From patchwork Wed Jan 25 17:29:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 9537591 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EDC2F6046A for ; Wed, 25 Jan 2017 17:29:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB99928329 for ; Wed, 25 Jan 2017 17:29:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D03922832F; Wed, 25 Jan 2017 17:29:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7183E28329 for ; Wed, 25 Jan 2017 17:29:28 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="2592145" IronPort-PHdr: =?us-ascii?q?9a23=3AutCcThJbRTqK6Q+/rdmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgQKf3zrarrMEGX3/hxlliBBdydsKMYzbeN+PGxEUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT6ybL9oLBi7owrdu80SjIB/Nqs/1xzFr2dSde?= =?us-ascii?q?9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLY?= =?us-ascii?q?TQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVRHniD?= =?us-ascii?q?0DNzUk7m/ZjMJ+h79frB64phFzxojZa5yXOvVjZKPQZdMUS2RCUMhMSSJOGJu8?= =?us-ascii?q?YokSA+cPIelWoJfyp0AVoBuiHgahHv/jxiNUinL026AxzuQvERvB3AwlB98BrH?= =?us-ascii?q?vUrdTyNKcUT++117TDwDLfYPNZ2Db9747IfQ46ofyXUrJwds3RyUYrFwzbi1Wf?= =?us-ascii?q?s43lPzeP2usRtGib6vNtWOSygGAprAFxpyKgxsYqioTRiYIVy0zE9SVkwIkuP9?= =?us-ascii?q?G3VEl7Ydu8HJRNqS6VLIp2TdkkQ21yvyY60LIGtJimdyYJ0JQq3wPTZvOIfoSS?= =?us-ascii?q?4h/vSfydLSl3iX57Yr6zmg6+/Eqvx+HmS8W4zlZHojBGn9XSrHwA1xLe586aQf?= =?us-ascii?q?Vn5EihwyyA1wXL5+FBJkA7iLTUJoY6wr41ipoTqUPDHjLqmEnujK+ZaEEk+u+w?= =?us-ascii?q?5uT7eLrmvJ6cN5Jvig3kLqQvmtCwAeQ/MgQUWWiU5f+826H58U38QbVKiuU6kq?= =?us-ascii?q?jfsJ/EOcQWvrO1DgBa34o56xuzEi2q3MoXkHUZNl5JZQqLj43zNFHPJPD4A+2/?= =?us-ascii?q?g1OpkDpz3PDJILnhApTLLnjen7btZK1y60lByAo10d9Q+YlUB6odIPPzRkDxtN?= =?us-ascii?q?vYAgU/Mwyv2enrEtp91oQAWW6XGK+WLLvSsUOU5uIoO+SMZogVuDDnJPg55/7h?= =?us-ascii?q?l3k5lEQffamu25sXbWq3Hu96I0qHe3rsmc0NEWAQvgoxVObqkkGNUSZPZ3auWK?= =?us-ascii?q?Ix/jM7CIC8AojfRYCtm7uB3CG6Hp1IfW1GBFSMEWrndoqfRvcMbj6SItJ7njwD?= =?us-ascii?q?T7ihRJcr1Quyuw/i17pnMu3U9zUAtZ39z9d6+evTlRAu9TxzFMmd0n+CQH9qkW?= =?us-ascii?q?8SQD82xq9/q1Rnylifyah4n+BYFdtL6vxUVQc6M5jcwPFkBND2WwLMZc2GR0i8?= =?us-ascii?q?QtWhGz0xScgxw9AWaUZnB9qilgzD3zatA7INirOLGIY78rjH0nftIMZ9zmrJ27?= =?us-ascii?q?M6j1k6WMdPM3OphrJn/QjJG4HJi1mZl7qtdakE3S7N8nuDwnSKvE5GVQ5/T7nF?= =?us-ascii?q?XWofZ0bNqtT5/l3NT7mrCbs9MwtBzdWNKqxFa9HzilVGXvjjMszEY22tg2ewGQ?= =?us-ascii?q?qIxrSUYYvqemQd2yPdBVMBkwAX5HqGNA4+Cj2no23EFjxuFlPvY13y/uVkrnO0?= =?us-ascii?q?UFM0xRmQb0J9z7q15gIVhfuERvwIxb0IvyMhqzRvHFahxNLaEcGAqBR9c6lGet?= =?us-ascii?q?My/lNH1WPftwxgMZ2tNLxth14EcwRqpEPizRt2BZ9ckcgxq3MqyhB+KaWC0FNO?= =?us-ascii?q?bzmYx4z/OqXLKmnu+xCic7DZ2knE39aM+6cP8+81q035swGzF0oi6G1n091P3H?= =?us-ascii?q?SA+JrGFg0SUYj+Ukwv7Rh1u6naYjUh54PTzXBtP6i0sjvH2903Huso0RigcMlC?= =?us-ascii?q?P6ODDg/9CdUaB9KpKOwohVemcg4EMPpV9K4uMMOsb+GG17KzPOZ8gDKminxK4I?= =?us-ascii?q?5n0k2W8SpzVu/I340ezvGdxguHVi7wjEyvs8Dsg4xEYisSHmWnwyj+GIFRfrFy?= =?us-ascii?q?fZoMCWq2IM243NZ+h5nwW3ND916sHVAG2Mi0eRaIaFz9xwJQ31wNoXO7gSu40y?= =?us-ascii?q?B0kzYxo6WFwSPO2eXiewQdOmNQXmZtkVLsLZKzj9AAU0iidxIpmwe95Ubm26hb?= =?us-ascii?q?o7xyIHXJTkdMYSf2NH1iU6u3treZeM5A9JIovjtRUOSgYFCVUKTxox0E3CP/B2?= =?us-ascii?q?Fe3iw0dym2upXlmBx3kGKdI2h3rHrdfsF93hPf5MHARf5W2zoJXjN0iT7NBliz?= =?us-ascii?q?J9Op58mbl4/fsuCiUGKsToZTcSfxzYOHryu7+XZnAQa5n/C0lNznFBI10Snh29?= =?us-ascii?q?lsSyrIsA72YpP32KSiLeJnYk5oCUfy6sVgHoF+jpU/hIsL2XUBmJWa42AHnnzu?= =?us-ascii?q?MdVew67+a2ANRTETyd7P/AflwFFjLm6Ox4/hSnWS39ZuZ9igbWMSwS8y88dKCK?= =?us-ascii?q?KI47Nehit1vkC0rQTPbvhhhj0d0+ch6GYGg+EVvwog1iOdArEWHUlcIyPsjA+F?= =?us-ascii?q?4Mqgo6VNY2aja7+w1FBxndq5FrGNvhlcWGrlepclBSJw8MR/P07Q0H308IHoYs?= =?us-ascii?q?XfbdIUth2SnBfNlOxVKJM3lvUQnypnPnjxvXo/y+40lRZux421vJCbK2Vx+6K0?= =?us-ascii?q?GhpYNjzuZ8MP4z3tlrhRnsKX34CpA5VgFS4GXIDwTfKpFjIStOjoNx2UHD06tH?= =?us-ascii?q?ibBaLVHRWD50d+s3LPD5erOmmNJHkeydViQAeSJFZDjwATUjQ3hYU5Fh22y8z6?= =?us-ascii?q?akt54SoR5lHgoBtW1u1oLwX/UnvYpAqwcjc7UoWfLB5M4g5Y/UvaKsue7uZvHy?= =?us-ascii?q?Ff+J2stwmNJnCdZwRPEW4FQEqECE7/PrO2/9nP7/CYBvaiL/vJebiOqvJRV/GT?= =?us-ascii?q?xZ+00Ytp4TCMNt6JPnZ8E/03wE1DXWp2G87BgTUAVzQXlz7Rb86cvBq84jd4rt?= =?us-ascii?q?278Pv1QALg/42PC6dMPtV14B22nLyDOPCKhCZiMzpYzZQMxWLSyLcDwlEShSZu?= =?us-ascii?q?dyOiEbseryLNSrzfmrNPBR4BdyxzLNdI77473gRVJ87bjM7626Vmjv4zFlhFVU?= =?us-ascii?q?btmse3aswWO2u9Lk/IBF6XNLSaIj3G29n3brmhSb1Ul+hbqxywuSqbEkP6MDSM?= =?us-ascii?q?jT/pWwqoMeFWgyGRJAZet52lchZxFWjjS8rrah67Md9zkzI72rg0hnTENW4SLz?= =?us-ascii?q?d8b19Nrr2X7SNdnPpzAWpB4WR5LeOcgSaW8/HYKooKsftsGil0mfhV4HImy7tS?= =?us-ascii?q?6SFJX/J1lzXPod5puVGpiPGPyiBgUBpMtDlEmJ6LsV9lOaXD+ZlKQWzE8w4V7W?= =?us-ascii?q?WMFxQKoMNoBcDpu69K0dXAiaTzJy1Y/9LT58scCNDeKNibP3o5LRrpBDnUARMf?= =?us-ascii?q?TTG2KG7SnENdkPSd93GPqJg1tITskoIUSrBHTFw1Cu8aCkN9EdwYOpt2UCkokb?= =?us-ascii?q?uBg84M4nq/rALcS99GsZDCTP6SBu/vKDmBh7leexQI2a/4LZgUNoDj3UxicEN1?= =?us-ascii?q?nJzSG0fLU9BNozdhbhQooEVD8Xh+SHc820T5ZQOs+nATEeS4nhksigtxee4t7i?= =?us-ascii?q?vj408rJlrWoys9iFQ+mc77jj+Lfz7xNr2/XZ9NBirvrUcxMY77QxxvYgGomUxk?= =?us-ascii?q?KTHESKhLj7d5aWBrjwzcuJtIGfJGS61LfgMQz+mNZ/o0yVRctjmnxUhf6OTeCJ?= =?us-ascii?q?timwwqcZi3on1dxQ1sd981KrbWJKZTyVhQnK2OtDey1u8t2A8eO1oN8GSKdSES?= =?us-ascii?q?t0wHLKcmKDSz8+xr8QyNhT1DeG0WWPorpvJl7UQ9OuuawyLnyb5DJVi7N/aDIK?= =?us-ascii?q?OBp2jAicmIT0ss1kMPkklJ56J20cAickWKUUAg16GRFxMXOsrBMgxac81S9H3P?= =?us-ascii?q?cimUquXN3Yh5P4OjGeD0VeWOrrobglq4HAY1GIQB9sIBEYe230HcNsrnL7kFyQ?= =?us-ascii?q?4x5AvxIlWFF/dJeBORnDcBvc6/0Id93ZNBKTEFHWV9LSK3667NpgA0m/qMQs05?= =?us-ascii?q?Ym0GUYsELX85Q8y6mzREsHRHAjm3yvgZxxaC7jPmoCTfEiX8ZcJ5ZPiIfRNsFM?= =?us-ascii?q?22+TIn/qerk1HX7JTeKHzhNdl5oNDP8/kap5GJCvNPU7Zyr1rcm5NZR3y2U2/D?= =?us-ascii?q?C9i1KIbsa4M0d9z7Fm66UkCjizIyV8rxMsytIbaVjgHzX4lUtpWb3Dc4NcKmDD?= =?us-ascii?q?4RBxJwq/sE5KJmag0Je4A7bgLwtwQiK6y/Jx+V0tGpQ2a3NzRWSfhezeKharxY?= =?us-ascii?q?ySosc/W2yHw6TpE11+O361ICRIkWjhHCwvauf5JeXjb3GnxcfQXPuCU4mnN9Oe?= =?us-ascii?q?Y1x+cw3AnHsUIAMzyRcuxmdnBEtckmBVyOOXV2FnY4R1iEgIXe/gGs2rcS/y1B?= =?us-ascii?q?n9pJyuBFrmbxvoXeYDOtX6yrr4/Zsyw+Ytg6u6dxK5DsItOatJPCmTzSVJrQsh?= =?us-ascii?q?eFUSGgEfpahthQLTlXQPlPgWEqJdYKuYxf5kotTs0+PaBACLEwprC2bjppFTIS?= =?us-ascii?q?zS4cV4OHwDwCgue91qDHmReRcJUtKgcLvI9EgtQDTy58ejkeq7O7V4XKi2+ETX?= =?us-ascii?q?AGIAgJ7QtW4gIAipR9fuHi4IvGSp9M1z5WrOx1UivNCpln6UH7RnuQgVfmVPWr?= =?us-ascii?q?i/ap0h5KzPLwztkbXwZyBlJZx+ZXikQnNql4K6wQv47MtT+Ic1n1sXn2x+unPl?= =?us-ascii?q?ZRz9TYd1PlDIbfs2rzTDEc82UORYBT0HHfCYgSkw1hZakwulpMJpurdVzj6Dw6?= =?us-ascii?q?2YtpBaK4Wtqxx1clt3oGQD2qE9VZAeF8rF3XQCFlY4ysqJj9IZVSRG5Q94Gdq1?= =?us-ascii?q?delEVtKDa3x4NBJc9X/jMCWyNCrimavNu3VMJMw9R2D4MWLtd5pXj9BLtOOIKN?= =?us-ascii?q?rH0uprzv1njZ9iggv1e43jq8B7S1QP5e/20aHgUpJnqRqlMzD+Qy7mjS8krBsl?= =?us-ascii?q?du/+dUHrKPl1l+oC5hHpBSATZEzWqlIE5pTHlBqOpXM7jVc9ZGTPksexCvPx0+?= =?us-ascii?q?Ffgp30yN/EF0knf5YzB8tgRA4SDdWhM4VS8LjbfxgTcesN2oOScGS5JUajUsdy?= =?us-ascii?q?nEJxiHliBXvRZfbkBqVIoaAtte+rEUw5Vb8dTYRUarMyEFUwRoNhgk3vpHiU5D?= =?us-ascii?q?rEKYdDjFDQqvcfbAqAd3fMmWrM6tIvT05wJHioTgsOAj6aoMW2emmQq2QdDFro?= =?us-ascii?q?/8sNKKulGJdKfiPO22eWXBQyTUjRCsmbckCIHH8DLJMApGLZl203kkbIPgCW7K?= =?us-ascii?q?PBRGO7kUK1BdVa9kddVMuvpaaNN8eKYV5a9tAQqKRg/oGIyqt/RGMkrfRTHFIC?= =?us-ascii?q?mb9Oywv57T56THSef8fsyM22rHQ6VvM5d68zb7Aa3l0YtD9Uftx/hi6Ft6SUDY?= =?us-ascii?q?PCCFstvhPBkH5M64dkvtppcpBy/ZAI9skHrxwUFNb8gXQyq0/5kD1ZxW9m3wRv?= =?us-ascii?q?xi0kjvruJd6qNo6Y8p7LB10c20P7vdKexGsU97BRiZHh5l9psxD2RjRW1df+Ec?= =?us-ascii?q?JezNcqQeiMDht/r4F7cL6BGP/exWd8fHLVnbmsajEjGcVQBEnAAZpD4AMASTyv?= =?us-ascii?q?6FlLVoScu+oej53Vwt7EagIhEay7Bi+JmL9rCOpODJcxvb1aIEVbTyRsPvsrQs?= =?us-ascii?q?vFuf5eU/lL4SYGN6fhGnHfMGVs4a22fg17wlwjwqE8PfBbLv4vpDW2g+njL6lJ?= =?us-ascii?q?B3B08WFe8MHbqX4YRemX81m/DDNtIIbK9Nh32CFQOgEr8e036k8TWXIGhighHK?= =?us-ascii?q?zR7wXXm/7FjsrS93WSHM1cvsklJJVrmrAkdfRy+pNlV8sDOLIgXoqMb3tr4v40?= =?us-ascii?q?wtNGzrqs6NlHC9N7xNB83wOsaQIS8qq1ILlJcxXMCg2ZgHGdqhJ9cc6HN+YeHE?= =?us-ascii?q?62OsiC9Bp71Ih5TF78GQ5/XXGWWgj6yGpLWM3j9YzGM4sUs46tC6OfHE/8eKTO?= =?us-ascii?q?iw12YNUyd/vBPMXxyvpbzdoVAUI0uL31rVl4ERItFWx3841lrh5OQ5RtI86hle?= =?us-ascii?q?HJ7aZ/wevTDzJCf0wVGHbtI4Syme0j9XHlbrHll9A6UzxXz/s9nIlXjK/V0kXI?= =?us-ascii?q?5wd1bohRZvFYU3NVot6EQLwioECQUNbxSbAaqpBUTjKIsIT0kDaRKJ3LigYKg3?= =?us-ascii?q?xlFzwqmy5ODPcex8GrANOehHgg6JhlhbFYocsbcCT7JkZ19d6KnXqxDnC4jgWf?= =?us-ascii?q?jmiXUwOuOuT8Bf8MAWrX0i7RijRxuu7pdD9bUbiIuSeq5Cf5fMoNh271176j4X?= =?us-ascii?q?aixNnB9/ggu9UeAHoeDu4sPWsJS25emzU6YtXf8Y9wAuB2R5jZv/nkwsoc3N2+?= =?us-ascii?q?dbUI3Vhpz18BpRLH6SpIbazx58JPIVK42xYrZv7XoHKDYFJ38VJtqZcec87DVi?= =?us-ascii?q?MDrN/FxOGMUMas0EPMDVgwBbllXpWK1P9srcAlKYCYZzd8Uz4mry1j808YUzUv?= =?us-ascii?q?zh6D+wKpDT9VdNMO1fjC90jtLNuPAVwebOCCgQ+XSZahl0zTmYxJaREPvw5vuD?= =?us-ascii?q?yM3KWFwaBCI2VJ1dJDWa8wy9WuW1jInpUh+T6sLrm50+dVmQR3Krk6QHs6ZMDf?= =?us-ascii?q?ZAhT/m3jhaDY36m/WVvMey52RNq11HCoFz7QffF6lFOZV7Ixv4nNGxRkdgHiv/?= =?us-ascii?q?ZN3Udh02teqO3OgM//lxN0vwZI8cOBIEyKv26WFLQQtqSb72uEuZXO0Kadt+Uv?= =?us-ascii?q?zEsmxa6YJuKq8IJlidp4bmrjRWp1AsBg8mdrswoiZddknUkw1fQ7z0t6IYigsA?= =?us-ascii?q?Td55vldBGX6qOG0g4zrIT6JVg7eKBfMI8zWTQa0OU1lyPSNlWRy1wohud6Gvnf?= =?us-ascii?q?9ZrmNMhjl9r+Qy0zx6WBu8vjXhp60X1jI65r64qDUBtGdBTuWfjyfHF1VDw+4X?= =?us-ascii?q?jacHEXri70KzYGUbZovo/LZnPdjg9ZUm43knbhUsYSsGXfinCyH3iK+IGZKAsN?= =?us-ascii?q?ZdhB6LpcXPYqS+LSwMObQnyRPsXWJx0g7AkxZ06GELWCmv7Mc4JIWhPsYo3iyo?= =?us-ascii?q?GWnHe1YL5qNGqtDxuUQKTOsxblNh235j39OCRiACS83DAWE1jhIraW9capJM9Q?= =?us-ascii?q?caF7U0gjaPpqRG8R0bYCzPEoi854feksHG2Xg7Tdd3yWPbvaKFhpYw331jhdx4?= =?us-ascii?q?9CmOuG4dd+bASc9jHmDz1ptDyez5f/itsOcHSItgyLi7TPACMs2j+Xar15RrW0?= =?us-ascii?q?+lwK8eH1m4MOIY2LfbUjmlRnecWeuWcmiAhTA5PVDu5ROwNF04dN9Kr1MhMuvF?= =?us-ascii?q?npNclhPhXqlyRiiLoV/b0XEsMeIddwItoounfBYKTOEJbeiGOecu2OE+CEcLb3?= =?us-ascii?q?LRHyt5FeG2sVCpnIVgNXRv+0P6bvrx8gz8NtudBAUEG5bArpFt4fy6Wn6BOXh4?= =?us-ascii?q?wR19OEl08OneGEo1tu9YaJuRht/Qh9J60eEZbfttNzMyusILkIJ59YaUyNuKcQ?= =?us-ascii?q?3WzpvqJ9HVoviZA+XYz0Que2FaTqQWbBjw54U7It45QaPcEaFevRQGCqgwWIYh?= =?us-ascii?q?OHvp9KFoMANzdRbcZKi1gsnvve+LeppUqGPV7l0uKCfQoRsDxeKoTQZjdZClm2?= =?us-ascii?q?3yIIwsRjJGt9BtDxpmHIhMG8MHtAenAYSbmKK8i9+35Ux6vfUGsazuBfDWzN65?= =?us-ascii?q?xZl+X4BG5UyXOzbcHLJkjVpjjuSumfrAyZ3xCcT+edMYSuh0XHPKZqXBHoWlJT?= =?us-ascii?q?KEItj8dFJe876AzLJ5VQ2cZC7nUKqCtS2kLOtr7F46y4x5eerTySIi76vf2NTs?= =?us-ascii?q?fW1boT2jrXGRPptF8FPKHfDeXw5TSfed/mdlBbcXbYro++gQKtEixdmc4xVp7D?= =?us-ascii?q?tcyseFJLKhrkDU0EJhaZ3bNFfp2zo+WYQSJxS/NVUjjHTBqnTZG3tcNdSkKchx?= =?us-ascii?q?j9aJFBzi+Vd+lXsrZmFfBmriXc2RNnQD28KieA2K8xpGD9ICn+6xZE45ubS+Se?= =?us-ascii?q?1pOpVeheWqr64KkddzJCHJQ8hWJSbQLKV5PjBJFOXAuEAoYgIYs7gyQoo1foaB?= =?us-ascii?q?IEcGMEeG1CPzwgzO30Lod9ysyqmJOjgZ8m1dwL/e0jhDuRO5ufCHjc3nS7/ZcZ?= =?us-ascii?q?72UOTVMCo/WTGQXS4yHlqx+Ve4p/oEu+KVIWIFrV8IYiKSCQgTpqd0oNjOD2/T?= =?us-ascii?q?n/NsfJkLhPCcRiDxRzd0lK0oBiZErUqMWeYMFRHKb3/9h2pRoA6iKeVP/XLidL?= =?us-ascii?q?KV3bdVW+oKAotMdf2ZXtTYefBCJzsykDUWJvq8dcXGr7klylLIUXcZE67Q+V2R?= =?us-ascii?q?VkGZWeacxzP1UoURpIU0pC4o9cjLni92DqTEJbCfqCCy8oSgliaXpfXeVnUxY0?= =?us-ascii?q?wymO8CAmyBwB5aKGEeCtEVo1rgQqiaaEZJyn0piPhi2xgWeAR8SnduyGFZnO6h?= =?us-ascii?q?Gs1FTl4ZlHiuQPMDbF9rDT49/lSH4hPsbtwauMDSRmhe9r0WRYobMvYo9JHdOL?= =?us-ascii?q?EMz/YxwDJmvCs6vj2fD1NaiAKF97HdHKdiybJf62k4+Ot2UV2RTD/FdGjI1Jam?= =?us-ascii?q?WIpzwnJ1rHTl0dfE9rR2Ob9boZxpKEsbCiJxYNbG9HZOVn+iiyWouBPuFzuMJz?= =?us-ascii?q?QU+35fLiMXceB41Md0txHHctvE4EKU8akmrR34Wk6wFrOo1ckTWYnS3gKiZHwO?= =?us-ascii?q?Lzg=3D?= X-IPAS-Result: =?us-ascii?q?A2ErBQC034hY/wHyM5BeHAEBBAEBCgEBFwEBBAEBCgEBgwo?= =?us-ascii?q?BAQEBAR9ggQkHjkeoDz8jDYYSgXsHVwEBAQEBAQEBAgECXyiCMxsJBD0NLwEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEWAg0ePwEHAiAEDQwBDSAMAgECCQIFDgICBAMBAgM?= =?us-ascii?q?CIgQCAgIBAR4PAwEFAQsBCA4ICwUYBIhfAQMYDqIoP4wCgWs6JgKCYQWDZwpAD?= =?us-ascii?q?YMXDAEdAgEFEnmFP4dBO4ENAhEBD4MTgl8BBJtOglKEE4sOhAOGRYYnSJBsFB6?= =?us-ascii?q?BFFh0JS8VOxSEGQ8cgWJyAYVuAg0XghcBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 25 Jan 2017 17:29:26 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0PHTKeG017784; Wed, 25 Jan 2017 12:29:22 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v0PHTJjp179259 for ; Wed, 25 Jan 2017 12:29:19 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0PHTIGk017782 for ; Wed, 25 Jan 2017 12:29:18 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DKAQBC34hYfzVSfUpeHAEBBAEBCgEBgzUBAQEBAX+BCQeDTbNMDCCFcgKCGQdXAQIBAQEBAQITAQEJCwsKG4UaASkEGQE5AxIOAgYDAQIDAiYCJBIBBQEUDhOJAAEDGA6eZ4NAP4wCgWs6gwkFg2cKQA2DIx4CAQUSeYU/h0E7gQ0jgxOCXwWbToJShBOLDoQDjGxIkGwUHoEUgXAvFTsUhBkPHIFiPTUBhW4CJIIXAQEB X-IPAS-Result: A1DKAQBC34hYfzVSfUpeHAEBBAEBCgEBgzUBAQEBAX+BCQeDTbNMDCCFcgKCGQdXAQIBAQEBAQITAQEJCwsKG4UaASkEGQE5AxIOAgYDAQIDAiYCJBIBBQEUDhOJAAEDGA6eZ4NAP4wCgWs6gwkFg2cKQA2DIx4CAQUSeYU/h0E7gQ0jgxOCXwWbToJShBOLDoQDjGxIkGwUHoEUgXAvFTsUhBkPHIFiPTUBhW4CJIIXAQEB X-IronPort-AV: E=Sophos;i="5.33,284,1477972800"; d="scan'208";a="5920492" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 25 Jan 2017 12:29:17 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3AfX8/WRY+Qzkk8v9oETP5BLb/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZoMmzbnLW6fgltlLVR4KTs6sC0LuK9f27Ej1Rqb+681k6OKRWUBEEjc?= =?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRo?= =?us-ascii?q?LerpBIHSk9631+ev8JHPfglEnjSwbLd9IRmsrQjcuMYajI9mJ60s1hbHv3xEdv?= =?us-ascii?q?hMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTD?= =?us-ascii?q?QhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlS?= =?us-ascii?q?EKPCM7/m7KkMx9lKJVrhyiqRJi3YDbfI6bOeFifqPEZ94WWXZNUtpTWiFHH4iy?= =?us-ascii?q?b5EPD+0EPetAs4b9qFoPrRy4BQayH+Pk1zhFiWP53aw71OQhFx/J3Bc7EtIBt3?= =?us-ascii?q?TUq9r1NKMMXuCw1qbIzDHDY+lK1jf67YjFaxYsquyCU7J3dMre00gvFwXdg1Wf?= =?us-ascii?q?qIzlIzOV1vkWvGSB8+VgUuevh3Y6pA5vuTevx90jio/TioIS0FDE+iN0y5s2K9?= =?us-ascii?q?2gUEN2Y9GpHIFNuy2EN4Z6WMAvT39ytCs6xLALv4OwcjIQx5Q93RHfbuSKc4iW?= =?us-ascii?q?7RLnU+acOTJ4i2hkeLK7nhqz/02gxvHlWsm60FtHoDBJktbLtnAK2BzT7taIRu?= =?us-ascii?q?Fh8Uem3DaDzwHT6udaLkAojafWKZEszqQtmpYNsUnPBCz7lFvsgKKWeEgo4u2o?= =?us-ascii?q?5P7mYrXiqJ+cLYh0igTmP6sylcy+AOM4Mg4QUGiA4um827rj/Ur2QLVOkPI2l7?= =?us-ascii?q?PWsJHeJcgBuqG5BApV3p456xmjFzemzMgYnX4fIVJeZh2Hi4npO1fTIPH3Fvq/?= =?us-ascii?q?n1Stnytrx/DBJLHhBI7NIWLZnLfuerZ99R0U9A1m1t1b5pRJGvlVO//3W0nspP?= =?us-ascii?q?TEHxQ5NEqy2O+hB9JjgNAwQ2WKV6SWIqTUvETAsukgMe6KaZQ9tzH6JPwo4vfv?= =?us-ascii?q?iTkynlpLLvrh5ocedH3tRqcuGE6ee3e52to=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EuAQC034hYfzVSfUpeHQEFAQsBFwEBB?= =?us-ascii?q?AEBCgEBgwoBAQEBAX+BCQe2VkMMIIVyAoIZB1cBAQEBAQEBAQIBAhABAQkLCwo?= =?us-ascii?q?bMYIzGQsEPQ0vAQEBAQEBAQEBAQEBAQEBAQEBARYCDR4/ASkEGQE5AxIOAgYDA?= =?us-ascii?q?QIDAiYCJBIBBQEUDhOJAAEDGA6eaINAP4wCgWs6gwkFg2cKQA2DIx4CAQUSeYU?= =?us-ascii?q?/h0E7gQ0jgxOCXwWbToJShBOLDoQDjGxIkGwUHoEUgXEvFTsUhBkPHIFiPTUBh?= =?us-ascii?q?W4CJIIXAQEB?= X-IPAS-Result: =?us-ascii?q?A0EuAQC034hYfzVSfUpeHQEFAQsBFwEBBAEBCgEBgwoBAQE?= =?us-ascii?q?BAX+BCQe2VkMMIIVyAoIZB1cBAQEBAQEBAQIBAhABAQkLCwobMYIzGQsEPQ0vA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBARYCDR4/ASkEGQE5AxIOAgYDAQIDAiYCJBIBBQE?= =?us-ascii?q?UDhOJAAEDGA6eaINAP4wCgWs6gwkFg2cKQA2DIx4CAQUSeYU/h0E7gQ0jgxOCX?= =?us-ascii?q?wWbToJShBOLDoQDjGxIkGwUHoEUgXEvFTsUhBkPHIFiPTUBhW4CJIIXAQEB?= X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="2592134" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-wm0-f53.google.com ([74.125.82.53]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 25 Jan 2017 17:29:16 +0000 Received: by mail-wm0-f53.google.com with SMTP id r144so42796353wme.1 for ; Wed, 25 Jan 2017 09:29:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=9pFVG+w7RjES0L4tzadOBZ1XZwNeuAWU1HYRYBgd+k4=; b=S7kwvQAcpylidG0ouzfWnGntVk5vJJF13AIGXpxLbyY2EX5kdptKHYMuUTrIqxadWD /6w5PYHAahay9wvKeYdbBDGoN0g9BJbZAzrdl/56zlthl2YPaXVikF44caovS6lRXmAe YdervaHzGx1EpDxKgeCOhl0V2GJVVX5py65P++DbQLBH1KfOJ7tgOcRP3MzkKKjLuIqu GSl014NGQ72DZGCfsNpMHmn4ox7xTQsmpU7VU1bKrPofgGUTmOy+MsG+U2m7PcoVTdup OOtjtjVZBZrnlJzMhdoo0fOoACWKPTFBvaWXoVzVA1/ffU/gEwOKGcXv/tIblRpyPwgL sJew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=9pFVG+w7RjES0L4tzadOBZ1XZwNeuAWU1HYRYBgd+k4=; b=iMF4EGCAyCG0h5yroHbClLIujLQ0PVe3Ge8DO0oGMaFyUekoX1Y57OCjPig05oPHVX EW+XewhPjGGkvE7EHSiMdLLWgDoYecMt9pYrh85GQQs3JtL2NOTPoF6+RUU9kKVgYuD4 f6bSnSQeVUu0Wa3Om7jqgBQ2JEl9sERI8V0BWojpP9ioMBgD1W5uzh+irwLPlMpZSTfe 0KKh27Kxk0V4KtnMjolbNAFx2D8ZY5TyjWRjm911LEg48vxjjA97yejhTgUkluRM2H1a do6QpQis4pVLBlY5vvrecPmbhaYbnh9CUiInuwa2bSDjZSwCV1IZMxoyMyU8NAujuM6V tQGQ== X-Gm-Message-State: AIkVDXJxOrcOuYdiofHW+b+wub2zKMhoxxCXnZk4cLPMmNAq95bSRVcSrzK7agyk9fKE52b+S4aVAiNDc2oRaw== X-Received: by 10.223.131.99 with SMTP id 90mr34326260wrd.146.1485365355194; Wed, 25 Jan 2017 09:29:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.177.6 with HTTP; Wed, 25 Jan 2017 09:29:14 -0800 (PST) From: cgzones Date: Wed, 25 Jan 2017 18:29:14 +0100 Message-ID: Subject: dpkg: run maintainer scripts with SELinux user system_u To: selinux X-MIME-Autoconverted: from quoted-printable to 8bit by prometheus.infosec.tycho.ncsc.mil id v0PHTJjp179259 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Hi list, I created patch against dpkg, which is reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852539 Laurent suggested to post it also on this ML for discussion. Currently, dpkg runs its maintainer tasks in the SELinux type dpkg_script_t without changing the SELinux user or role. So when running root as sysadm_u:sysadm_r:sysadm_t, the tasks will be run in unconfined_u:unconfined_r:dpkg_script_t. The problem are the postinst scripts: They create files and run binaries. Almost all the files created in this way do not have the correct file context system_u:object_r:*, which can break a ubac enabled system. e.g.: Would relabel /usr/share/info/dir.old from staff_u:object_r:usr_t:s0 to system_u:object_r:usr_t:s0 Would relabel /usr/share/info/dir from staff_u:object_r:usr_t:s0 to system_u:object_r:usr_t:s0 Would relabel /var/cache/man/pt/index.db from unconfined_u:object_r:man_cache_t:s0 to system_u:object_r:man_cache_t:s0 Also, for example, the exim4 post install script does some work leading to run exim in system_mail_t, which is not allowed to run under the roles sysadm_r/unconfined_r. type=PROCTITLE msg=audit(01/24/17 15:51:28.963:2602) : proctitle=/usr/sbin/exim4 -C /var/lib/exim4/config.autogenerated.tmp -bV type=SYSCALL msg=audit(01/24/17 15:51:28.963:2602) : arch=armeb syscall=socket per=PER_LINUX_32BIT success=yes exit=4 a0=local a1=SOCK_STREAM a2=ip a3=0x0 items=0 ppid=22511 pid=22748 auid=christian uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts1 ses=359 comm=exim4 exe=/usr/sbin/exim4 subj=staff_u:sysadm_r:system_mail_t:s0 key=(null) type=SELINUX_ERR msg=audit(01/24/17 15:51:28.963:2602) : op=security_compute_sid invalid_context=staff_u:sysadm_r:system_mail_t:s0 scontext=staff_u:sysadm_r:system_mail_t:s0 tcontext=staff_u:sysadm_r:system_mail_t:s0 tclass=unix_stream_socket This can cause issues when upgrading packages in enforced mode even as unconfined user. The following dpkg patch runs the maintainer tasks in the context system_u:system_r:dpkg_script_t (may be altered inside the SELinux policy): Note: The patch does not touch the SELinux detection in the build logic and the SELinux policy has to be updated beforehand. From: root Date: Mon, 9 Jan 2017 22:42:03 +0100 Subject: [PATCH] dpkg: fix maintainer SELinux context --- src/script.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 85 insertions(+), 10 deletions(-) Best Regards, Christian Göttsche diff --git a/src/script.c b/src/script.c index 2f252ae..72b92cf 100644 --- a/src/script.c +++ b/src/script.c @@ -32,6 +32,7 @@ #include #ifdef WITH_LIBSELINUX +#include // isspace #include #endif @@ -141,23 +142,97 @@ maintscript_pre_exec(struct command *cmd) return cmd->filename + instdirlen; } +#ifdef WITH_LIBSELINUX +/* + * derived from get_init_context() + * https://github.com/SELinuxProject/selinux/blob/master/policycoreutils/run_init/run_init.c + * + * Get the CONTEXT associated with the context for the dpkg maint scripts. + * + * in: nothing + * out: The CONTEXT associated with the context. + * return: 0 on success, -1 on failure. + */ +static int +get_dpkg_context(char **context) +{ + FILE *fp; + char buf[255], *bufp; + size_t buf_len; + char context_file[4096]; + snprintf(context_file, sizeof(context_file) - 1, "%s/%s", selinux_contexts_path(), "dpkg_context"); + fp = fopen(context_file, "r"); + if (!fp) { + ohshite(_("Could not open file %s\n"), context_file); + return -1; + } + + while (1) { /* loop until we find a non-empty line */ + + if (!fgets(buf, sizeof buf, fp)) { + break; + } + + buf_len = strlen(buf); + if (buf[buf_len - 1] == '\n') { + buf[buf_len - 1] = 0; + } + + bufp = buf; + while (*bufp && isspace(*bufp)) { + bufp++; + } + + if (*bufp) { + *context = strdup(bufp); + if (!(*context)) { + goto out; + } + fclose(fp); + return 0; + } + } + out: + fclose(fp); + ohshit(_("No context in file %s\n"), context_file); + return -1; +} +#endif + /** * Set a new security execution context for the maintainer script. - * - * Try to create a new execution context based on the current one and the - * specific maintainer script filename. If it's the same as the current - * one, use the given fallback. */ static int -maintscript_set_exec_context(struct command *cmd, const char *fallback) +maintscript_set_exec_context(void) { +#ifdef WITH_LIBSELINUX int rc = 0; + char *dpkg_context = NULL; -#ifdef WITH_LIBSELINUX - rc = setexecfilecon(cmd->filename, fallback); -#endif + if (is_selinux_enabled() < 1) { + return 0; + } - return rc < 0 ? rc : 0; + if ((rc = get_dpkg_context(&dpkg_context)) < 0) { + ohshit(_("Can not get dpkg_context")); + goto out; + } + + if ((rc = setexeccon(dpkg_context)) < 0) { + ohshite(_("Can not set exec content to %s"), dpkg_context); + goto out;; + } + + out: + if (rc < 0 && security_getenforce() == 0) { + rc = 0; + } + + free(dpkg_context); + return rc; +#else + return 0; +#endif } static int @@ -190,7 +265,7 @@ maintscript_exec(struct pkginfo *pkg, struct pkgbin *pkgbin, cmd->filename = cmd->argv[0] = maintscript_pre_exec(cmd); - if (maintscript_set_exec_context(cmd, "dpkg_script_t") < 0) + if (maintscript_set_exec_context() < 0) ohshite(_("cannot set security execution context for " "maintainer script")); -- 2.11.0 The policy patch would look like this: From: cgzones Date: Tue, 10 Jan 2017 14:19:54 +0100 Subject: add dpkg_context appcontext --- Makefile | 2 +- config/appconfig-mcs/dpkg_context | 1 + config/appconfig-mls/dpkg_context | 1 + config/appconfig-standard/dpkg_context | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 config/appconfig-mcs/dpkg_context create mode 100644 config/appconfig-mls/dpkg_context create mode 100644 config/appconfig-standard/dpkg_context diff --git a/Makefile b/Makefile index 154beb57c..1ad9e079f 100644 --- a/Makefile +++ b/Makefile @@ -250,7 +250,7 @@ seusers := $(appconf)/seusers appdir := $(contextpath) user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context dpkg_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types lxc_contexts virtual_domain_context virtual_image_context) $(contextpath)/files/media $(fcsubspath) $(user_default_contexts_names) net_contexts := $(builddir)net_contexts all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) diff --git a/config/appconfig-mcs/dpkg_context b/config/appconfig-mcs/dpkg_context new file mode 100644 index 000000000..f7ed03c8c --- /dev/null +++ b/config/appconfig-mcs/dpkg_context @@ -0,0 +1 @@ +system_u:system_r:dpkg_script_t:s0 diff --git a/config/appconfig-mls/dpkg_context b/config/appconfig-mls/dpkg_context new file mode 100644 index 000000000..555917148 --- /dev/null +++ b/config/appconfig-mls/dpkg_context @@ -0,0 +1 @@ +system_u:system_r:dpkg_script_t:s0-mls_systemhigh diff --git a/config/appconfig-standard/dpkg_context b/config/appconfig-standard/dpkg_context new file mode 100644 index 000000000..7c56bf1f5 --- /dev/null +++ b/config/appconfig-standard/dpkg_context @@ -0,0 +1 @@ +system_u:system_r:dpkg_script_t