From patchwork Wed Jan 25 17:26:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 9537587 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 76B536046A for ; Wed, 25 Jan 2017 17:27:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 66B46281B7 for ; Wed, 25 Jan 2017 17:27:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5B3A12830A; Wed, 25 Jan 2017 17:27:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E9426281B7 for ; Wed, 25 Jan 2017 17:27:05 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="2592015" IronPort-PHdr: =?us-ascii?q?9a23=3AnMwUVhIf8OH3ykN3tdmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgQKf3zrarrMEGX3/hxlliBBdydsKMYzbeN+PG+EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT6ybL9oLBi7owrdu80XjIB/Nqs/1xzFr2dSde?= =?us-ascii?q?9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLY?= =?us-ascii?q?TQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVRHniD?= =?us-ascii?q?0DNzUk7m/ZjMJ+h79frB64phFzxojZa5yXOvVjZKPQZdMUS2RCUMhMSSJOGJu8?= =?us-ascii?q?YokSA+cPIelWoJfyp0AVoBuiHgahHv/jxiNUinL026AxzuQvERvB3AwlB98BrH?= =?us-ascii?q?vUrdTyNKcUT++117TDwDLfYPNZ2Db9747IfQ46ofyXUrJwds3RyUYrFwzbi1Wf?= =?us-ascii?q?s43lPzeP2usRtGib6vNtWOSygGAprAFxpyKgxsYqioTRiYIVy0zE9SVkwIkuP9?= =?us-ascii?q?G3VEl7Ydu8HJRNqS6VLIp2TdkkQ21yvyY60LIGtJimdyYJ0JQq3wPTZvOIfoSS?= =?us-ascii?q?4h/vSfydLSl3iX57Yr6zmg6+/Eqvx+HmS8W4zlZHojBGn9XSrHwA1wDf586aQf?= =?us-ascii?q?Vn5EihwyyA1wXL5+FBJkA7iLTUJoY6wr41ipoTqUPDHjLqmEnujK+ZaEEk+u+w?= =?us-ascii?q?5uT7eLrmvJ6cN5Jvig3kLqQvmtCwAeQ/MgQUWWiU5f+826H58U38QbVKiuU6kq?= =?us-ascii?q?jfsJ/EOcQWvrO1DgBa34o56xuzEi2q3MoXkHUZNl5JZQqLj43zNFHPJPD4A+2/?= =?us-ascii?q?g1OpkDpz3PDJILnhApTLLnjen7btZK1y60lByAo10d9Q+YlUB6odIPPzRkDxtN?= =?us-ascii?q?vYAgU/Mwyv2enrEtp91oQAWW6XGK+WLLvSsUOU5uIoO+SMZogVuDDnJPg55/7h?= =?us-ascii?q?l3k5lEQffamu25sXbWq3Hu96I0qHe3rsmc0NEWAQvgoxVObqkkGNUSZPZ3auWK?= =?us-ascii?q?Ix/jM7CIC8AojfRYCtm7uB3CG6Hp1IfW1GBFSMEWrndoqfRvcMbj6SItJ7njwD?= =?us-ascii?q?T7ihRJcr1Quyuw/i17pnMu3U9zUAtZ39z9d6+evTlRAu9TxzFMmd0n+CQH9qkW?= =?us-ascii?q?8SQD82xq9/q1Rnylifyah4n+BYFdtL6vxUVQc6M5jcwPFkBND2WwLMZc2GR0i8?= =?us-ascii?q?QtWhGz0xScgxw9AWaUZnB9qilgzD3zatA7INirOLGIY78rjH0nftIMZ9zmrJ27?= =?us-ascii?q?M6j1k6WMdPM3OphrJn/QjJG4HJi1mZl7qtdakE3S7N8nuDwnSKvE5GVQ5/T7nF?= =?us-ascii?q?XWofZ0bNqtT5/l3NT7mrCbs9MwtBzdWNKqxFa9HzilVGXvjjMszEY22tg2ewGQ?= =?us-ascii?q?qIxrSUYYvqemQd2yPdBVMBkwAX5HqGNA4+Cj2no23EFjxuFlPvY13y/uVkrnO0?= =?us-ascii?q?UFM0xRmQb0J9z7q15gIVhfuERvwNxrILoj0hqzRvHFumx9LZEcCApwt6fKVEZd?= =?us-ascii?q?My+ktI2nzDuwx6JJygILhohkQCfARvo0PuyxJ3B51OkMgrqHMqyRR9KbiD3VNP?= =?us-ascii?q?aTyXwJfwOqfNJWnq5hCvbKzW1U/C39aK4KsP7+44q1r7tgGzCkUi62ln08VS03?= =?us-ascii?q?aE6JXKFhAdUZTtXUY27Bh3vLTaYjE854/Nzn1tP7K0viXF29IzC+sv0gygcMtH?= =?us-ascii?q?MKOYCA/yFNUXB8u0J+wpnFipcwkJPONI+643OMOmauGK2KmxPOZvhDiml3hI4J?= =?us-ascii?q?hh0kKQ8CpxUvTH0Isfw/GZwASHTSzxg029vcDyg4xEYisSHmWnwyj+GIFRfrFy?= =?us-ascii?q?fZoMCWq2P8K43NF+iID2W35E9F+jAEgL2NS1dhqTcVP92xFQ1UUNrnC9nyu30S?= =?us-ascii?q?B0mSkzrqWDxCzO3/jidB0fN25LWmZiiVPsIY+vgtAeQUiocw8plB6/6krgwKhb?= =?us-ascii?q?vqt/JXHJQUhUZyj2M31iUqyou7qZbc5P8pQosT5LUOmnelCaTLn9ohUf0yz5GW?= =?us-ascii?q?tS3jY7eC+2up/hhRx1lHqdLGpvrHreYcxxyw3Q5NjARfFPxDoGXzJ1iSfJCVim?= =?us-ascii?q?JNap4NCUm43EsuCkWGKrTodTfjXzzYOcqCu74nVnAQGikP+um93oCww63DTn2N?= =?us-ascii?q?ltUCXHsAzzYpL316igN+JoYFVoDkfm68VmAoF+jpcwhJYI1Hgch5WV+X4Hnnno?= =?us-ascii?q?MdhAw63xcmANRTkRz97S+gjl11VpLmiVyILhSnWd3sxhasGkYmMXxi0988dKCL?= =?us-ascii?q?2O4LNYnSt1pVy4rQ3KbPh5nzcdz+Eh6GQdg+0Tvwot1CqdCKgIHUZEJSzsiwiI?= =?us-ascii?q?79emoaVTZWavaqSw2FNlnd+/CLGCowdcWGv2e5o5Bi9w9sR/MFTN0HLv8YHoYt?= =?us-ascii?q?/QYswPtheMiRfPk/BVKI4tlvoNnSdnI2X9vXkhy+EllxxhwZa6vYacJmV24aK2?= =?us-ascii?q?HgVYOifyZ8MJ9THnlbxekdqO34CzApVhHS0GXIPyQvK1FDIer+7oOxyVHz07rn?= =?us-ascii?q?ebBb3fHQmE5Udjs37PFZerOG2NKHkf09piWAGXJFZDjwAMQDU6gpk5GxipxMP/?= =?us-ascii?q?dkd5/Ssc5l3mpRtK0eJoMQfwUnvFqAevcDc0R4CVLABK4QFa+0fVLcue4/prHy?= =?us-ascii?q?5C452hqBKCKnSBaAROEWEGRFaECkv+Prm1+9bA6fOYCvClL/vJfLWOs/BRWOmG?= =?us-ascii?q?xZKoyItm8CiDOt+JPnZ8E/0xwlBDUmxhG8TFhzUPTDQalzzLb8GGvxq85Ct3od?= =?us-ascii?q?2/8PjxXgLg+5ePAaNIMdpz4xC2nbuDN+mIiSZhMzlYy5cMyGTUx7gewF4Tizhi?= =?us-ascii?q?dze3HrQGryLNS7jQmqBPBR4BdyxzLNdI77473gRVOs7aitf12aBjg/4wDFdFW1?= =?us-ascii?q?Lhld+1ZcwWI2G9M1bHC1iROLSAOzLL39n9YbmgRr1IkOVUqxqwtC6VE0D5ODSD?= =?us-ascii?q?iz7pVxW0POFCki6UIRteuJunfRZ1E2jjS9DmZQOnP99rlzE2xqc0hnzSP24GLT?= =?us-ascii?q?d8a19NrqGX7S5An/p/HXZO42F4IumCgSmV9e7YKowZsfFzGCR7i/pa4Ggmy7tS?= =?us-ascii?q?9CxEXuZ5mSXIot5ruV6mlu6Pyzp8XRVUtjlLgZiHvUJ4OaXW7pNAQ2rL/AoR7W?= =?us-ascii?q?WMDBQHv91lCsf1tKBI0tjCj6zzKDZY89LP4cscCcnUKMSdP3onLRXpGSTbDA8f?= =?us-ascii?q?QT6sL2HfiFRXkOuO+X2Nspg6tp/slYITRb9ASlM6DPwaCl5/E9wcO5p3RSkrkb?= =?us-ascii?q?2GjM4S/3Wyth3RRNhcvp/dTPKeGOnvKDGajbhEYBsE27X4IpoPNofjwUxtdkF6?= =?us-ascii?q?nJjWG0rXRd1CuSxhbgAzoEVL63VxU3M81Fnkagy35n8fD/m0ngQ5igFme+Qi6C?= =?us-ascii?q?/s40srJlrNvCY/ikYxls/7gT+PazPxK7+wUp9QCyrxrUcxM5f7TB1ybQy9h0Bk?= =?us-ascii?q?My3ER71Jhbt6aW9rkBPcuYdIGfNEUa1EZxoQyeuNZ/Uv0FVTtCOnylRd5evCF5?= =?us-ascii?q?RilxAnfoKrr3JFxw1sdsU1JbDKKKpP0FdQmrqEvjW02eAp3A8eO0EN/XuUeCEW?= =?us-ascii?q?okMIMqIrJymv/ux39QyNgT1DeHMPV/oruP5q8F0yO/iYxSL6z7FDMlyxN/CYL6?= =?us-ascii?q?6BoWjPi9WITU0q2UMSi0ZF/aN73twic0qOSk8vy7WRFwwTNcXcKQBZdcxS+2bP?= =?us-ascii?q?fSyWq+XC3Yp1P5mhFuDvVeKBqbwbglylHAk0BIQB9d4OHoO20EHfI8bnN6AKxg?= =?us-ascii?q?kw5ATxJVWFEPRIdAiNkDgZv8G11IV30pVFJjEBHWV9Nj265rjNpgA0nfWDR805?= =?us-ascii?q?YnEGXosDLXI7Q9e1lDJcv3haCzm3yO0ZwhCY7zDgviTQECX8b917afeQYhNsEs?= =?us-ascii?q?+5+TM+8qixklPX/ZPeJ3zgOdRloN/P5vsQp4ybBPNMUbl9r0DclpFDR3O0V27P?= =?us-ascii?q?ENi1J4X/aoQ3cdP0DXO6XUClhDIuU8f9JtCtIbaUgQvwX4ZbrJGb3Cw/Nc+6Dj?= =?us-ascii?q?wRBgt/p+QE5KJ6eQ0PfoE2YQD2uAQkNqy+IQCY0tO0T2arNzRWU+FVzf+maLxP?= =?us-ascii?q?0yoscui6xWMjTpEgz+i460gNRI0KjhzFyvajYJFeXjTpFnxbZQrPuTIzl3J9Oe?= =?us-ascii?q?Yq3uc/3BTIvEEAMzCKcexpb3BEv9E8BF6JPHp2C2o5SEWHgobZ5A6jwawS9TNH?= =?us-ascii?q?n9lIye1FrGT+vpjHbTKjQqyks5PVszY7YNgnpK1wP4rjIteGtJzAnzzfSoXQvR?= =?us-ascii?q?OfUCKgEfpVhMRQKjpCQPZUgWElJdAGuY1Z5EUrUsc+JqBAB7c0qbCvaTtkCykS?= =?us-ascii?q?zSkDWI6bxzMCg/2z273DmheebZQuKhoEv4tegtEFSS55fjsepLO/V4XRj2KLUX?= =?us-ascii?q?YEIAEI4AtW+Q0AiJF/fvr+4IXSVp9NyyRao/VuUivEDpNo7Uf0SnmKgVjkT/Ws?= =?us-ascii?q?i/ap3QRTzP3w0tkbXxp/CVNFyehPi0UmMq16Ja4Ls4HWtT+IcF/1s3j2yOu6Pl?= =?us-ascii?q?VRz9Pbd0HgBorfqWX8SjEc+WETRYJX1H7fF44dnBZiZak3o1VMJISmekfg6Dw+?= =?us-ascii?q?24RmAaW3VcCxy1Yit3YGSD+gE8BdBOF+rFLXRDplboixqJr/IZVSRXRf9YaBq1?= =?us-ascii?q?dDikptLTC2yZ5dK8FL7T4MWDlPoTqdvNuuRs1Mw9V2D5oWLtd5pXj9BLtOOIKN?= =?us-ascii?q?rH0uprzv1njZ9igysVug2DqzG664T+dY/2IEGQUkPGWepVcxAOQy6GvS9UrNsl?= =?us-ascii?q?9s9edBGrePlVlxoCp6Hp1WHjZJ0nSlIE5pTHhItOVaLKrVftdZQ/k1Yh+vIAIx?= =?us-ascii?q?GuI830yO5kF0hnb5Yyp9tgdA/CDdRQY0XzEPgrjxgT0ett2nOTgCRp1SdzUhci?= =?us-ascii?q?HFJxiYmS1MvRZfakBqW4wCDdpf/bEUw5dU9NLYSUmwMSEFQABiNgUg3PpDkk5D?= =?us-ascii?q?tV6VeTzBAQqtbvnDqBt3ctmNrMSxNvT24B9Hip/7sOA/76gDR2epmRe3TtDaso?= =?us-ascii?q?DxrcCFuVWWdKfgLeK8ZWHOTCLWgRC3n7ckAIHA/zLPPwpDN5l61X0kbIDjCW7M?= =?us-ascii?q?IxtLPL8UKFRAVa9kc9VGvv5VaNJ+dKYP56BtGgqNRgnzF4y3sPlGMlHTSCzFIC?= =?us-ascii?q?WP7uOzvYDe4aHTROX7esOMwHPHTL5tMZdh9Tn3AbHq3pFC+kDuwPdi6lt6SUTa?= =?us-ascii?q?MyCGtNnhPB0E69SidkT4op0kBjfWAJBukHXz2E1Pa80XTDC0/5gCzpNW9mrwQ/?= =?us-ascii?q?pi0kfvqO1S66Vk6Y4v7rBx0se0Ob3dJulGsUJ8GRiUARhq9o8xD2dhQWBRfvUR?= =?us-ascii?q?J+3VfagDisDuse/3HbQN6BKJ4+xZdcfHJ0bZl8mjEDGTVwJLkxoapD4HKgucy+?= =?us-ascii?q?SFlLVqScakouj53lwi40SkIh4B1rBt6p+O+rCUq+/PcxvR0b8EV7DvRszpqrQs?= =?us-ascii?q?v12d5eE4lLEUYGN4eAunH/YBVs4G2mjv17gqwjw2H8PFAb3g5OZJV2glkTL4h5?= =?us-ascii?q?B9A1IWF+sWHbWR54RemXw4m+jDOd0Iaa1Cn3uPFRq4Er8D1XGr6jGYIG9+gh3U?= =?us-ascii?q?1BHwW2yz5kfsrSBkWSvM08vjkk1NW7m1H0hSWSSpOVV/sDySIgXlr8b3tr4z7E?= =?us-ascii?q?EtNWzortSNm3W9OLlPBc3wOMScITUopFIQlJAxScGv2YEfGdq5PtgR9WpzYebA?= =?us-ascii?q?5Gywki9OuaFHi5DZ4sGP9fXdBWOggLGCq7WR2DBYzWA1vVc76t27N/HO4diKT+?= =?us-ascii?q?6p12YXQSd/oRHOXwWpqrzBslAbJVCL0FrRmIMUJN1Z2mM41k7+7ug5XN0z7Ble?= =?us-ascii?q?FprHZ/4aoDDzPz30wUqQY90pTSSe1jpXEUjzEVZmBKg91mXwvNjKlXfL4VEoQJ?= =?us-ascii?q?d/d1D/jxxtE4o4MV4t6EQQwicbCwgCdA2UAaqnBUTgIooIT04DZgqb3LKiYKc4?= =?us-ascii?q?wVVzwq+z5O/UdeF8A7ENNvNdgwOVklhUBI8ZsaoEQL1mY19d7qnXpgr8BIf7Q/?= =?us-ascii?q?jqj30wNee6QspC68AWq2Mi4hqjRxqn8ZpD9KwUiI6Sea5Lf5fMp9tx71x96j4R?= =?us-ascii?q?bCNNjwZwjwijXeAauu/j/sDRsIC05ea2SKYtW+IX+gA2B2R/ipv9m1Ujrs/X1u?= =?us-ascii?q?hCUI3ViIL/8A9XL36MponazwF2KfASJIKzYLZg63IHKjAfJ3MPJ9WZceUz7jR2?= =?us-ascii?q?MDrN+1xNHN8DackfPMrXlgBeklfpV61L9srHBl+YDJ9+eNsp72rsxjE665k8Uu?= =?us-ascii?q?f86D+uP5/f8lVNMuhfgyVrid3NuvIawefICCgQ+3mWcQJ5wiSYy5mCE/zw5/mD?= =?us-ascii?q?yMnIV1MaGS47S59dKyCe+QO7Ruq0mpLpUhmX6sPqm5IxakaQRn23nKQYvadBCv?= =?us-ascii?q?ZAhT/n3jdCFoD0ifWVs8Cv6GdNtV1IDpxz7RvbF6VbJJl7Pg74lsazTEhmGiT/?= =?us-ascii?q?YN3UdgYpuOeO2ucM+ftxN0/kao8dPB0J0K/16XtaTgtvVL75pE2ZUvgLZNt7Uv?= =?us-ascii?q?/EqG5a6Z54Ia8VIFedvIDqritPqF0uDw8mcqUwoSJGdknOhwBVX6f0uKIehQsc?= =?us-ascii?q?S9F5pFRMFXi2OG0g+zrNTb5Vg7WJCPwJ7jWTSbQDU0p2PSN4XxO135Jud7yynf?= =?us-ascii?q?9ZtmNGnyV9oOUl0jF9QBuzpzfspqIX1j46/rG3qikBs2RfTuqCiyfIFUlDzPMS?= =?us-ascii?q?gKcaCnbt9Vu8YH0ZY4vp+rVnJMPg9Y4643QkehgjeiILXOu6ByH3laOIDZSFsM?= =?us-ascii?q?hAix6VpMXOcbizIDAdNrsh0hLjXGFx3BXRkhhu8WsLRCig7dA/KYWyPMYq3Cyo?= =?us-ascii?q?FnbBeFYL+KNJv9P7tUQXQ+sudVNh3GJj39CFRi0KRMzPHXw5gRQkaWVAbZJM9B?= =?us-ascii?q?4bF6gugjaTvalG/xoZYCnVEoS74IbQmdrH2XgnQdds2G3WurWPhok23319h9N0?= =?us-ascii?q?8imOtWwTd+zGScBsBGP+1oNCyePjZvWttfsHRJFhyLS7X/8IKtOj9neu2JV2Rk?= =?us-ascii?q?+lwawTH1inP+8NyLfbVzyoSGOCVuSNbWeMgyw1Mkjs6hm0Nlc3cttFr1chMuve?= =?us-ascii?q?gZ5RjwLhUbdzRiSeu1DbyGgjPPgBdwIxvoenehAFQPQXZ+eCOegk2Oc+B0cUb3?= =?us-ascii?q?/VASt2DPe7sVytnIl7I3Vg5kH6YeXx8g/4K9aSHxgEEZLArpFv4/C6QXiBOXB4?= =?us-ascii?q?xh1oIEZ07/vfF0g2tuJEb5aRnN3Qis9n0e4Ea/htMjMyutoJloJl94aUzN+AcQ?= =?us-ascii?q?vNwZbqOdHVvv+YDuXaz0QreWFaUb0ZbBj354ogPd45XLvTEqVfvRgGA6g1XoAh?= =?us-ascii?q?PX/r9K5oNANzbhLRZLOsj8bxuO2LYIdUqmTN7lI0KyfcpwEDyuKqQgNmdZyqgG?= =?us-ascii?q?/yIJ8oTDJbs9JtEgdmHJdIG84YoQqoHZqUmKCji9Cv4E57uu4Ksa/1Cv/UztS5?= =?us-ascii?q?25t+U4Jd5UyRMzbbHLNrjVh9juSunvfA1YH8CM36edMeVeh0XnDKZ6TDHoW+Nj?= =?us-ascii?q?KOINzzd1RB876G37JzSg+RazzhX6qaqC2kM+1p4UI/yoNmZ+fT1Dgt4KvA2Nvu?= =?us-ascii?q?ZmFUujujrWSXO5RB9lDKA/LRXw5MQ/qf7GllBbEXbZfz9OoWNdwiwd6c4xR87T?= =?us-ascii?q?hb1MuFIrOhrlPX2k9gdJLUNk3p2yEjVYkNOhS/PlMmgXXFpXTFHXRcMs+kJNF2?= =?us-ascii?q?gNmLChzt5k9xmXwiZ2JGFWToWdeRNnYB282gfA2F7hlGD9UdkO6tf043qKmyRv?= =?us-ascii?q?J1OpVKg+mqs68HkdlxISHVWMdaJz3QLKNxPjdJC+XAvkQnYh4Fs7gzXYc4foaO?= =?us-ascii?q?IEIBMEiezSPyzA3C0VD7dtC206aJOikW+G1dz73ZyThMuxW5ufGBj83hSr/Zb5?= =?us-ascii?q?b2U+XJPSo4UDGaWTQyEUG0+Veru/oEoOCUIWEBrVAIeiiSEhIcprhzrdjMCW/e?= =?us-ascii?q?gfZsc4YNiPCeWiDwUzF4lLEoCiZQq0+DX+APFRLIYH/lgWpcvhGiJ/BX8H35b7?= =?us-ascii?q?yY3LdVW/cMDopCaPKZX8DYefdYJzsykTUZIum8dcXGr7klylLIUXcZE67Q+V2R?= =?us-ascii?q?VkGZWeacxzP1UoURpIU0pC4o9cjLni92DqTEJbCfqCCy8oSgliaXpfXeVnUxY0?= =?us-ascii?q?wymO8CAmyBwB5aKGEeCtEVo1rgQqiaaEZJyn0piPhi2xgWeAR8SnduyGFZnO6h?= =?us-ascii?q?Gs1FTl4ZlHiuQPMDbF9rDT49/lSH4hPsbtwauMDSRmhe9r0WRYobMvYo9JHdOL?= =?us-ascii?q?EMz/YxwDJmvCs6vj2fD1NaiAKF97HdHKdiybJf62k4+Ot2UV2RTD/FdGjI1Jam?= =?us-ascii?q?WIpzwnJ1rHTl0dfE9rR2Ob9boZxpKEsbCiJxYNbG9HZOVn+iiyWouBPuFzuMJz?= =?us-ascii?q?QU+35fLiMXceB41Md0txHHctvE4EKU8akmrR34Wk6wFrOo1ckTWYnS3gKiZHwO?= =?us-ascii?q?Lzg=3D?= X-IPAS-Result: =?us-ascii?q?A2H9BACS3ohY/wHyM5BeGwEBAQMBAQEJAQEBFQEBAQECAQE?= =?us-ascii?q?BAQgBAQEBgwoBAQEBAR9ggQkHjkehcoYdPyMNgW2DP2aBewdXAQEBAQEBAQECA?= =?us-ascii?q?QJfKIIzGwkEPQ0uAQEBAQEBAQEBAQEBAQEBAQEBAQEWAg0eBDsBBwIgBA0MAQ0?= =?us-ascii?q?gDAIBAgkCBQ4CAgQDAQIDAhIBDwQCAgIBAR4PAwEFAQsBCA4ICwUYBIhfAQMYD?= =?us-ascii?q?qIlP4wCgWs6JgKCYQWDZwpADYMXDAEdAgYSeYU/h0EbIIEPEQFkAQyCMYJfAQS?= =?us-ascii?q?Ie4YzgUaKWoJShBOGKYRlikiGJ0iQbBQegRRYdCUvFTsUhBmCDXIBhXANF4IXA?= =?us-ascii?q?QEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 25 Jan 2017 17:27:03 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0PHQmwO016691; Wed, 25 Jan 2017 12:26:53 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v0PHQlgu179246 for ; Wed, 25 Jan 2017 12:26:47 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v0PHQl2s016688 for ; Wed, 25 Jan 2017 12:26:47 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DKAQBC34hYfzJSfUpeHAEBBAEBCgEBgzUBAQEBAX+BCQeDTaxshmAMIIUsRgKCGQdXAQIBAQEBAQITAQEJCwsKG4UaASkEGQE5AxIOAgYDAQIDAhIBEwIkEgEFARQOE4kAAQMYDp5ng0A/jAKBazqDCQWDZwpADYNBAgYSeYU/h0EbIIIFAQyCMYJfBYh7hjOBRopaglKEE4YphGWQb0iQbBQegRSBcC8VOxSEGYINPTUBhXANF4IXAQEB X-IPAS-Result: A1DKAQBC34hYfzJSfUpeHAEBBAEBCgEBgzUBAQEBAX+BCQeDTaxshmAMIIUsRgKCGQdXAQIBAQEBAQITAQEJCwsKG4UaASkEGQE5AxIOAgYDAQIDAhIBEwIkEgEFARQOE4kAAQMYDp5ng0A/jAKBazqDCQWDZwpADYNBAgYSeYU/h0EbIIIFAQyCMYJfBYh7hjOBRopaglKEE4YphGWQb0iQbBQegRSBcC8VOxSEGYINPTUBhXANF4IXAQEB X-IronPort-AV: E=Sophos;i="5.33,284,1477972800"; d="scan'208";a="5920484" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 25 Jan 2017 12:26:45 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3Ahewn5hEZrn0uGPDIvIcRrp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78osWwAkXT6L1XgUPTWs2DsrQf2raQ7vurCDJIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSijewZbx/IA+2oAjfucUbhYpvIbstxxXUpXdFZ/?= =?us-ascii?q?5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnM?= =?us-ascii?q?VhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1ji?= =?us-ascii?q?oMKjw3/3zNisFojKxVrhGvqQFhzYHIb4+YL+Z+frrHcN8GWWZNQsRcWipcCY28?= =?us-ascii?q?dYsPCO8BMP5EoInyploOqh2+Che3BOjyzTJHmnD23Kw90+QnDw7GxxctH90JsH?= =?us-ascii?q?TTo9X1MLkdUeWvw6nJyTXPde9Z2TD46IXRdB0qvP+CXbV1ccXLyEkvERvIjlqR?= =?us-ascii?q?qYz5PzOVy/8Cv3KH4OpnUOKjk3MopB9qrTiu3MgsjJPFhoUPylDL8yhy3YU7Jc?= =?us-ascii?q?WgRUN5btOoCoZcuz+aOodsQc4uXXtktSYmxrAApJW1ZjIFyI49yB7ac/GHc5aH?= =?us-ascii?q?4hbkVOuJJDd3nnNleLamixe89Eis1vTwVse03VpWtCZFnd7MtncC1xzX9MeLUO?= =?us-ascii?q?dy/kCk2TqX1gDT7P9LIVwsmKfZJJMt2KM8moQTvEjZHSL6hl/6ga+Kekk8/+in?= =?us-ascii?q?8eXnYrHopp+GMI90jxnzPbghms2+BuQ4NBYBX3OA9OSz073j+kL5QLFUgf0ziK?= =?us-ascii?q?bZsZTaKd4Hqa6+Bg9Zypwj5AqnDze6zNQYmmEKLElbdxKDjojpPUzOIf/jAPej?= =?us-ascii?q?g1WjjDdrx/fcMr3nGZXCNGLPkLjmfbZjuAZgz18owNRe4Y9EQuUaLfbyXFLhnM?= =?us-ascii?q?DJBR8+dQqvyqDoD8srha0EXmfaCaCLN6Xfqhfc7e09JO+Bf6cavzHyL/Ug7v/q?= =?us-ascii?q?y3Q+nAlOLuGSwZILZSXgTbxdKEKDbC+0jw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0E8AQCS3ohYfzJSfUpeHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwoBAQEBAX+BCQewOYYdQwwggW2DP0YCghkHVwEBAQEBAQEBAgE?= =?us-ascii?q?CEAEBCQsLChsxgjMZCwQ9DS4BAQEBAQEBAQEBAQEBAQEBAQEBARYCDR4EOwEpB?= =?us-ascii?q?BkBOQMSDgIGAwECAwISARMCJBIBBQEUDhOJAAEDGA6eZYNAP4wCgWs6gwkFg2c?= =?us-ascii?q?KQA2DQQIGEnmFP4dBGyCCBQEMgjGCXwWIe4YzgUaKWoJShBOGKYRlkG9IkGwUH?= =?us-ascii?q?oEUgXEvFTsUhBmCDT01AYVwDReCFwEBAQ?= X-IPAS-Result: =?us-ascii?q?A0E8AQCS3ohYfzJSfUpeHAEBBAEBCgEBFwEBBAEBCgEBgwo?= =?us-ascii?q?BAQEBAX+BCQewOYYdQwwggW2DP0YCghkHVwEBAQEBAQEBAgECEAEBCQsLChsxg?= =?us-ascii?q?jMZCwQ9DS4BAQEBAQEBAQEBAQEBAQEBAQEBARYCDR4EOwEpBBkBOQMSDgIGAwE?= =?us-ascii?q?CAwISARMCJBIBBQEUDhOJAAEDGA6eZYNAP4wCgWs6gwkFg2cKQA2DQQIGEnmFP?= =?us-ascii?q?4dBGyCCBQEMgjGCXwWIe4YzgUaKWoJShBOGKYRlkG9IkGwUHoEUgXEvFTsUhBm?= =?us-ascii?q?CDT01AYVwDReCFwEBAQ?= X-IronPort-AV: E=Sophos;i="5.33,284,1477958400"; d="scan'208";a="2591993" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from mail-wm0-f50.google.com ([74.125.82.50]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 25 Jan 2017 17:26:43 +0000 Received: by mail-wm0-f50.google.com with SMTP id c206so42756185wme.0 for ; Wed, 25 Jan 2017 09:26:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=7BzRNPq/YbL1RhKGW4avqXBYTXpaLGmLbhHM/202VHM=; b=Xr3TsHGC93miFcHgCwsVYlUkQ9mtIiVircESRh0/z0Xsf/mFoOcy3nbbDcEh5RwXSH c5lBL9yfUfGDdZPuo821pY5cDAbuZPGsaYkt8Tm7TgNfDW7PFiIkEMMtLHoJ/qC2BTpN JwIfFxny/FmioAfCHaH4VbEDbIEoBk+QAaQGvcpblULuTNYKbp+dyRTdCXTTxkqhYs/k lnbzXYwU/2dr46l56eAxP8gp+RVG9k8vYtLxXSFGvh4oMK0mnxlPOzqZ8DUudN7T1ZXi E1jzdBFjVzNPEMKrs0ePlqtL/OFAlwOpFjliwayVgBfXMqQg91d2fTMK82wFZLFCZH2g 95Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=7BzRNPq/YbL1RhKGW4avqXBYTXpaLGmLbhHM/202VHM=; b=jnSozUxUe/WM0Tw//YJuxqQWZgph0W3Xl1X0vnoDpjxgTjFm3PiQ859Gz0bipFddYQ j57hYmLl8BTw2vh0BYhr6Ym0hoqLuNXvtp0ZkHs222Xw/a1oeAGiE2c3Wct6d1bXfSaa L+FM1vdqN2mYBwMvqwTYC7X06ECSx0Hkh3m6MNxh/b5ZnX8uVfA5KvBLx8qD19rVB2Ri MwyvzW66D4xFA5Gxe8hXwUK+TCCtFiNfAPOLbSayFCdy0wX0FVnI22P6yYVd9uv3Qw8y RKlPnXnftzTnOE86vrN83ZT22cz7BfAzZG32y4t9KO6+pG/PbiwF7b+yMKoz8F8/ATqj fcXA== X-Gm-Message-State: AIkVDXIYO6ZFUNi9qhzA55iRZEmy8mds6qUvPrfgX7fDf9e2WUC1TIdkdXUQiVGZS0qMqCvBGixTR1NER+7Y9g== X-Received: by 10.223.131.99 with SMTP id 90mr34317134wrd.146.1485365202723; Wed, 25 Jan 2017 09:26:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.177.6 with HTTP; Wed, 25 Jan 2017 09:26:42 -0800 (PST) From: cgzones Date: Wed, 25 Jan 2017 18:26:42 +0100 Message-ID: Subject: pam_selinux: add new option to select from default_contexts To: selinux X-MIME-Autoconverted: from quoted-printable to 8bit by prometheus.infosec.tycho.ncsc.mil id v0PHQlgu179246 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Hi list, I created patch against pam_selinux, which is reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852540 Laurent suggested to post it also on this ML for discussion. When an SELinux unaware login application, like sddm, tries to set up sessions via pam, it is not possible to set the new SELinux context accordingly. This patch adds an option to pam_selinux.so, so that via different pam configurations, like sddm does it https://github.com/sddm/sddm/blob/develop/src/helper/backend/PamBackend.cpp#L220, different contexts can be assigned. From: cgzones Date: Tue, 3 Jan 2017 12:04:20 +0100 Subject: [PATCH] pam_selinux: add select_default_context option --- modules/pam_selinux/README | 11 +++++++++ modules/pam_selinux/pam_selinux.8 | 11 ++++++++- modules/pam_selinux/pam_selinux.8.xml | 19 +++++++++++++++ modules/pam_selinux/pam_selinux.c | 46 ++++++++++++++++++++++++++++++----- 4 files changed, 80 insertions(+), 7 deletions(-) @@ -491,6 +490,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, char *level = NULL; security_context_t *contextlist = NULL; int num_contexts = 0; + int selected_context; if (!(username = get_item(pamh, PAM_USER))) { pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name"); @@ -516,7 +516,27 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, } if (num_contexts > 0) { free(seuser); - data->default_user_context = strdup(contextlist[0]); + if (select_default_context) { + pam_syslog(pamh, LOG_DEBUG, + "Selecting default context based on %s from %d contexts", + select_default_context, num_contexts); + if (num_contexts == 1) { + data->default_user_context = strdup(contextlist[0]); + } else if (strcmp(select_default_context, "last") == 0) { + data->default_user_context = strdup(contextlist[num_contexts - 1]); + } else { + selected_context = atoi(select_default_context); + if (selected_context <= 0 || selected_context > num_contexts) { + pam_syslog(pamh, LOG_ERR, + "Invalid select option %s for %d contexts, fallback to default", + select_default_context, num_contexts); + selected_context = 1; + } + data->default_user_context = strdup(contextlist[selected_context - 1]); + } + } else { + data->default_user_context = strdup(contextlist[0]); + } freeconary(contextlist); if (!data->default_user_context) { pam_syslog(pamh, LOG_ERR, "Out of memory"); @@ -549,6 +569,7 @@ static int compute_tty_context(const pam_handle_t *pamh, module_data_t *data) { const char *tty = get_item(pamh, PAM_TTY); + security_class_t tclass; if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) { tty = ttyname(STDIN_FILENO); @@ -584,8 +605,13 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data) return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS; } + tclass = string_to_security_class("chr_file"); + if (!tclass) { + pam_syslog(pamh, LOG_ERR, "Failed to translate security class context. %m"); + return PAM_SESSION_ERR; + } if (security_compute_relabel(data->exec_context, data->prev_tty_context, - SECCLASS_CHR_FILE, &data->tty_context)) { + tclass, &data->tty_context)) { data->tty_context = NULL; pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m", data->tty_path); @@ -691,6 +717,9 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, int select_context = 0; int use_current_range = 0; int env_params = 0; + const char *select_default_context = NULL; + const char *select_default_context_str = "select_default_context"; + const size_t select_default_context_len = strlen(select_default_context_str); module_data_t *data; /* Parse arguments. */ @@ -707,6 +736,11 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, if (strcmp(argv[i], "env_params") == 0) { env_params = 1; } + if (strncmp(argv[i], select_default_context_str, + select_default_context_len) == 0 + && argv[i][select_default_context_len] == '=') { + select_default_context = argv[i] + select_default_context_len + 1; + } } if (is_selinux_enabled() <= 0) { @@ -727,7 +761,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, } i = compute_exec_context(pamh, data, select_context, use_current_range, - env_params, debug); + env_params, debug, select_default_context); if (i != PAM_SUCCESS) { free_module_data(data); return i; -- 2.11.0 Best Regards, Christian Göttsche diff --git a/modules/pam_selinux/README b/modules/pam_selinux/README index fb4d449..b1b6be2 100644 --- a/modules/pam_selinux/README +++ b/modules/pam_selinux/README @@ -72,6 +72,17 @@ use_current_range instead of the default level. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment. +select_default_context= + + Select a specific context from the list of default contexts for the login + user returned by SELinux. By default the first entry is taken. + Valid values are 'last' or positiv numbers, to select a different context. + The list of available contexts can be viewed by 'compute_user src_context seuser'. + + Usage: + select_default_context=2 + select_default_context=last + EXAMPLES auth required pam_unix.so diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8 index acd4f0d..d936cb9 100644 --- a/modules/pam_selinux/pam_selinux.8 +++ b/modules/pam_selinux/pam_selinux.8 @@ -31,7 +31,7 @@ pam_selinux \- PAM module to set the default security context .SH "SYNOPSIS" .HP \w'\fBpam_selinux\&.so\fR\ 'u -\fBpam_selinux\&.so\fR [open] [close] [restore] [nottys] [debug] [verbose] [select_context] [env_params] [use_current_range] +\fBpam_selinux\&.so\fR [open] [close] [restore] [nottys] [debug] [verbose] [select_context] [env_params] [use_current_range] [select_default_context=\fIlast|context_number\fR] .SH "DESCRIPTION" .PP pam_selinux is a PAM module that sets up the default SELinux security context for the next executed process\&. @@ -99,6 +99,15 @@ Attempt to obtain a custom security context role from PAM environment\&. If MLS .RS 4 Use the sensitivity level of the current process for the user context instead of the default level\&. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment\&. .RE +.PP +\fBselect_default_context\fR +.RS 4 +Select a specific context from the list of default contexts for the login user returned by SELinux\&. By default the first entry is taken\&. Valid values are 'last' or positiv numbers, to select a different context\&. The list of a vailable contexts can be viewed by 'compute_user src_context seuser'\&. +.RS 2 +Usage: +.RS 2 +select_default_context=2 +.RE .SH "MODULE TYPES PROVIDED" .PP Only the diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 28d465f..210e262 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -45,6 +45,9 @@ use_current_range + + select_default_context=conf-file + @@ -188,6 +191,22 @@ + + + + + + + Select a specific context from the list of default contexts for the login + user returned by SELinux. By default the first entry is taken. + Valid values are 'last' or positiv numbers, to select a different context. + The list of available contexts can be viewed by 'compute_user src_context seuser'. + Usage: + select_default_context=2 + select_default_context=last + + + diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index b96cc23..446b4fb 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -63,8 +63,6 @@ #include #include -#include -#include #include #include #include @@ -480,7 +478,8 @@ set_file_context(const pam_handle_t *pamh, security_context_t context, static int compute_exec_context(pam_handle_t *pamh, module_data_t *data, int select_context, int use_current_range, - int env_params, int debug) + int env_params, int debug, + const char *select_default_context) { const char *username;