TUMYQhzaQ1lp?= =?us-ascii?q?cLsUTMACv2mELugaCYbEsq9Pal5ur5b7v8upKQK495hhvgPaswn8y/Gus4Ph?= =?us-ascii?q?ILX2eB+OS80Kfv/Uj4QLVOlvE2k6/Zv47GJckDuKK1HgBY3pw95xuwFTuqzt?= =?us-ascii?q?YVkWMIIV9KYB6HipLmO1DKIPD2F/e/hFGsnS9zx//cI73hBo7ALmDZn7f8eb?= =?us-ascii?q?Zx8ktcyA00zdBF+Z1YEK0OIPX2WkPprtzXEgc5MxCow+bgENh9zZ0RWWaOAq?= =?us-ascii?q?+fLaPTvkSF5v4vIuaQZI8VvyzxK/4+5/H0l3M5llgdfbf6lacQPUukE+xmLk?= =?us-ascii?q?PRWn/lhtMMAC9epQYlZPD7g12FFzhIbjC9WLxqonkSDI+2AJaLZYehibqMwm?= =?us-ascii?q?/vF5lbdm1XTFOLHX7uepusXO0FYyafZMRml2pAHYKgQI8ozx3mlAb7zbd8Zr?= =?us-ascii?q?7O+yYYvIjv49NC5+TSkxwp3TZoDsKB3nuLQn0ylWQNEWwYxqd69HR011PL9K?= =?us-ascii?q?9/mfEQQcRa+vdhSg4nMdvZyOtgBpb5XQeXLYTBc0qvXtjzWWJ5ddk22dJbJh?= =?us-ascii?q?8lQ4/43BnewyqnBaMUnLWXBZsyt7jRxGX1O90kkyuU6ZENpAINeuIXZCuri6?= =?us-ascii?q?tk+E7WDo/N1UCYk/Xieacd2XvV/XyYhSqVvU5eWRJtS6iNQ30FZ0XXoNi4rk?= =?us-ascii?q?PPRrOjE/ImZyNZwNOGb65NbcfkyF5BQbG5YI2DOzzrwCG/DA6Q3aiJcJKscG?= =?us-ascii?q?IY0Q=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BNAgCKb/NalywbGNZcHAEBAQQBAQo?= =?us-ascii?q?BAYMYKGR6KAqDZZRygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIBEwE?= =?us-ascii?q?BAQEBBhgGSwyCNSQBgk8BAgMjBBkBAQcwAQ8WAwoCAiYCAiISAQUBHAYBEhu?= =?us-ascii?q?DCAIogVcDnj48ihhtgWkzgm8BAQWFUIJACBJ3hHiCJFSBP4EPggxKiCiCVIc?= =?us-ascii?q?XkRcIhWeIaF6MBSuQFTCBBDOBczMaCBsVbAaCDAmCCwwOCRGDNIRZhhVTAYE?= =?us-ascii?q?UjncBgRcBAQ?= X-IPAS-Result: =?us-ascii?q?A0BNAgCKb/NalywbGNZcHAEBAQQBAQoBAYMYKGR6KAqDZ?= =?us-ascii?q?ZRygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIBEwEBAQEBBhgGSwyCN?= =?us-ascii?q?SQBgk8BAgMjBBkBAQcwAQ8WAwoCAiYCAiISAQUBHAYBEhuDCAIogVcDnj48i?= =?us-ascii?q?hhtgWkzgm8BAQWFUIJACBJ3hHiCJFSBP4EPggxKiCiCVIcXkRcIhWeIaF6MB?= =?us-ascii?q?SuQFTCBBDOBczMaCBsVbAaCDAmCCwwOCRGDNIRZhhVTAYEUjncBgRcBAQ?= X-IronPort-AV: E=Sophos;i="5.49,382,1520899200"; d="scan'208";a="13107371" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from updc3cpa05.eemsg.mail.mil ([214.24.27.44]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 09 May 2018 22:02:58 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;d535c91e-0baa-44bd-8231-3cabd041e221 Received: from localhost.localdomain (localhost [127.0.0.1]) by UPDCF3IC11.oob.disa.mil (Postfix) with SMTP id 40h9Mj5GgHzg47W for ; Wed, 9 May 2018 22:02:57 +0000 (UTC) Received: from UPDC3CPA09_EEMSG_MP25.eemsg.mil (unknown [192.168.18.20]) by UPDCF3IC11.oob.disa.mil (Postfix) with ESMTP id 40h9Mj1wtczg47t for ; Wed, 9 May 2018 22:02:57 +0000 (UTC) Authentication-Results: UPDC3CPA09.eemsg.mail.mil; dkim=pass (signature verified) header.i=@paul-moore-com.20150623.gappssmtp.com X-EEMSG-check-008: 25879343|UPDC3CPA09_EEMSG_MP25.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 3.4 X-EEMSG-ORIG-IP: 209.85.215.48 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0DtAgDWbfNahjDXVdFcHAEBAQQBAQoBAYMYgQx6KAqDZZRygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIUAQEBCAsLCCgjDIUpAQIDIwQZAQEHMAEPCwsDCgICJgICIhIBBQEcBgESG4MIAiiBV548PIoYbYFpM4JvAQEFhVCCQAgSd4R4giRUgT+BD4IMSjWHc4JUhxeRFwiFZ4hoXowFK5AVMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSOdwGBFwEB X-IPAS-Result: A0DtAgDWbfNahjDXVdFcHAEBAQQBAQoBAYMYgQx6KAqDZZRygXl1Go8NhT8DUyoNhEACgm0hOBQBAgEBAQEBAQIUAQEBCAsLCCgjDIUpAQIDIwQZAQEHMAEPCwsDCgICJgICIhIBBQEcBgESG4MIAiiBV548PIoYbYFpM4JvAQEFhVCCQAgSd4R4giRUgT+BD4IMSjWHc4JUhxeRFwiFZ4hoXowFK5AVMIEEM4FzMxoIGxVsBoIMCYILDA4JEYM0hFmGFVMBgRSOdwGBFwEB Received: from mail-lf0-f48.google.com ([209.85.215.48]) by UPDC3CPA09.eemsg.mail.mil with ESMTP; 09 May 2018 22:02:56 +0000 Received: by mail-lf0-f48.google.com with SMTP id j193-v6so90872lfg.6 for ; Wed, 09 May 2018 15:02:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MomaQ+r1p8toxB5ynjWoKAx+MN2ttUoMXd2+j+fkCCo=; b=WNEiihSwF1Wxp94vsuAXAYzChQ+ZJP1Fj7c9/b53MicPuTVaoaoADWuBrqJebtKI9D jCKVjVGewKqcQYXH2bLwsP8Upg7BtS+8EKY2EqXg8mHjsYjXAjUT9QzW2d0fn5udnoOW GQwr8iVFAqjg4RvwtBFqBxB9II55LMs88ekLa8khRR347sqtcx9fwG68I6yllGjgR9GH tmZep3APACfQYMbAwYpRuXpXWDqCn/izhLCpdu9vT71swVYZS5Tkl7dOZPja1dSCu2Qf v/e66/w6aPrfYL8WGYSkglVOnTT1LxbGYHHrlnMAGa7YD6ly/wFcAHN12JrdlMJSEZA0 5KEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MomaQ+r1p8toxB5ynjWoKAx+MN2ttUoMXd2+j+fkCCo=; b=HGfaW7w+b+GoyCcCYUwdrHEFSxm0ps4ehYPext3BiRbD9QK4IqVPgI+Nr+1gYbDsU2 JErNnuxI6yqCP52ZPC2XCWTR0pKdCLvxSMBqbVOFr63oVMMkKFKdjgRffVzl6aDFyKMI JlGYDnD5df5Gg/si7HZsP8A8+qE91Cv00Zl8d4i6V9OmQh/OSSE29Gu/b7mWXw9WeK8w 9lx5dq3YkMv9D9UtaNixJtnZp9dqeIHp9vBF0o1HYOSIzb1fJM/gdlX14j6kN+lyMgMB GwGk4atJLY/QdbHHJRu9a6qqTwbPV5JDzPCHVpUB3ElchPBSbsmGjUBvCdaQ2eeDceX6 +SOg== X-Gm-Message-State: ALQs6tDsMDkKyTMFkc0NLB81RMOHGIineam7VOiwJz4hjctNahzkjuMS JD6QIp1xn5YCO3g14InmL2tJ2xSEgvzbRfW0EVk0 X-Google-Smtp-Source: AB8JxZrrh1X30IM6xqM7+0R51eAsjP/P6qSheIa79ukawRZyA92lIFFphP7MXfMVJ7lcvCQ/ohJeDoUHjJbyrRnjej8= X-Received: by 2002:a2e:810a:: with SMTP id d10-v6mr31118981ljg.83.1525903374483; Wed, 09 May 2018 15:02:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a947:0:0:0:0:0 with HTTP; Wed, 9 May 2018 15:02:53 -0700 (PDT) X-Originating-IP: [166.216.158.56] In-Reply-To: References: <1525788303-23244-1-git-send-email-alexey.kodanev@oracle.com> <1eb10913-8802-e2dd-68f0-9483435cd949@tycho.nsa.gov> <7fdbaf13-fea2-4a2c-213d-fa291db67081@tycho.nsa.gov> X-EEMSG-check-009: 444-444 From: Paul Moore Date: Wed, 9 May 2018 18:02:53 -0400 Message-ID: To: Stephen Smalley , Alexey Kodanev , Richard Haines Subject: Re: [PATCH] selinux: add AF_UNSPEC and INADDR_ANY checks to selinux_socket_bind() X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, netdev Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP On Wed, May 9, 2018 at 11:34 AM, Paul Moore wrote: > On Wed, May 9, 2018 at 11:11 AM, Stephen Smalley wrote: >> On 05/09/2018 11:01 AM, Paul Moore wrote: >>> On Wed, May 9, 2018 at 8:37 AM, Stephen Smalley wrote: >>>> On 05/08/2018 08:25 PM, Paul Moore wrote: >>>>> On Tue, May 8, 2018 at 2:40 PM, Stephen Smalley wrote: >>>>>> On 05/08/2018 01:05 PM, Paul Moore wrote: >>>>>>> On Tue, May 8, 2018 at 10:05 AM, Alexey Kodanev >>>>>>> wrote: >>>>>>>> Commit d452930fd3b9 ("selinux: Add SCTP support") breaks compatibility >>>>>>>> with the old programs that can pass sockaddr_in with AF_UNSPEC and >>>>>>>> INADDR_ANY to bind(). As a result, bind() returns EAFNOSUPPORT error. >>>>>>>> It was found with LTP/asapi_01 test. >>>>>>>> >>>>>>>> Similar to commit 29c486df6a20 ("net: ipv4: relax AF_INET check in >>>>>>>> bind()"), which relaxed AF_INET check for compatibility, add AF_UNSPEC >>>>>>>> case to AF_INET and make sure that the address is INADDR_ANY. >>>>>>>> >>>>>>>> Also, in the end of selinux_socket_bind(), instead of adding AF_UNSPEC >>>>>>>> to 'address->sa_family == AF_INET', verify AF_INET6 first. >>>>>>>> >>>>>>>> Fixes: d452930fd3b9 ("selinux: Add SCTP support") >>>>>>>> Signed-off-by: Alexey Kodanev >>>>>>>> --- >>>>>>>> security/selinux/hooks.c | 12 +++++++++--- >>>>>>>> 1 file changed, 9 insertions(+), 3 deletions(-) >>>>>>> >>>>>>> Thanks for finding and reporting this regression. >>>>>>> >>>>>>> I think I would prefer to avoid having to duplicate the >>>>>>> AF_UNSPEC/INADDR_ANY checking logic in the SELinux hook, even though >>>>>>> it is a small bit of code and unlikely to change. I'm wondering if it >>>>>>> would be better to check both the socket and sockaddr address family >>>>>>> in the main if conditional inside selinux_socket_bind(), what do you >>>>>>> think? Another option would be to go back to just checking the >>>>>>> soackaddr address family; we moved away from that for a reason which >>>>>>> escapes at the moment (code cleanliness?), but perhaps that was a >>>>>>> mistake. >>>>>> >>>>>> We've always used the sk->sk_family there; it was only the recent code from Richard that started >>>>>> using the socket address family. >>>>> >>>>> Yes I know, I thought I was the one that suggested it at some point >>>>> (I'll take the blame) ... although now that I'm looking at the git >>>>> log, maybe I'm confusing it with something else. >>>>> >>>>>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >>>>>>> index 4cafe6a19167..a3789b167667 100644 >>>>>>> --- a/security/selinux/hooks.c >>>>>>> +++ b/security/selinux/hooks.c >>>>>>> @@ -4577,6 +4577,7 @@ static int selinux_socket_bind(struct socket *sock, struc> >>>>>>> { >>>>>>> struct sock *sk = sock->sk; >>>>>>> u16 family; >>>>>>> + u16 family_sa; >>>>>>> int err; >>>>>>> >>>>>>> err = sock_has_perm(sk, SOCKET__BIND); >>>>>>> @@ -4585,7 +4586,9 @@ static int selinux_socket_bind(struct socket *sock, struc> >>>>>>> >>>>>>> /* If PF_INET or PF_INET6, check name_bind permission for the port. */ >>>>>>> family = sk->sk_family; >>>>>>> - if (family == PF_INET || family == PF_INET6) { >>>>>>> + family_sa = address->sa_family; >>>>>>> + if ((family == PF_INET || family == PF_INET6) && >>>>>>> + (family_sa == PF_INET || family_sa == PF_INET6)) { >>>>>> >>>>>> Wouldn't this allow bypassing the name_bind permission check by passing in AF_UNSPEC? >>>>> >>>>> I believe these name_bind permission checkis skipped for AF_UNSPEC >>>>> already, isn't it? The only way the name_bind check would be >>>>> triggered is if the source port, snum, was non-zero and I didn't think >>>>> that was really legal for AF_UNSPEC/INADDR_ANY, is it? >>>> >>>> 1) What in inet_bind() prevents that from occurring? >>>> 2) Regardless, what about the node_bind check? >>> >>> Fair enough. As mentioned above, perhaps the right fix is to move the >>> address family checking back to how it was pre-SCTP. >> >> It isn't clear to me how to do that without breaking SCTP multiple address binding, which is why >> Richard had to switch to checking address->sa_family instead of just using the sk->sk_family. >> Alexey's original fix might be the simplest solution. > > I'm going to have to apologize, I'm traveling at the moment and more > distracted than usual as a result. Let me take a closer look later > today. It may be that Alexey's original fix the only practical > solution, but I really would like to avoid having to duplicate checks > like that in the SELinux code. I just had a better look at this and I believe that Alexey and Stephen are right: this is the best option. My apologies for the noise earlier. However, while looking at the code I think there are some additional necessary changes: * In the case of an SCTP socket, we should return -EINVAL, just as we do with other address families. * While not strictly related to AF_UNSPEC, we really should be passing the address family of the sockaddr, and not the socket, to functions that need to interpret the bind address/port. I'm waiting for my kernel to compile so I haven't given this any sanity testing, but the patch below is what I think we need ... int err; @@ -4587,13 +4588,13 @@ static int selinux_socket_bind(struct socket *sock, stru ct sockaddr *address, in family = sk->sk_family; if (family == PF_INET || family == PF_INET6) { char *addrp; - struct sk_security_struct *sksec = sk->sk_security; struct common_audit_data ad; struct lsm_network_audit net = {0,}; struct sockaddr_in *addr4 = NULL; struct sockaddr_in6 *addr6 = NULL; unsigned short snum; u32 sid, node_perm; + u16 family_sa = address->sa_family; /* * sctp_bindx(3) calls via selinux_sctp_bind_connect() @@ -4601,11 +4602,19 @@ static int selinux_socket_bind(struct socket *sock, stru ct sockaddr *address, in * need to check address->sa_family as it is possible to have * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. */ - switch (address->sa_family) { + switch (family_sa) { + case AF_UNSPEC: case AF_INET: if (addrlen < sizeof(struct sockaddr_in)) return -EINVAL; addr4 = (struct sockaddr_in *)address; + if (family_sa == AF_UNSPEC) { + /* see "__inet_bind()", we only want to allow + * AF_UNSPEC if the address is INADDR_ANY */ + if (addr4->sin_addr.s_addr != htonl(INADDR_ANY)) + goto err_af; + family_sa = AF_INET; + } snum = ntohs(addr4->sin_port); addrp = (char *)&addr4->sin_addr.s_addr; break; @@ -4617,15 +4626,14 @@ static int selinux_socket_bind(struct socket *sock, stru ct sockaddr *address, in addrp = (char *)&addr6->sin6_addr.s6_addr; break; default: - /* Note that SCTP services expect -EINVAL, whereas - * others expect -EAFNOSUPPORT. - */ - if (sksec->sclass == SECCLASS_SCTP_SOCKET) - return -EINVAL; - else - return -EAFNOSUPPORT; + goto err_af; } + ad.type = LSM_AUDIT_DATA_NET; + ad.u.net = &net; + ad.u.net->sport = htons(snum); + ad.u.net->family = family_sa; + if (snum) { int low, high; @@ -4637,10 +4645,6 @@ static int selinux_socket_bind(struct socket *sock, struc t sockaddr *address, in snum, &sid); if (err) goto out; - ad.type = LSM_AUDIT_DATA_NET; - ad.u.net = &net; - ad.u.net->sport = htons(snum); - ad.u.net->family = family; err = avc_has_perm(&selinux_state, sksec->sid, sid, sksec->sclass, @@ -4672,16 +4676,11 @@ static int selinux_socket_bind(struct socket *sock, stru ct sockaddr *address, in break; } - err = sel_netnode_sid(addrp, family, &sid); + err = sel_netnode_sid(addrp, family_sa, &sid); if (err) goto out; - ad.type = LSM_AUDIT_DATA_NET; - ad.u.net = &net; - ad.u.net->sport = htons(snum); - ad.u.net->family = family; - - if (address->sa_family == AF_INET) + if (family_sa == AF_INET) ad.u.net->v4info.saddr = addr4->sin_addr.s_addr; else ad.u.net->v6info.saddr = addr6->sin6_addr; @@ -4694,6 +4693,12 @@ static int selinux_socket_bind(struct socket *sock, struc t sockaddr *address, in } out: return err; +err_af: + /* Note that SCTP services expect -EINVAL, others -EAFNOSUPPORT. */ + if (sksec->sclass == SECCLASS_SCTP_SOCKET) + return -EINVAL; + else + return -EAFNOSUPPORT; } /* This supports connect(2) and SCTP connect services such as sctp_connectx(3) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4cafe6a19167..5f30045b2053 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4576,6 +4576,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, i nt addrlen) { struct sock *sk = sock->sk; + struct sk_security_struct *sksec = sk->sk_security; u16 family;