本系列文章将介绍Docker的有关知识:
(2)Docker 镜像
(3)Docker 容器的隔离性 - 使用 Linux namespace 隔离容器的运行环境
(4)Docker 容器的隔离性 - 使用 cgroups 限制容器使用的资源
(5)Docker 网络
1. 基础知识:Linux namespace 的概念
Linux 内核从版本 2.4.19 开始陆续引入了 namespace 的概念。其目的是将某个特定的全局系统资源(global system resource)通过抽象方法使得namespace 中的进程看起来拥有它们自己的隔离的全局系统资源实例(The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. )。Linux 内核中实现了六种 namespace,按照引入的先后顺序,列表如下:
| namespace | 引入的相关内核版本 | 被隔离的全局系统资源 | 在容器语境下的隔离效果 |
|---|---|---|---|
| Mount namespaces | Linux 2.4.19 | 文件系统挂接点 | 每个容器能看到不同的文件系统层次结构 |
| UTS namespaces | Linux 2.6.19 | nodename 和 domainname | 每个容器可以有自己的 hostname 和 domainame |
| IPC namespaces | Linux 2.6.19 | 特定的进程间通信资源,包括System V IPC 和 POSIX message queues | 每个容器有其自己的 System V IPC 和 POSIX 消息队列文件系统,因此,只有在同一个 IPC namespace 的进程之间才能互相通信 |
| PID namespaces | Linux 2.6.24 | 进程 ID 数字空间 (process ID number space) | 每个 PID namespace 中的进程可以有其独立的 PID; 每个容器可以有其 PID 为 1 的root 进程;也使得容器可以在不同的 host 之间迁移,因为 namespace 中的进程 ID 和 host 无关了。这也使得容器中的每个进程有两个PID:容器中的 PID 和 host 上的 PID。 |
| Network namespaces | 始于Linux 2.6.24 完成于 Linux 2.6.29 | 网络相关的系统资源 | 每个容器用有其独立的网络设备,IP 地址,IP 路由表,/proc/net 目录,端口号等等。这也使得一个 host 上多个容器内的同一个应用都绑定到各自容器的 80 端口上。 |
| User namespaces | 始于 Linux 2.6.23 完成于 Linux 3.8) | 用户和组 ID 空间 | 在 user namespace 中的进程的用户和组 ID 可以和在 host 上不同; 每个 container 可以有不同的 user 和 group id;一个 host 上的非特权用户可以成为 user namespace 中的特权用户; |
Linux namespace 的概念说简单也简单说复杂也复杂。简单来说,我们只要知道,处于某个 namespace 中的进程,能看到独立的它自己的隔离的某些特定系统资源;复杂来说,可以去看看 Linux 内核中实现 namespace 的原理,网络上也有大量的文档供参考,这里不再赘述。
2. Docker 容器使用 linux namespace 做运行环境隔离
当 Docker 创建一个容器时,它会创建新的以上六种 namespace 的实例,然后把容器中的所有进程放到这些 namespace 之中,使得Docker 容器中的进程只能看到隔离的系统资源。
2.1 PID namespace
我们能看到同一个进程,在容器内外的 PID 是不同的:
- 在容器内 PID 是 1,PPID 是 0。
- 在容器外 PID 是 2198, PPID 是 2179 即 docker-containerd-shim 进程.
root@devstack:/home/sammy# ps -ef | grep python
root 2198 2179 0 00:06 ? 00:00:00 python app.py root@devstack:/home/sammy# ps -ef | grep 2179
root 2179 765 0 00:06 ? 00:00:00 docker-containerd-shim 8b7dd09fbcae00373207f01e2acde45740871c9e3b98286b5458b4ea09f41b3e /var/run/docker/libcontainerd/8b7dd09fbcae00373207f01e2acde45740871c9e3b98286b5458b4ea09f41b3e docker-runc
root 2198 2179 0 00:06 ? 00:00:00 python app.py
root 2249 1692 0 00:06 pts/0 00:00:00 grep --color=auto 2179 root@devstack:/home/sammy# docker exec -it web31 ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 16:06 ? 00:00:00 python app.py
关于 containerd,containerd-shim 和 container 的关系,文章 中的下图可以说明:
- Docker 引擎管理着镜像,然后移交给 containerd 运行,containerd 再使用 runC 运行容器。
- Containerd 是一个简单的守护进程,它可以使用 runC 管理容器,使用 gRPC 暴露容器的其他功能。它管理容器的开始,停止,暂停和销毁。由于容器运行时是孤立的引擎,引擎最终能够启动和升级而无需重新启动容器。
- runC是一个轻量级的工具,它是用来运行容器的,只用来做这一件事,并且这一件事要做好。runC基本上是一个小命令行工具且它可以不用通过Docker引擎,直接就可以使用容器。
因此,容器中的主应用在 host 上的父进程是 containerd-shim,是它通过工具 runC 来启动这些进程的。
这也能看出来,pid namespace 通过将 host 上 PID 映射为容器内的 PID, 使得容器内的进程看起来有个独立的 PID 空间。
2.2 UTS namespace
类似地,容器可以有自己的 hostname 和 domainname:
root@devstack:/home/sammy# hostname
devstack
root@devstack:/home/sammy# docker exec -it web31 hostname
8b7dd09fbcae
2.3 user namespace
2.3.1 Linux 内核中的 user namespace
老版本中,Linux 内核里面只有一个数据结构负责处理用户和组。内核从3.8 版本开始实现了 user namespace。通过在 clone() 系统调用中使用 CLONE_NEWUSER 标志,一个单独的 user namespace 就会被创建出来。在新的 user namespace 中,有一个虚拟的用户和用户组的集合。这些用户和用户组,从 uid/gid 0 开始,被映射到该 namespace 之外的 非 root 用户。
在现在的linux内核中,管理员可以创建成千上万的用户。这些用户可以被映射到每个 user namespace 中。通过使用 user namespace 功能,不同的容器可以有完全不同的 uid 和 gid 数字。容器 A 中的 User 500 可能被映射到容器外的 User 1500,而容器 B 中的 user 500 可能被映射到容器外的用户 2500.
为什么需要这么做呢?因为在容器中,提供 root 访问权限有其特殊用途。想象一下,容器 A 中的 root 用户 (uid 0) 被映射到宿主机上的 uid 1000,容器B 中的 root 被映射到 uid 2000.类似网络端口映射,这允许管理员在容器中创建 root 用户,而不需要在宿主机上创建。
从内核的提交日志上看,user namespace 是 linux 内核 3.8 版本中引入的,而 RedHat 企业版 7 的 linux 内核版本是 3.10,但 7.1版本并不支持 user namespace。这是为什么呢?实际上,在 Fedora 项目中,Redhat 已经在 user namespace 上已经投入了很长时间了,而且认为这是一个非常重要的功能。因此,我们并没有在 7.1 中启用 user namespace,直到我们认为它满足了生产要求为止。而新版本的 Fedora 已经启用了该功能了。在最新的 RedHat 企业版 Linux 7.4 版本中,已经正式启用了 user namespace:
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtwAAAB+CAYAAAAX4salAAAYJ2lDQ1BJQ0MgUHJvZmlsZQAAWIWVeQdUFE3Tbs/OBliWJeeck2SWKDnnnBFYcs4ZlSgSVAQBRUAFFQQVDCQRFRFEFBFUwIBIMJBUUEERkH8I+n7f+99z77l9zsw8W11d/XRXdffUDgAcjOSIiBAULQChYTFRNoY6vE7OLry4SQABFKAGtIBE9o6O0LayMgNI+fP877I8jGgj5Znkpq3/Xf9/LXQ+vtHeAEBWCPbyifYORXAjAGhW74ioGAAwfYhcID4mYhMvIJgxCiEIABa9if23Mesm9trGu7Z07Gx0EawFAAWBTI7yB4C4yZs3ztsfsUNEOGLpw3wCwxDVVARreAeQfQBg70B0doWGhm/ieQSLev2HHf//sun11yaZ7P8Xb49lq1DoBUZHhJAT/z+n4/9dQkNi//TBj1yEgCgjm80xI/N2ITjcdBMTENwe5mVhiWB6BD8I9NnS38SvAmKN7Hf0572jdZE5A8wAcbYPWc8UwZwIZo4NttfewXLkqK22iD7KIjDG2G4He0WF2+zYR8WFhViY7djJDvA1/oNP+Ubr2/7R8Qs0MEYwEmmoxqQAO8dtnqiuuEAHCwQTETwQHWxrutN2LClA1+KPTlSszSZnQQR/94sysNnWgVlDo/+MC5byJm/1hcQCrBUTYGe03RZ28o12MvvDwcdXT3+bA+zjG2a/ww1GokvHZqdtVkSI1Y4+fMo3xNBme57hK9Fxtn/aPo1BAmx7HuDJILKJ1U5fyxExVnbb3NAoYAZ0gR7gBbHI5QXCQRAI7J9vmUd+bdcYADKIAv7AF0juSP60cNyqCUPutiAJfEKQL4j+205nq9YXxCHy9b/S7bsk8NuqjdtqEQw+IDgUzY7WQKuhzZC7FnLJoZXRKn/a8dL86RWrj9XDGmENsGJ/eXgjrEOQKwoE/h9kpsjTFxndJpewP2P4xx7mA2YQM4kZwoxjXgIH8G7Lyo6WR2B61L+Y8wJzMI5YM9gZnRdic+aPDloYYU1C66DVEf4IdzQzmh1IohWQkWijNZGxkRDpfzKM/cvtn7n8d3+brP9zPDtyojiRtMPC669ndP9q/duK7n/MkQ/yNP23JpwNX4d74LtwL9wOtwBe+A7cCvfBtzbx30h4txUJf3qz2eIWjNgJ/KMjc1FmRmbtX32Td/rfnK/oGN+EmM3FoBsekRgV6B8Qw6uN7Ma+vMZh3lK7eOVkZJUB2Nzbt7eObzZbezbE/OQfme80ALuR+KYc+EcWdAyAum4AWHL/kQm7AsCG7LNXn3rHRsVtyza3Y4ABeECDrAo2wA0EgCgyHjmgCNSAFtAHJsAS2AFn4I7MeAAIRTjHg70gDWSBPHAUFIOT4DQ4Cy6Ay+AaaAHt4C64Dx6BATAEXiNx8R7MgQWwDFYhCMJB1BADxAbxQEKQBCQHKUMakD5kBtlAzpAn5A+FQbHQXigDyoMKoZNQJVQLXYVuQHehXmgQeglNQDPQV+gXCkYRUIwoLpQwShqljNJGmaLsUHtQ/qhIVBIqE3UEdQJVhbqEakbdRT1CDaHGUXOoJRjAVDAzzAdLwsqwLmwJu8B+cBS8H86FS+AquB5uQ/z8DB6H5+EVNBbNgOZFSyKxaYS2R3ujI9H70YfQJ9EX0M3oLvQz9AR6Af0bQ43hxEhgVDHGGCeMPyYek4UpwVRjmjDdyLp5j1nGYrHMWBGsErIunbFB2GTsIWwFtgHbgR3ETmGXcDgcG04Cp46zxJFxMbgsXCnuEu4O7inuPe4nBRUFD4UchQGFC0UYRTpFCUUdxW2KpxQfKVYpaSmFKFUpLSl9KBMp8ynPUbZRPqF8T7mKp8OL4NXxdvggfBr+BL4e340fxX+joqLip1KhsqYKpEqlOkF1heoB1QTVCoGeIE7QJbgRYglHCDWEDsJLwjdqamphai1qF+oY6iPUtdT3qMeofxIZiFJEY6IPMYVYRmwmPiV+pqGkEaLRpnGnSaIpoblO84RmnpaSVphWl5ZMu5+2jPYG7QjtEh0DnSydJV0o3SG6Orpeuml6HL0wvT69D30m/Vn6e/RTDDCDAIMugzdDBsM5hm6G94xYRhFGY8YgxjzGy4z9jAtM9EwKTA5MCUxlTLeYxplhZmFmY+YQ5nzma8zDzL9YuFi0WXxZcljqWZ6y/GDlYNVi9WXNZW1gHWL9xcbLps8WzFbA1sL2hh3NLs5uzR7Pfoq9m32eg5FDjcObI5fjGscrThSnOKcNZzLnWc4+ziUubi5DrgiuUq57XPPczNxa3EHcRdy3uWd4GHg0eAJ5inju8MzyMvFq84bwnuDt4l3g4+Qz4ovlq+Tr51vlF+G350/nb+B/I4AXUBbwEygS6BRYEOQRNBfcK3hR8JUQpZCyUIDQcaEeoR/CIsKOwgeFW4SnRVhFjEWSRC6KjIpSi2qKRopWiT4Xw4opiwWLVYgNiKPESeIB4mXiTyRQEooSgRIVEoO7MLtUdoXtqto1IkmQ1JaMk7woOSHFLGUmlS7VIvVZWlDaRbpAukf6twxJJkTmnMxrWXpZE9l02TbZr3Lict5yZXLP5anlDeRT5FvlFxUkFHwVTim8IDGQzEkHSZ2kdUUlxSjFesUZJUElT6VypRFlRmUr5UPKD1QwKjoqKSrtKiuqiqoxqtdUv6hJqgWr1alN7xbZ7bv73O4pdX51snql+rgGr4anxhmNcU0+TbJmleakloCWj1a11kdtMe0g7Uvan3VkdKJ0mnR+6Krq7tPt0IP1DPVy9fr16fXt9U/qjxnwG/gbXDRYMCQZJht2GGGMTI0KjEaMuYy9jWuNF0yUTPaZdJkSTG1NT5pOmombRZm1maPMTcyPmY9aCFmEWbRYAktjy2OWb6xErCKtblpjra2sy6w/2Mja7LXpsWWw9bCts12207HLt3ttL2ofa9/pQOPg5lDr8MNRz7HQcdxJ2mmf0yNndudA51YXnIuDS7XLkqu+a7HrezeSW5bb8B6RPQl7et3Z3UPcb3nQeJA9rntiPB096zzXyJbkKvKSl7FXudeCt673ce85Hy2fIp8ZX3XfQt+Pfup+hX7T/ur+x/xnAjQDSgLmA3UDTwYuBhkFnQ76EWwZXBO8EeIY0hBKEeoZeiOMPiw4rCucOzwhfDBCIiIrYjxSNbI4ciHKNKo6GoreE90aw4i85vTFisYeiJ2I04gri/sZ7xB/PYEuISyhL1E8MSfxY5JB0vlkdLJ3cudevr1peyf2ae+r3A/t99rfmSKQkpnyPtUw9UIaPi047XG6THph+vcMx4y2TK7M1MypA4YHLmYRs6KyRg6qHTydjc4OzO7Pkc8pzfmd65P7ME8mryRv7ZD3oYeHZQ+fOLxxxO9If75i/qmj2KNhR4cLNAsuFNIVJhVOHTM/1lzEW5Rb9L3Yo7i3RKHk9HH88djj4yfMTrSWCpYeLV07GXByqEynrKGcszyn/EeFT8XTU1qn6k9znc47/etM4JkXlYaVzVXCVSVnsWfjzn4453Cu57zy+dpq9uq86vWasJrxCzYXumqVamvrOOvyL6Iuxl6cueR2aeCy3uXWesn6ygbmhrwr4ErsldmrnleHr5le67yufL2+UaixvImhKbcZak5sXmgJaBlvdW4dvGFyo7NNra3pptTNmna+9rJbTLfyb+NvZ97euJN0Z6kjomP+rv/dqU6Pztf3nO4977Lu6u827X5w3+D+vR7tnjsP1B+096r23nio/LDlkeKj5j5SX9Nj0uOmfsX+5idKT1oHVAbaBncP3n6q+fTuM71n958bP380ZDE0OGw//GLEbWT8hc+L6ZchLxdfxb1afZ06ihnNfUP7pmSMc6zqrdjbhnHF8VsTehN9k7aTr6e8p+beRb9be5/5gfpDyUeej7XTctPtMwYzA7Ous+/nIuZW57M+0X0q/yz6ufGL1pe+BaeF94tRixtfD31j+1bzXeF755LV0thy6PLqj9yfbD8vrCiv9Pxy/PVxNX4Nt3ZiXWy97bfp79GN0I2NCHIUeetVAEYulJ8fAF9rAKB2BoBhAAA8cTv32ikwtJlyAOAA6aO0YWU0KwaPpcDJUDhTZuDvELDUZGILLZ4uhP4hI4mpnAWwBrP1cyhyHuWa49HizecbFMALqgg5CweLhIq6iemIc4kvStzfVSoZLKUuTS39VqZBNlXOWp5P/pPCDdIBRWslTqX3yvUqCaraani1Z7vL1X00dml81WzR2quto0PQeat7W69Ov8KgwHC/EdlY04TVZNG0z6zevMKi0rLdasoGY8tmx25P6wA7rDmuOgMXSleiG/Ue9J4l90mPAc8O8nWvau9Sn1zfRD9/f7sAnUCFIPFgvhC2UJowOOx7+GTEQOTNqHPRR2JSYrPimhLQib5JHXvBPuH9qinGqa5pselHMoozkw8oHJjKyj9olS2UQ5UL8lCH6A6LHtHItzjqWOBS6HLMqcih2K7E+rjFCdNSw5M6ZRrlKhXypyRPi5+RqTStyjg7ft64+lLNXC1dndBF2Utql/XqzRscr3hcDbgWcT2+cX9TevOBluzWvBv5bcU3y9urbzXe7r4z0jF+d7iz4Z5fF2vXg+6S+/E9fg/29Do+tH5k2mf42Kjf7knkwJnBl8+onksP6Q4bj+i/UH4p9Ir4auX19OiLN3fHzr7NGPefsJ+0mDJ/Z/ne8oPJR5VplunxmdxZhdnxuQvzSZ+MPlN8rv1i+GVq4exiwlf3b5bfzZeCljt/HvzVsq63sbHjf1kYDc+gxzFT2AUKmFIRH0BVThgnitPE096nZ2NIZHzOLMeSzvqGncSRxTnAzc7jxFvA184/KrAkuCw0K/xY5KxolJiGOIX4c4nTu4IkSZK/pe5LH5FxlOWR/ShXLx+noE6CSN2KuUqWygzKwyqlqq5qXGqjSBS4abBpjGge13LVFtZe1RnSvap3SN/XYLchneEHo3bjYpM4U18zL/MAi3DLUCsva0sbNVtxOw57ogPKYdnxo9Ow8z2Xetcyt9w9Se6BHk6eemRpL1ZvyHvWZ8i3y6/JvzqgJDAzKDzYOUQrVCSMGomEiYixyO/RfDEesaVxd+NfJEwlziet7KXax71fNIU3FZv6Nq0pPT8jKtP9gH2W08HA7IycitzLeU2Hmg83Hrmaf/lobcH5wjPHyoqKi/NLco6nn0gsDT/pXxZYnlpx57TYmQtVImcLzz07v1JDvMBeK1AnjsSB0mWNer0G8yvOV0OuZV0/23i7abB5rGW69VsbfJOlXeKW2m2tO0odfHdRdyc7e+41ddV0l90/2nPgQVJv1MOYRzl97f3MT/YNvHnK/kzzud2Q33DqyPkXT15+f00/KvnGbCzi7fHxmxNPJ8emJt/NfcAg3k+bGZyjm5f5RPos/IXmy8+FD4sjXx9+u/G9cill2eGHyI/ln+0rSb/UVglreuszO/6XguZQFbA7WgyDwyxiZ3CzFJOUi1R4ghC1NtGFJo32Et0g/QajEJM+cxDLAdbTbI3s3RwPOO9z3eSu5Eng1eH9xXeO35R/TiBbUESwU8hdaEW4SERG5KGovxhOrEbcSPyjRNYu0V3dkt5SQKpCerf0C5lY5O2mQc5Mblo+Q4FboZVkQ5pXPKDEo9SCvLVMq6SoMqteVNNWe7rbe/dn9WQNnEaZpoLmsFaSNrd2q46lzkvdAN0NvSp9KwNKg3uGe40UjGaNq0zcTFlNh82KzW0taCx6LTOs1Ky+WzfYBNuK2L6zq7Tf48Dm8Nwx38nIacO5ySXEVdD1jVvJHos9y+5FHkIejZ7anq/ICV78Xi+QfSTA19BPyV8lwDiQHBQaTA7RDKUNHQ07Hx4aQYpYi7wXlRttFcMU8zr2dJxPvHD8h4RTifqJo0khyYzJz/be3Hd7f1fKvdQbabXpJRkZmeEHXLP0D4pnY7Kf55TmuuQJ5q0eGj/8+MiN/DNH9xe4FqoeYz+2UjRcfK3k+PHDJwpLK09eL7tf/qJi9tTqGepK3ir5s0bn3M6HV++vyblwqDa1jnxR6RLx0tfLn+pXrhCucl+Tu27VmNzU2PyzVeVGRFvpzSvtrbdu3u69s3TXsPNGl233Uk9Jr/zD532H+z0HjJ9qP9cZDnlJHJ2b7J9d+r6y6f/t/+A2C1YRgGNpSIaaBYC9JgAFXUieOYTknXgArKgBsFMBKGE/gCL0AUh14u/5ASGnDRZQATrACniACJABqkhmbAlcgB+IRrLLfHAK1IPb4AmYAN+RzJETkoUMIQ8oHiqALkEPoA8oLEoUZYaKRlUged4GktfFwTfg32hD9DH0JEYek415i1XFlmJXkQzrIYUSRQ0lB2UBngqfQ4WnOkpgJ9RQK1C3E9WJbTTKNDdpjWhf08XQ09JfZtBjGGS0YxxksmR6yuzB/JOllFWddYxtHzsHexuHOyclZztXHLcC9zeea7xRfCS+Nf4egRLBAKHdwkThcZHrotliXuLaEsK7iLtWJT9LvZMekmmSTZaTlRuTz1YgKXwhtSoWKiUq+6iYqcqosewmqktplGlJaB/W6dX9ok9hwGTIZsRpLGiiYGphFml+wqLL8qu1gI2j7RG7Hge0o55TlnOfK7Ob154693eeWDKdF9Zryfu9z6jvrD9NgGlgcdDHkN2hRWGfI0wi66IJMZGxr+INElqTJJOr9/HuL0tlTivIwGemHVg6GJQ9l5t3KPRIUwHdMfaiTyW1JzxOMpcNVBw+bXhmqSr/HOP57OrlC8G1Xy8evazfQHdl8dqHxunmudaPbVPti3dY7urec+/27LHt1Xwk/VjsieJg2LOfI+hXlKOn3zJM3H5PnN47p/2p4cvqV8XvBsv4H4d/PlyZ/vV+9eVa4/rR314bMlv7x6b/cYAA6AEb4APiQB6oAyNgBzxBKEgGOaAU1IIb4BF4AxYgDMQOyWx5PxEqgq5A/dAnFA1KHuWCykBdQ72HeWAP+Bw8j1ZEZ6KHMGKYNMwo4vsyHMAF4IYo9ClaKaUp6/Bi+EtUClR3CFaEKeoEIiWxmIaP5gqSv76mi6dnpm9hcGD4xLiPCc90glmS+SFLOCsLawdbIDsjewdHOKcg5yhXKbcTDyvPS94KPh9+GQEg8FzwolCmsJuIApLLzYr1iV9HTrF8yQypvdIxMt6yWnIEuX75XAVTEgtpUfGlUo9ys0qV6iG1pN1x6jkarZo/tOV1fHTz9Kr1mw1uGt40umXcazJhhjIXt3CwPGDVYj1vK2jnYV/hMObE7xzk0uyG2+PoftKj23OQ3OlV653tE+hr42fk7xyQHtgRTB3iFdoezh6RFPkmWiemNo4mPiLhURJfctzegf2klHNpHOlFmfgDyVnz2eScybykwzL5qKNvCq8WxZUoHP9aerUstkL11K8z1VVyZyvOfawWqQm4cKWO5WL5ZfX6T1dKr6lc728iN6+2VrVZt4NbtXfMOhY7T3d53Vd9wPcQ/ejx47gn2IHcp4RnVUMeI+YvQ17XvPk4zjNp9S7tw+0Zlrmjn4UXHn8rWj60Yrwqt3Zq/d3vxR3/owEloEVWPx+QAIpAF1gBd8T3+5CVXwkawQMwhqx7AiQMaUF7oGSoDLoFTaAoEa+TUcWoAZgJ9oVvoTnRqehZjDPmMVYXewunjrtLYUbxhjIaT4O/QuVAgAkt1JFEWeJPmm7aUrpYemcGY0YTJmtmExYlVjE2ErsHRyJnDJcXtx2PBa85nzm/mYC5oI2Qh3C0yGHROrEH4jO7qCWVpPykT8oMy7HL+yg0kFaVrJQfq+bsdtbAaB7VWtMx1c1APNhi0G5426jfeNXU1KzZQsrykrWUTbOdrv2wY6gz3uWSm4M7nSeVl4ePq+87f7WAvMAPwTYhfWHm4U8jXaOmY5LjuOPHEu8nd+yrSLFP/ZVememQxXNwIedW3qHDfvmGBWyFj4r8ipePZ5TSnawqV6x4fNqvEqoqP6d8fqgmtpaj7sGllHrDK9LXDBpTmqta89uc21lujdwpu+t8D9d1/r5Cz81e/YcjfQn90gPw4MKz6aHBkYKXIq8qXv9+oz+W+/bRBM2k/dSZdzMfZD8GT5+ZeTA7O4/5xPlZ5oveguMi+avPN6vv/N+Xlg4vcy7X/VD5cfLHyk/Hn80rzCtRK80rq7+0fmX+6l0lrtquHl8dWKNY01pLWLu6NrPOt+68Xrj+cH39t+xvn9/Hfz/6/XtDdsN348RG36b/o/3k5baOD4igAwBmbGPjmzAAuEIA1gs2NlarNjbWzyLJxigAHSHb33W2zhpaAMo3vyWBR62/Uv/9feV/ANk7x4zgXpwkAAABnWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj43MzI8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTI2PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CuI/yjcAAEAASURBVHgB7F0HfBXF859HCwEJhC69iCBIkaqi/FBpIiIWOqJUQelSpIiUICgdlCpVmoB0pAgECQIBQi8J0kIPJYQESM/+Z/Zur7279y4BFP3ffT7J7W2Znf3uzOzs3t4+F8MLnMtBwEHAQcBBwEHAQcBBwEHAQcBB4IkgkO6JUHWIOgg4CDgIOAg4CDgIOAg4CDgIOAhwBByH2xEEBwEHAQcBBwEHAQcBBwEHAQeBJ4iA43A/QXAd0g4CDgIOAg4CDgIOAg4CDgIOAo7D7ciAg4CDgIOAg4CDgIOAg4CDgIPAE0TAcbifILgOaQcBBwEHAQcBBwEHAQcBBwEHAcfhdmTAQcBBwEHAQcBBwEHAQcBBwEHgCSLgONxPEFyHtIOAg4CDgIOAg4CDgIOAg4CDgONwOzLgIOAg4CDgIOAg4CDgIOAg4CDwBBFwHO4nCK5D2kHAQcBBwEHAQcBBwEHAQcBBwHG4HRlwEHAQcBBwEHAQcBBwEHAQcBB4ggg4DvcTBPf/PemkGIiKjPtHYUiIvAv3kv5RFv6RypNj09LoJIi6eRcS/xGO/95KSS7SBNHfy6aH2rCv/mHd8sDcfzgpDu7ejXkq2vfvl+GnAkaHCYiD6Li0jBePAt0/UacXfuNi4M4TxsGjw30z6Ef4pP1sOJvizmjY4n7QcfROeOie5MQ4CCACSbC1jx/kzfUybLwtAcJSzsK4Yi7ouO6KDqGooPGQxfUW7Hygi/b4QLQmt2gNU4JuWOZjKafgi1w5ofCrsyHKMtd/LSEJgifXh4LFZ6S6zUnHZ4B/vpzw6eK//hWgnFv3DbzfchyExqvsJp5fDV+8+zGM3XFZiWQQA1v7dYCRm6S4pLCfwAflosYPR5U8N4MmQHbX+/BnghKFgST4c3hBqDL6oDbSa5h46Nr6M+jdu7fub+R3C2DPuUeXRJZyEaa+mhHyzzphycvltUOhTf8NJjIQBzvGdIAWw83SLMmBOT7u+a3a3rvPZ9Bp2JOp052LJxdzZvq7kDOnH4w/kQpjlUp2CMNPWwbAIQ+iYibDqazmsWS36u8+vQZBn8/awNcrztiqh4X/Dn1bt/Foz20ReoRM7NJGqO5pHEo4BZM6dNbpNOl4r4FjYfn2sMeyUHF93edQMLf1eOVJNi6v/Zbbw2M6G+YZEBpHA1y+MOKYF0/Oou3U/rYdx8ITqdMz6481NQUuQoCvH5TzHQCnTfzdx1WZR4f7Vsg8WDPvN4gwTH5oANs/eRxsmHzCcbgfV0/8B+lkzVkdfKE45PSVGpd8cjP0Cwd4oYS/prVJcHhjX8ha6G0onVUT7S145SD0+mUJnH3g8pgzL6bGlM8NmTzm+u8kkjO2rtdWiOr1MuRIbbMy+fESRdGh+DdcufxTYM2yfnDgqjrCXNm5GKZtWAT9Fx1TBkBXwnmYM24urAiL5M1K75sLqmCoePaMSjNvh2zm4UTN8j6DWLgw9Rok+qr5lAIeAokPr8KMJbNg0o5jcPToUf535Nh2GPrVp1DzOX8Yvf+Oh9Lek1yxt2H3XoDXMlvzFXd+I2xbeBGnDPqLISpXV82F3zZed0vT59Q/meGjzyE9mbWdMDhydC/8cUXC36ycWZzdOs3KPqm4DH4FOekcGa2xf9S6CcMFy76G1WeiLUmZybBl5ieYkPTwDpf1HTt2gPjbcuwYTJw8GibOWgxnbVhecvpGFasH45cshp9CIp4gt55Jx90JBZrC+lhlS3wIe+fOhh8nBSp6TbI9eUx/aF6nDOQY8btic6xIeIuPPL/fYxZPshF7LRC2LNsEkRob5pEYJrpio2A33nNmZJ6zWrSd2r/oz/Pw4EnU6Zmjx5rqgiyQtyFAcqFnIb1Hr/jRqs1gVZyc6pObQ4BV+wzKGb2VlMsQcgCg4LcvQ24NgeS4OHiIwGfOlhlMzVFsHMTgCGCZLtOKw6V9QFctc2ZL9uScSRCDBD3RI55oLcIvc2a5jMktCfmK1fOVjDw8QB78LHmgumMhg2828LVgMz4mBlhGT+1IgnikkS5bNnO8iFXkLR4nn+mzZIYMFvUQrw8TM0I2xN3sIjwTsAYrDLzzaUbVW1wGqDksGO4NU/PdunAKEX0TqhRXPWsG0XB2J8DtJhW5LMVHx0E6Pwv5UUnB/Rvn+FPF4lrnXZMBg650ZWEUYzBKHy09oSxGo69uhYlZkccSx2Ut0VJuqC8Tbcg+9SnL4C57rthbEIKMdq6U34LdJIiLQ2E3qSND6bbAWFvTclb1qZm96wPPK+Pui/qo2AgvmKh16EN+pSrziONX7wOUyAlksw7v+ZXHPfPHXnwz9w68QMbzymlYjrdR/yvG01xF3oeDKBfaK4OP9Gz0o1gJgATZsbVvlyTK4xavgy9fVGU94fof0L9AbRjdbRV03d9JNyGyY6dEH2T2zQI0JTqtbYAhzHCSmz7JB8xMhk9OzIy+r1ka8YHS6WZ7rfAxVKs8GtuuJLgFJBuYYmJHvdVpBzN6S2E5RpjYfTf2DOVLtJ4PDP/cL2xHdJJH2yX6z2q8MNL09eAEmcmwtnxqZVVbNjVh3xc7os3oqCvCULh+ejkXDAhuCz3rFtOluT/EwYZedeBrOcHffAhzL5aEeMfGgpncaDN7x0HtN98spFUeLtlg1Zy2BHZ0LatmTL4J6wY3gY++6QcbOh2C95/VeGw2ZEwrx1myW49naoVovS1kA0d50wlDEvKBcLn7SooRVgLaatSwVdvVHG4hS+yVqpSAaVmz8U2bkfwWq/73lCZoaPO4IC903sigs0jU3C3bIefR9p+mmHmQWVwpySfZIMAxbMyf7jlubWW4QsQ6rL0spSVdYYt7vEojFv/LCBXZ14v2swdyyRR2h/02prmSjk4Xm7HvuoZuLNsxrAajcq0+Kafkm3UuXpNHDsYf4XxR3vqa+kauCdPkTWTHf/5WSSe+/KAJmxtyW80j06E0agvdfUr1YX/cCGebhjVQeIDXB7N9t5LUchi6uu1HHe1PJwUqbaWMCWc3sO5lJJock9pd2Ipjct0m/LvjwdidY6tZ38YvqHwgf8Z62N0jbGKr59U8ZduyxSEqrsm3DrChjTV8NApgIXfVpnjkU80mhe7uIbPKxh2/z5+pTxc0QNrNFzJBMmpbAO9D6reU5L/YiBLAak0/gvkTWWC/GiqfSMcf2rLd1L2IB9Gl/vzwRYlXCuv7U2JB+z9sWh3ep3skdrRJSjgxdAGv80eZ54fHZ/PnDn06K7y4ynRh264lK2WIn57IT6flF5S4FBbNljYHVqLbBt7PKeEbuMx8Gyz1aQq7wqa3AvZMicHslIaUQgADRGPX9G5KvSQXX87drWBn1pfLQ6M0JCQdoXIfN1F1pNpXS9k1OVf0oR909CnvqEMyDdTRFQNa6NIrNBzLjmpU7MS0jxjUF/3pvT7BnDd9ELi3G6LiXnvaSV789PKhOp7e6TGLHb+r1zdRj/FONor6qvxEkjG8ZFl65ZP3OM1l4VJn3N0lyeXvt6RsJJsjsZyQ5TBqNz6LP5JNkivqs4XVML7zWDa+s6pnZVpOZafjJFpm/x8cn8ppKdhrMv3ZH1i2arPUfo85qdfhWn3YpnBNp2DZlKt7WP9aKn8d+rTh9CXd0hDXBMOmV2YFcmnqkdOoTb/U1/OQhHZkWo+WSvsJh+dbjVVshRU+muqUoNp2Yf2VJCUgbMMHASNZMw3un0/fzRLkXB7r9IKZoF+vT2/VTstyHTb3E5yLvMlGzR6h2H0aG6YfUscGT+UTzi3ltku1O7Fsn0Gv241Zz2RR462JDFmoa+fbA1SdVUDRBFQMtfqvyYBBowwLG1u991g2qnNppS+Nskrtzw1duHwLikm3t3L+JH1IZH9+U1+f59oGjuPHc86IIh7v5xZ9wusfEnzHYz5KFHnb/7qb21hFly1KRoYsY13fK6u0j2SVxkUxBtnFgciH/zZeJwMjBjfyPKbEH+A4mfEYGzyE8zQ7VAxIerkwG9NoDF0z/G2lLaVaB3A7o7MPBhw8yYb7mJjIQhZ9w96qoNoOknXF94qX7Kewe3S3tCly298SttbAl/QojfMeZdBLnZ51RaJfqHOA4tdQewLJVqNNJ3+118L57KtSanv1PpOH8mgXVzXDchp/xshLyTaD2eazon+xxV7skBlEODu1uKICuZK10DgeIufDEGlAEQPW+TkfcqEZvGQL2xe0ho1pJDlUh/l4F8vW9ZAA+HjyrzydnFESwA1iAGQRbGZDGaSaAWz15hVs6oR1OqMl6mZo8ISD3HbyehYSvIY7t2RECXjpSmRbuhVhNXpNZRt3BbP9m+ZwRcmXb6pKU0On15JAtnvdRIUuCd7wdbvZzsXfSMrQf6cgzG5uD5Di2gSw34P3sUUDpYmGwCkF2zK1EDBy5JYGBXO6fGLQboNEQ1Nv7/nrWdDmuZw3ITiioru7hnAaP63dwQ4e2qYMyquEc3j/gOKojl0XpNDxryI7THI64TJlcxALXCm3pYE0CHvlUzAi7kiP2iGcCKH4oNC7w50TnxoyxrL8dN9Ek7JYdnTNNNa+LPYxOhRzlsxj834JliYpGjys+1MwIe6xbH17YNSfwtkUKdr7peVt+eAq5EIM4oTJzB3BvH+5LNUXTiaa61DJKR91SOMwyI5cKT55YCyZXWDjEQtotoxXd3hiPS4TE4Rzq2WCh2O5PJJcNRu+lO0N/o1NaC3J+/xL6FwZ+nL32mkca9IR0d/UX4qOvDOW7TyEsvdVQ16vmPjSJE1MXr6cuYTNm7sYnSbZeZXb8OXMlWxvSAjbMKM/LyscX+GICYfbTn3UNG/6QHkE7tSeH1dsZr9MnMQnOQnnpAnRyz1n8fb88l0HztPnO25QMa+XlmfqLeo7qmPh0R0cB4HLiYlVWAEYzMIERYMsRx5czYa0KcPLDp05n82fs46FI2wKfeprnHiTLVn9nTxp0dgEQVbchW6MPy7cRymFBthZNXBiL+uI0EHieeTKQG6nSMfIIRITIZI1mhxwmQ1EPV6h2inLwRGrS43DLSYqn09Zym3a1nmSbEDTVVxHrfAR7dXeRdv7BlEfJrKkh4mKE63kQ/yFo11nhKQPYmFg9D7JybSq0w5mpE+C/sfYppXzh7Ehy6XeF7JIujhqcaBiN3X210P5B8fH8b4QDvfDQ+O4zH4xaT3q9XY2p2dN3n/S2IcyFL6Kp5PdW4XjwcbJ7aXnAVvdcZEBEhgKW6vgpg0YZJhklS+AeJFVd6eMMdEGUR9NKgif6t/QYlsit7U0CT0Yo2XAIizbGei+wbJ9oqSYiEP7VZg3kS2vopk8i0yGe2RwAJ/wkB0hvKd3fI3zOmC7ZDPs4iBsD6At3Rq8i/08QtJrkgPRt4aqcUIvyZWwmdr0S8u7cj7E4k7oXGkS3+CrBWwn8insvZBvKivGDRr3yG9SJtXymKqlL8KqbGjGJznRvW8T2c4vCrEiuGCwensQC96xiNtF6sv9NKfHRRgaB2gMrD9wFlsydx7bHm7RyXLby006wPvVTK9tYe+hTm+6oqOPi4dr1i1mg75ZIvkAGp01Yt59k4lsGMoL2spkB+WY2xD089YHB7P18yWbODRIWtC0ZYdEp2nulg636FjhVGvKMHKwtQ4uGfeiMFZ1ZtHBunlHGuiFUmlXDJlxhVzuTJpdaFcGtHWKcDQqHBmDVovU2bYwGKYr4nLBMxP0Kz6CjpavwP6FOO2hu8TMPJavBpFjReItZlHaWRB1FK2CUUdx3u/vkTrqc82bgXt3WFSixAitthH/6kwY5V6ewAiDJ9qqu5+bpSt35Nuq/Pnn06Q50pUceYFdjpbClE59JCY1FKtzQL3wKVHR/JcNfD+OjWSEqR25C41lFymbbKSF4RPyM1We8Sezv/hqZMUJJzVE0deU8UhNf9KKMk1qvBl1wqAwBEj8oUySk06YrJFXPomRnd00fYfP19Z25Xm2aBaXhCEYEnxP4V1g+cPSybwfGs/Vt0vJiAGhA+9Pk1diMY7kJvyCtC5DfHJHUftGJ/xXTlc4jcLY0wRH6EhKwh5uLLWOF9HS66KWEzWczI5wp14MHu6rxbLT4qE+W/qgwf03w+xI6O2CcJWv+xGR6oONkHCmSQYvL/qQ5YM+6KJGs59zoXx024qxiWx1XQzLOsxJor3RTh4pjmwaDbbBKTwH/0d9RKvBRFM4UERvS3fQyJWaX4SE7H82L5CFhOxj+/btY8G7cJLVSXIO3px4gGeN2Sc5axNClJUCXHbT97uwUz+Fqnou3rB4Wm3SOpakp8Y/ZWARTBvuW9upEwNKMsPHUIQ/irZr69PqDc8k2/uC/al/5EuO064emtVpBzOhK7m4wygqkO7klJCu/aLRtaRj0iRbsUEyL2blqX1kQ4RTRo4W0Vulke3Yh6JOSVZIfk6IKLyTM0ayxt/waeJFUGDocTwwyLBdWXV3yhgzqy94dDXezgmzhnPZkRZOBIfW98s/t+X552tsrGluHE9ocYCwocmlGEe1/W9azhCZzE5yOuQI0mUPB3MdptV2Ow53oZ4L+KIF6TXp968zB/A2i7FG2NLsw9SFOuGgCTsk8rw0WvUTKM+8lvq3T4bmKn1F+lW+krtee+QfiSWFSDZnoSz/KSmSY2lcHDDWSzpF/aXV6/T1JL9I5LWHPfaRaZ3edUXQpzfJYaJScZd1tuVidRwmn4MWK9RFJMmem5UXtBW7KPs7YiGVqkmKjRW1MVt2SMmtBjIggKZXxP6dfL9ttULqHkQpYxJcPPMr7rcNALEVN2Om4hAO/SBPrSjYMqsX1CuTG/LQPkG8zu+m3ZMANV7IDNfDw/leYp+YSL7P9LkE2ksKkHjlFN9jOaDzO7o94TzR8O96yE7cpdQEOjUppaRkzODDw9G0gRw/0qC9nKGb1sKqXafglisLlK9SAs5OPwQxuB9TfEQk6LRrWEyhk9U3CdAAQOvXJebpAyO6sl2Ilj4OPbUZvsXn12u/AIm3rkE41pcha0Yo2KgQxOzBPdaYxrKWhjo1AJZPqwnN8y2Fkd2bwvP+OSE7EcLr5omd2MYuULWUimv60i/yj7ikHNL/yNA/YNXyzXAqEncXvVAeit/bwfujSP6sQKdvzBuEJyd03wDNy6gb7NP5F4NCWFykUx+VglsQHv4QXylkgWSfvLhvNprv8fLGp5YXCjPfHJzHjQdvwPcVQuDduQB9x/WCH/tugsusL9xb0JNj90ntfLzojaMHeT+9KMtPuuth/OOM96rq9xZfRTy89aeRF9eD6xB0BaD2C8XVfcCGTCQDx1YfhMvN+kIe4h/bfXErQGz7btCwiLrHLkfBvJDlknrMxc2TB8Af6kOJbCrB+zdO8YcX8z+jRBZ+rw/u96oE3VruAOiwDBa00+zpU3JJgfPb8PQPaAsDO1RUUlyQDYoUU/sqEfvy4xJqX0L+koAGDs5ejeZlhI5079lY0RFXAvDwtTiJrGhzePtB+AmI/kq5exZ+W7sS9h2OhuRcz0LlchnhNmYp7Sfto3NFXuX907CC1D926ou1ow8a3Os8q+cpcy5USLw6Fq0Et9bOhw6NK0GOvPb2MApKBau8D3dhB1xJjIfYNb9CRPtVUAyxvfdlVSg8aD9cnFIOTvyOsjKtvBsmggbdE+Pv4f9nIPkh3lTVpCSIqF8JiikikwGKvvQRYrcDLjwYDEUNeXkB+d/Mdm/ATG0Ehj+fHghju1TlseGHt/B7Np9ItI23uW3MmC437/fg83cwrRBc3vMH14+yhVTZcOUvBCUx9TQvbfUvituLHiNrQ1YaJsXlioUTX4+GTeJZvkcc3wZbdoRAaMQ9yPt8FfDLXhIypah7wD3hYyDFHz8aOQta4AARgzJa4Xl3kAjtz1vUVIqyTCWgUTV9m8zqtIOZINqxFqHkftGH3AW1eJavAzgww/Jb1PnqZVVezYE9VKMujhLToXmBStBj3iTo2bI2FJY/EqePbiP2SR9isTs4XtxP5HY4Q65iqBXj4OiZB1BTs8dfSzet4bTKqrG+6n1mQ+eBlaBPZ7RvDWbB0AY0sni+GFyF5R8vBFyQgqYaG2ssRXu8f/6oGiyAivBz+FiogKKtFVFjfu0zlT20dhPsO3oOrqBVLZPzKPyEGWr56PcDe8KhSFapXy53qw4FNMQLV62KfblaE+MepF3eVyZ/Aq9M1qfhKjKs/q4vFMXolIgLQMnvonG4fe0aflCYCOlRBfC7UMh2XPIlssh5RqFtERftI679eh3IhuOUt+udzoOgRqHM0PQDKacP7n0f0H8opEdrob1Sbp2GTRv+gCNnLkHSs6WhRJxkNS7fi8VsmcCFvJEuxuFHkaB4KVoK+jD5LpNWvAWuhPuQkKG4PlF+8oQ92UuzOu3oyqsvShXcL1UakXK/qB2vVSimJKSD5+D9iVXghzH3FL+PEq3KKwUxwLI+C3WwM/s1Kw4Xek2Fqb0+hWpF1fE/NXZIS9fS4X4YfREH8/ehqOGoAxL4k4sBHZnnuCNDxIq1nwfbb2aHtwaOgvovjIKa3ZfCiiktID86PSfX4GiHV8fyhtEW49LH8yR4ePEvdJwqwusVckoRlv/j4OTObRBfYypo7dSlY9LkgD7GI6X/4dVC0GMvQJG2n8GHmS9Bx4+kTzIqf/uS7KyodITfS+0K/e0GRLR7E82xfKVEwFEcE0vJ5WJx8KArqGs1yNtVCov/+fJJneqCnNBhwwGIbFcNvvqmJSzHv+GbwtBgPY9Z5XqrNdMM4EThGcWJoqcT89pB+fbzAV5sAr3q5oWdXVrBQIzH1+JQGB1BV+xDuI7PHepUNHU4Kf0Bpl+GIVA6zxAMqReuzgDB7plPNb8SSpcPKuG7p0D/RDgyfxDgdg5o/3YWmNM3EnyjjsPUETfh5TldpI/UsND1s7+jOeytnDwSeyOUT7J6FlSFVsHDQ38q9WsCSVeO8Ana6MoFNbH6IJ1MsesAQPlWZSRHK+ESd9Ibvfmighl3UFfdhIj/5ZEmS7KTfq1+D8itOFjYlpCd3GEukV+NTMmUXfHLlo5srvsATssJ1RGyJQSS8OPjUqrPpGTR9qUSqQnciU/kT0JH6lfNp6bG3udOs3CSRZtLtS+hcy7pKKlXSn7A8W+OxzjlPDQDmn1zitNpWVEacmIvhfH0rgX9U1GfxIpHfTDBXTSAPvyK2PUDtK3VDfq+9xKMQWO+7NqP8Jb2oyOR2eLuV6osujVDYN+xAxC7EqDF8pd4zhJvNYEbsAIOHHsFjmNM3ZetZcWCNI+Ox48Ly7eqoOtfV1wUypD5x0laWv12nIevq+aGB2eXw7OVcfrUbgP82KW2kiUjk6bhnV4sosSJQHk5QB8OZipUE4rhQKVekkyozyYhVyT45+oCQ4d00skCLTks340ON7ZLXOdWfgHPNZ3GHfRWfZ6DM+M/gl9PYGoDkSP191eafAofvqh3gtypaNvhLa9U2g5mlJMGXz9/zaxZKq78T0dVy/roglxQFJ198XEsZfJWXhAiGcZ9xdD34xYwHidY49sB4PcnMOQ9svd44gUOabcP9IPyufuJIsqdGb/QVVLSFngUWXWrMVNFeL8bwOQfcIGpaV3d+OSWV0RcCoIvMfwp4mCc8IssdD86qQt8shlPq5o0DermvAfXruHBB1nuQRR6I8fPX4Gbd4vAM/7+bjS4o/52Ll629HufQcN8Z+DTb9AZwSujvOhAYbs4lC5XUBkLqJz2hCJ6NruiKRIXR258WwsyxV2AOVUrwsjwJrBiRl+o7JJKxONYR9d69AHySFHK/3z5JKeHxkPp0uoAyiDqrZ3rze7DoI9Bv1rnOgplO3AOOYmESxuhcdFGgC4MtO7cG/xOfw/D1kp2304dxjxEufw0XJD8qJQxSXm2i71SQBPwrivxpn2rIQHpDJ2YFBWCH49/pnwgbsaftrwIu6Ag9D1xEnIO6QwdJnWH6viH30vB2tEt4FnMZNcOCXrirnoQIgbv5CQcWhICN2uoToVIdt05APOvALRqXFlRCFqte/OrOZB09xTgHjb4c2pL+JqftZwIcSiE5Cievh8DdyMi4eZNdHAipftPzaWOu3osGOdWr0Bh/eRMVKncGdyBC8vRPW1QWWMAkuAGHjkljpW7vnkid7bxIxgIXzADJsxcBCxKmjK+VC4/p2VGx5VwGdBPhtrV1FVTV8wVLqw1XyrMy904cpDfl+FZujFyG6g99Hfs9CcKT+lyV4UB6xlcP74acN8yjHm7Kz9jOgVdAOK/SOuXdAN43Ik/eD2+DC1OwlEYic52tW92QgKWnzhhJmxi0fAT+lnX6pcG7ovIY5NPNjmgICQHMJqU44vNYRAdLWFNPEZG3oTwmyuhpjx4W/FpJCee41BaHp7dAKN7HYSG85tCmVIvQHVYCNNGDUEHGCcHcn+SYTy/EVd02pdU5syXjuzjK3UlNCtLZv1ADoG2P0Xd2vut0FA0lBWhdBHrATXlzhU4jIXeryL1XdIFyUl/pWxBhZRwUMu/gkc6Yax4rtVEdbBIF46s3YYO82sahzkJ9g5rzt92ELE9R1EhHvEy9iW7cZ6v3FQvkYtTNtOR2MvHuJNcSnaSRZnmlZUpI9fl1Z9/gKtBfQD3YMKyCRNg2pqTgK9+dW+wbhyR3jSIlVQ79dnRBzPctVDlff0LLt8H8Vz/2zADmr672OTsaG0JfdiVtzT0xKjtP83kJx28WUWaQGQrXROnlkdh5c/zYD2GqpaQnFt96Sf7lCNHPjw5KBvkf+kTwC0aAPMawc/n5Vk7Pia6yK0D0NuTSK6nf3Qox9MSXS5If+U6RKXwx1T/U2uTitJKkvZicBM29Z7G39JcY9vhp/EzYeVxBocnVYUCaA/TekkrZmktbV3ODmZqab0zo8brQ6T3ZPsz0HFQusteef/KzWHOyUS4vO8X/nbi6yalYU6YhDyNf7hnHy7FRLuNf22LmszAdfX/PQ8+zORokOsbYTQ623Sd6TAVjtiQvyvBu7hdblxB0kGptP4/jQ27x6/gkad71YRc2XJCQXzLmMu/FB+3YWojyJczJwTRipHhSg5bxZ3tnmsuQ+gaeWy/vweaGfLZfbwYpe/vTDaX2WuVLQT5nskG/rkrQMefh+BYuwb6zTyqVOuTvwx/G9xs5UnD+Bup+AkZs0iuuE9GHPM1VyaWU/NkHTTTrwf8LZ1a5q9V38BeHJfxY3FYNFOy+7gVQs2QhtBtNx1JAxGLIo9DV1IMk9h43/yQnCFet8JtUb179DNlof2k3XD/6lGY16EmHBjTElpNP8Xzpc4OqaRNHW5yoKu0qgvpgldD8G01MzlDgT+M5IN8o7fk13VxN/G1tzRrS5/jBfh00o9cAQ6fvIGrqH7wXHlJ+dJlfYa/Ls6TJw/kxdkr3el4JHJoTmz+HeKrVYYiXuyP68El2Irs1C2nKjRtFTi56xrcric5d1GhxyRn7EXJUSHub+8J4o0Q5z+b0RFHh9XXrJo+vHyCt/X54s/w8vmqV+X3yAe+fAZObRB/eeXVlAfXzsKdZJ4N8uMK9ZxVU3GI2wF/RSRAOtwKEYxJob+dkzerSO1fM7Ev347xbqWs8PBMEF+9bdbyVWX27XoQBscjAMq9/YLOUf/lj3NSRfJ/PClJvmj9DeDA3ts44EtYE5/+/sSvP6friU9BRXt3oXtW4p0CcBSd6z/QeetRLx+4WBYgd3bu+HVQcnQ/qJ1VKkGTF1pdrlVNrLQmQfjhlXjEZEPdEZNm/WDsTy0PIhxx8Q8+QXvew0oorTKEYIHn5BX1qAuh3MGsWkJdexEOqnDKaYmDJip3NaslcGkbfI9LBC80LKdgf3vTCHht+H74OvAw4L5wWNppGX/jIPjT3l2IdjbsjGwHwtG1US/llyDRQFBfbdgkVjwoD/5o0LRenN9m/6PN6uY6IiYxwkmOu3OeV1DOMHOlWX3EsA+hiiTGmCcODh9YiKv2r0B+/gZL2ibmm+8tvpJqtz47+mCGO2cS23jp7DUelOzN93B0aF7IdEW8/ouDiyH74NS1+1J2q//pCsP/cMTdNGMR16FqxSQjwrKXhQ9r4DaB8YvAp+ibUMyLv50Uj54RXulV8bCqMRXxwmHLAHWGLeXl2o7aqPx2QcFy/+Nx59DvphU9yZb4o86irmaTBmK/XM9BBEyAHX8lqPVG46+n4lNeNSbNIVfCdaD5Yumq5RX5JvmLunaDb8EThFOLT+aMjw6kWZ12MBM8W93xdHW4GKPxIHFyTpb0zdJkzVJ3ka7cJaOBa2iFajSD2VGB3NmKeBiL45+k+zmCL8CdLNl0418OtMcWp7gqDDwODBVicsA3dwEcjy7AdY2NuxV6yJAtDlb3aoRvhgZD4IFFXP76TlEdSkNm5THy7AF8q90UKhvtcjK+Fd8XDOfvJ3Of4MOdp+Ho6dNwWvP317m9MBZf4ef5ahWcOnsRXvZRyCqBxIck9QD5Cmve8iXFc11QMtkM+KBfm2vgGjijyX/z6kXsMbLGni/t+JD99S6A3xPBka7DlB9uS5erELyEJP7cf1U//uLkW/gJGYqX5X7SkvWnlcq43T24Tad3SmIaAhl9/HGcrArlcquFk+9rOl6NBruylsuwdUdDItVBbZ2PqitUOZn4S6FXFT5oMWH/D7hroVZBZXFYSbQRiLoZw3NlLVABPv1pG1/03HlKop9WO2TqcFMtBarU4I5iqzzvw/hft8D+oE0w4bNy8CaerUyvVN7jr9fj4Le2+aBsoRoQ8OtOCA09DmunTOEO41uvlUAqGaD4a+/BNTwJuXSbcbDzRBgc2LwYOuGqzZhgSXlwwxOcQYcm4QP9qi9vqeHfwwshfCW46gvqixpandiGLNWuWpqDmjmPHzqzR2H9ij8h/FIo/IZbW/I0HIlq1EQ5/9mMTtTVc6hs+lXTywek/ZNV5H3IWQq/iLt7Ab6q0Bxmo7N1/PB2mNb7dSja/w/JgcbV6fYFS0HuN7+EVftPQNih7fBd3+58O0IlXNlNPn+SY5O8tQU0n7IBTp0/Dkt7NoCWvwC8s7Y7PIe9QXVUwTrmDJ8JB85fglM75kLVZ6rxPWGNn5cHhEyVoEN3gDvDa8InSOfYiWBY0qsklMg4CvfS45WpNDREJ2Q/pn88cyscDTsEGxYMgPyuL6WVCi98Egn3KwPkyfsqj35hWgeopJEcwq1nq5eVIsKRrSWvtJITHb4f+zgqFPYfCYa9odIszqwfjP2pEJUDZJSObT4It8s+hK0L5sPMmTOVvykoe5svSY7J5X2beZ+LFfWIUFrBrcS35AiaD65LDmpZeW8Wy1oCcB4BZ3v3gdk7TkLY/kXwdlFpK8ZzpSSZY5dWQwOUJ9KBr2tXgjc+DYDbV/rBEstfnssMb3QL4DrwbmvSgRPwx5JhkCFLRlhwGXnFvnqvPRqKsbWh6fer4FjYcVg5sBY0+O4SVJs+AeqRFTHVkTg+iSEnWWyLurwPN4zidTHsABzYdYhvN+ER+M9v2FhYuj8Mzh/fBZMb+ULjKfjGpLm0F4765+xOdMpxvxq3zTbr86oPWK8Z7sTTtS09oGipgvD2wIWwJwztwpbp0H+EtL2HXLWHJ36E4lVfgTcrz9e1g8pqL3LWS79Sl0dFtH8NnpflkvZDVmxSjcdHvVWWf9ugLWcM56nwMqKwBrau2glb1+ywnEBpy0nLDNoY67CryEeAH1vi7PQDWCqvfvq93prvHR5W+X/cxu7aHwSLB9WEvBk/UX65rXDDj7nN+bpMJ5izLhB2bJkHDfLU43bQujZ7KXx+jvJXF43a9a6DYebukzhghcDc3mXgje+vQIy6ZgGpxWfLkpmwYIaqm6SnUycthXOpAM2sTjuYeW59Dj4+dHi2Lkzdsh+OH1kLnQo0QrvZBdqT8qfy2tXdDwpmfwvGrd8NoWhnl08Zyyf60splZnh3xALusL5Uewj8figMDu9eAQOfd0Gm9huVRRerKt0wnDUFJi3erUzYrMqZxQvYC77ehLf/ww9wjNq9G3b+OgaebTZdV4R++feD5QAfbuqO42prwMMEYFfvT2D1dc0kRVdCWjiib2aiquXljo82+cys5vDiKy9DyZ7rMDoDPFuyDFQoUwbKaP6eK1EJiqLxKYBvrF4oWRSyS/NNLRnwxZVjuuaPn4xjyCW0z8uhU443UqULhAN/I9/rS26TG3T+AfacOQ4bZ3WAgm+Pd9sDzSsU/8T8WTxzWgWhzZIAbjsCZsuTEtyO8wW+Ibr6fT2oN0Ky6WTzXbi48tWOCKl0phehBY7RhwZVgy7z0Xc6sR0mtfHj30Zp9U5TldcgvQ2jS/R1Rp/sfFvpSPQBzl46B38sHQA56ui3mJIQ0hCzdMlSCNy0GRdYkzkNt39y23duXgLTF+j1esrkmbAjXBp33cppIgRf5nU+mq5QNTRVmt30eWg7ZRV+qxSMvtX70B0XE0YNfNOWw00LU3SRXYwKGoW/uuwH7b5fBgfDQuHguhkwHbuufElpmSPNdkj9ftI9dHbNKN1RecgHw49+NGde4ikT4TvZ0EZl6GWM8vfB5C2aPIns0LQvlDSeD8+lXnRcPvdUPs5FOY3BnQ0lhr7Yp69wxTFvPEE+8UT5ojvuLzbpHZUXeKMt/7pWOU0DC5nRoS/H6TguflyOXCN90a07ShDj7x1bphw5RW1BZxPPHD8sH4GUyP76TX9GN33RLs69FF+00xmwWrx6rdB+wx7Lgia1U9KJ/sfvS+0RJ35w9uIusBktS+nyDV5xWDpqjzIgDtp0qq9R9wX8uDM6acETn5y+yT86+YDwFyd4iC97xZfXogh99U58i3OQKf7wxKYKr+JLdLN+ECfYKP0piMp3OqEEV0IUWlocqU5xjB59ZS9OjiE++Rmb9dXj/4gcnYKgHJEk0793fCE/wULQFV+C02k9dKwbnUhDR8yJUyvESR2Vv5W+kpfJGG54LvycfjqeX+2xgJ0VZznjUUlL2qvn2FPdfRSZQlImOkJt4mdEa44Xo+O8cLLG66Ev5sXBCdF4DjD6VEr91bp+zMPihBJx9rjybLM+aqQnfbDCnYMTd4X9Nlo+Ik3wpjknXhzPKL4w52Us/kUGS1/ea78op6ziS/IP5DO/leLyF+1aGaOTaAR24hQKgbGQV1Ge2wXdySUiRboL3rX0KUXUUaTfTuXItJRrO9XjwBAHkuF+aGPFSTRUDve5K7yRbHQLGMiftScsUT7tRTwqX9xrEqhNdPIKHcX2QI5PCP9d/7sBHw9moz7Tn5YgeKf6BT4askpQtF3oj/au6JqMv/YELMGXFmurOr1iZkJfMChObxFntRN/ZNN+Oac5KcZDebJtlF+cUnLn2EbW9z1Vt4hel7n7lf6lesM36cdROjJ2wR+XBEtud08YKvpgkOHUyOrpFX0VW0D8inOa6eQsOimDjq7UnobE8IhX9A2Z7lQZA9dUP9lYM5kTR+aR3FtdVvwb858znNvf8rM2vC3ipCYrOu46G8u2j26m4ECyOfGHjrq+NdYtbL3xRCqBmdZ/oLFiXX/1jG3C+bWOU1nwVWH0kTqefz/sNVV2ineaymYPKmmKoeBFyIbRtlD61U1f8vFMnH5DY6X291FIbkcMasVtDD+OFstQHuW4WeRRdxyuqJTyyedcUzvM/ogfu9h7qtOTrljR52zK+oDf7enGus6LDyut8FhePn1K+DLJkX+xRYbfraD+0f7+glc7pNSsBlwURAA9XPRLXTGQHIuvW/3wdafJdi8qnBCJrzlxcpQZtzCY5sFfOrqLv6qIP7GHr0stiHjgIrVJ8TF34WFSBnxV6+FXHFNLVMmfBPfv0i8CWtFPgrt37/J0f3xVjFuq+XV0dDV4d1ATCGJ4ugH+UuCtmDjEy/zVYjKmR8fiL5chnmazfcGK1E4Jd7NfMKNfU3qIe03M6ZjzKWg/7vuT7ZPHya3cv49bVrFP72KfAv5CpNgyoOVa9HkGXwsd0ma2Cst1uPf3E2oT58ObPlgxi/HIbxTqActMmOjtAtmUWLQ5nuTfA+XUJyEvN7F/aBuWmS6lnqD9Evdle2Fpr2T7mR5/kdH612/t12eWU/Dgb/Wx4T+Bj4c6Bb+WmJk08sz0uvDy5wVgc8oCqI6nZd1NdvHtPMJGmxSxFeXNDtMvBv+d459XppPQFuGvND9JedLyQH3loxkLtWmpDj9GXUiJjkG/JYnz9uiboNxbImy6J5yFHFvqnTvZVMUIHsg3M7druIUMt09kQBv8jJ/Jq4VU1WY3s4c606IrCQehgU81qBOaAH1LJ6P/Rb8C/gjjqGgG2h8as+30nx07ZMPhFjU790dBgLZCLKruB21zLoS7mz/W7Jd8FKpOWQcBBwEHAQcBuwiQw13p8xT47f525ZsTu2WdfA4CDgJPKQKyw10NtyqPRD/rab3+runM09r+v4+vFPyy+sALMHFfQ8fZ/vtQd2pyEHAQcBBQEPDNXQpKNntZOa5USXACDgIOAv9eBPDAA394D2oXVk4GeCrb4qxwP5Xd4jDlIOAg4CDgIOAg4CDgIOAg8F9BQP6m/7/SHKcdDgIOAg4CDgIOAg4CDgIOAg4CTxcCjsP9dPWHw42DgIOAg4CDgIOAg4CDgIPAfwwBx+H+j3Wo0xwHAQcBBwEHAQcBBwEHAQeBpwsBx+F+uvrD4cZBwEHAQcBBwEHAQcBBwEHgP4aA43D/xzrUaY6DgIOAg4CDgIOAg4CDgIPA04WA43A/Xf3hcOMg4CDgIOAg4CDgIOAg4CDwH0PgkR1u/mtw9OPz/8IrPjrub+X634rV343T39op/9HK6NfF6NdO6YcttZdVvDaPE3YQ+KcQMLOR5vYnDqLjDML9WJjGX4TEXxF2rlQggLbmzhPpi1Tw8I9mdWTmH4X/X1S5pcOdeH41fNoyAA5FWbcmKewn8MmVE2r8cNQ60z+QQr/quHlMD2jbcSyE3DdjIAn+HF4Qsk87YZb4ROIeB1aX1w6FNv03gHuXxMGOMR2gxXCztEdpjnecSE66tv4Mevfurfvr02sQ9PmsDXy94owtBlj479C3dRuYEnTDVn4nkzUCl9b1xZ+19YOcOXOC/7iDSkareCWDE3AQ+AcRcLeR5vaHpZyFAJcvjDj2MFXcWttPlcyZ6e+i3vjB+BMP1Mj/B6GbQRMgu+t9+DMhdY1NgYsQgLamnO8AOJ2SurL/WO6EUzCmY2fdeKUdv8hvOMZxkOSvymjVhprx/P9VZsywEHHm8mQPT0HD092cvqcST0ea5S9NJj68CguWfQ2Fe/eAyhY/lZneNxdUwXYUzJ7x6WiNzIXrXghMGjgVtuBzttZtocob+XT8MYiFC1OvwfND/j6+HwdWcec3wraFeSHpe11zgEEiXF01F36DlyHpG33aozzZwSnp4R2YsWQWVKhQQakqMXduOL1jB39uUSdAibcK0AA6qlg9GI8ZylfrBz1ez2+V1Yn3ggBNNv8IQCRfHwyrh78JxUqX5yWs4r2Qc5IdBP42BIw20sr+uGKjYDdyVSsjSxVvVvZTSySDX0H+mCPj3zc2aOv/p8K3QzZj1VkBf7APIJN9LlyQBfI2BEg+9iykt1y+s0/v78jJMmUH/4c7YeGFwpCfMQgMDOTVvvHGG/y+83ocdEUcWCbJT0j04if8f5UZT31lJk9Cn73h6YmuSDOjL9Ke5rulwy2Y9vVg1FxF3oeDKLBWVxy+agLwhcyZvVZjRSJN8Te2LufONhWetmgPjH3jfTQLqbvi4mi7SQbPvCfFQUwsQOZsmUExz0lJEP8wCdL5aeKQkmessAwSSvHNBr4eoGK+AOmTfJAr98snJ8ZFEsful/e2YP3R7jy7U3KP8X2xIzDWUZfAkJGfXs4FA4LbQs+6xXRp7g9xsKFXHfhaTvDP7J7jicSY9Z2NiuzItHe8bVTkJYunOlznAUoHtIImb5TVUbGK55ls4hEfE+NVTnWVenjwhmUy6iCtM/pl9iQUSRATk6TXQas65TZmQ321upIwT6xRp42ZzbCy0HttUW/toXTydzJ7aK9EIwNiYqbpUm0SHc+2yxv2lM4yWNsjb+W17bYb9mwjNVRkY5s5I1l1e7aTSnuyn4J6idbzgeGf+WW/LvPyjxBrJnNact7S5bxW/ZbBRxrHPc0zzOTKBXmh80YGnbW8aMMyX550TpLptOm5xJNnndGyQ2EXFITPlpyBz+SEMzOqwBtDusCGHZ10fgIhwkoAJGSWBM4KO2uZSf24KmGh12+zOJl16Wan78k+oWHz5mNYtVHUZxdvK3myg6eoi+5Sfe62zIq+tuxTGWYW14PjU7m8jToUZZGDsZTkv9hIlMlxx+/LeRJZYL8arHrvsWxU59K8PDaalWk5lZ2OU8mEzf2E5YYubI8ohklJt7eyZgqtRPbnN/X1ea5tYPUx/eM5Z1RCJqEUdoctrIaLvi1nsS3z26ONfZNt0TUhlm1th+lIS/lrMIvdlWndC13FPq+tSWs8mG2/GK/URG0eUQJYvT69OT9Eg9qy6Xw4C5rUTqVZti1bc05toDtWRDKRHVs0lOFbAqVcywFL2VkNVkrFGAibXpkVyKXyKtJSWDT7pT6wbNX0ad7awlgs2ze9m1I3taXdmPXsFifsGSdRt9n93KJPOM0hwXfMknVxIm/7X3ezpc2BlZ94RJfu6SEl+QIbWxTYB9NOKtmEbO0XXXb/AE0HWKcVQm70bc4IFdnINWFKefeAPZmmcp7wThuv7tx4qoPFS21V5BrbzfXXKp6T94aH1P5CnQPY0MaSnPpBExaoirbKZPwRjrVqD9BGoGxSv9bW9FFkyEKu64LPkm0Gs81nNQRjTrKJrZ5X5bJWH7YpXHSoZHeMOgj1Fyo6rDKEOoO2hurp0KezQo/4X3RMaxQSWciib9hbFVQ9pDwz9l1XSKVV7zkBL+1hxvQXm7Cxm4RMSvjXGbGU/TKiodKGCg3HsmMxCnss6e4RNq1HSyWd2vx8q7EsRBg2OSvJT/cyajtfaNxHh72xb95Ge3RNrYYZ0936TpM3dO5HLN0rY9lFOS4lfBW3dd8G35ZjYtn69shLc6nv9DbSg/1Beaaxos7gkVzehBx9Pn03S9DUbwxa2U9tvoRzS5k/tFXGJtHvHwSM1Mmsvq5YtqVbEZ2ME01qvyqXaRzT4i6wOT3eUfqVxrOA5YfZA8G0SboqO5TJu/0Km4Z8Ip7iT9t+b3JF+r2qmdqHVKM9ncOMRrlPjZ4by+p0hriwfwm5kMY9tRy1jfsSncey8Z1Ve2T0Z4wy43lcVemLkMDrnbbvKX1Qs/tSdv76QTamkdovr/ZYwMKTRCm6e7PdDPV1Gev6XlmFLvXxp5MCNbbSu3zwGlOBt5U82cXTm8xZ0dci87SGcXXS/LLjcDN0ZsgJFk45AbqggSwgrw9mG3cFs9XftZA6u/9OpaKwaXUYDWhah/vhoXE8n6BFQkzCUf2bP7FcIjfMZAgOagYZhaA2gI45ObAtll9m7NqvnEaHtRhWrlh2dM001r4s8tkmgC1ePI/N+yVYMmByWapnwY5gFrhyNKdFz1oHjow98dZ5/hYWtHma4nhT3JDFgWz3uok8rjAEKIONESti5/LPbTmdvL2msm1B29mir6QBdeE51blQ2MaAMAyGMZQ7NW4Ot422CMy/mLSe7Q3ezub0rMknD4eTqVYPOGmZMoZlpwu6b/A4+FGxh8dn8/ZD+1WYN5Etr5JKhxvlTdtummwJ+ZsQIjlwoo2zZEz5IIj91OCrBWwntnlCa6kvR+/TOmBqo+zKNPOCN9FJLa8qF3LISx0s6Qrbsngid6hoEjhv0WZp8mYVj2S94aFrf6MAtmbdYjbomyU6J0zhEx0hrT2geCrPB61J8kQK5YPrD+re+uBgtn5+fy4DQ4Mk5zaFRbCphYDxidDKQLZ/0xxOk9pzVKgF2h2hgx9PWcpWzh/GhiwPU9jQBrTGeey6IK6bZB909FD2dn5RiBXBgXX19iAWvGMRd+Qeh957b4/kWJI9nL1Zqrsn8gfdtnL90eLvU6oPW7YjiG2c3F7Sm2bLVMdL1rvPEY/fg/exrfMkXKHpKjWPRn7mI50tS4ZxOjXnSpNRcojJhgE6PquCgtV6Bki8MC99p8WdwtfWduX9uEH2ZIS9yz5MGgtSkk8yaqsyydaNJx7sj2YCSRORvcG/KZNBKz0mfqzsJ6WJ68HxcXyRRhmbNLJmVZebjMvEjPWldkzT2rPe89ezXTuWs69KASsAgxlJu7K4hBh2mbGe7Qtaw/rXkuzZ0F3SYodWfnCbmemYHHlwNRvSpgzvq6Ez57P5c9apjp0XuRL0tYs9dnTOu15gAzXY6/Xcs86IvrR7N/aTKEdtI5vNdcICO8prlBkx5piPq4K6ehd4kQ0gvVw9RtZv7FeyU0t2B7HlwyU/qtykA0pBb7abMkYGB/AJ5I8rNvMxfnrH13h7Bmy/wemI/vPcxtThbSVPdvEkO0OLZFa2zIq+AsxTHHg0h9swwApA80EfJjlt1PJEtqU7MK3zaeZwmzn4waOrceM3YdZwLiTdN2kdZ3NUacWUButVuCyTwq7wFVB1lUGUkZy70tPVlVHBJwm9dkVcOIWNFskrpPLqSuVvVcG/9dvXnL/Gc1V6NLjQaoSyEmjESh5sjLzdjYgWTLrdhWJy5UCBNN5Voydh7q0tl5ZLAyJhJa7YhyJEdzOctOnuYTGozg/nXrt7BhGDxpSUimSFHCmSHXLMlMFX5PNyPz/nQz55203O2P09iiNWa7rk4J2YXpfXcQrZEQO8GPCJtDD8oHVeNHXak2l7eKeGVw0LctBeHdZ95t6XdvAQ7X+mhDTIu/OliTHIOKW49avsVLVYfkEpmBQbq4Rj9kkTbzFh4gnhhomzrIO5+GRcKWoaEDozQfOmLhoHIdIdMbk3K5gUIvGhTH7TqPfe2iOcptyFxmomMbHKZJXw45NIfGOnUVNGtpH0W3EMTRpBb/J8akyV31hJ8kM2STjAVCQ+8qbskEvppI8nNLRoUKd6JP2SJlRWfacpJgXRwSec+3HnT17NxuccReWFCHlRRXkj4iY/7jLLCct9UbD/VrVKOc6T/bByrFQi5DxN1TvcNupyk3GZoFl9qRnTHoZIb5k7aXSFJUazyHtSBSK95xp1XBRvCcS4IvTX25gsbFNwihYN87BWrgR9dezBiY28Yu5J57zpBa9Zxt6o5950xpxr61izfqLcom3esDPKjPdxVc+LwOuHUBrE6Irlbw3Ij1kmj6NCxoQ+27HdEi39/2R2ko+7wnG308a04G0mT3bq0nOrPmlljmLN6Ku5n97QE/nMIaJ+JSimUM4ARV/6CG7DDriQyg+/q/eZjXvDdkCfzt8ANJgFQxsUQvttfTG4CYFfLoDE5l9C/WelvVofjPoQMm4ZD3/eVsvR5v045C9THO2YlC6Ki9gHEN2/F9TLLmJxb9iLH8BP+M3l75fvKZEU+rCBuj82R6G8PK1WtaJKnvwVq/GwjxKjD7gir/IPf4YOfgdyaJJy5M2meTIGo3BH/JswYOQIGDFC8zdyIOCKn3LZbUuhGnVxz+hRaF6gEvSdvxMux2N7cZ+4uMxwEmlmdwZXYfnHCwFfEUPTIooAuGWlPd4LP6oGC6AiTA4fCxVS8ZGOkVih2o0hGtbAoSsMUk5sh83QBAb2qQVhw4LwNJc4OLnmd4ho9yY8h+ywiAswGQnUKpoVbl+7BuHh4XD1dizg95qQ7UI0PDQS1zx7kmnbeKeCV03VPGi3Dqs+M4tPDR73S5XG3ZqPfrGsz0IdVJNlzYrDy71/gAPh9yG9Zs9y+GH61Bn7wycSrmP/hIdfg2uu3ICTM9h//g5PE/861iopgh7uUYAOI1Qvpyq1b/bCbvlTbp2GjfNmwKiBg2D4lAWwZNtpnufyPdzQLV9p0Xtv7XFBTqjeFe3jlX5Q8IWusCDoDOqk4fsPbHYAm1ZZAABAAElEQVTpWjUBTZpyVXmnM5f7fWGqUY04vg0WTv4OBg0aBJPm/wqXs5eETCnSNx9CfmK7fQXv5FbIQCb/PHzfqkhPLvQssDuSbly8dgsy5CrG6zl65gF46zuVqhRiz1YC3HIIU/48DylwHn6eC9B2VC+ICh8CIdimO8d3Ab5FgFrPZzUW5c9mMisyUl983qKmeMQP3EpAI8nkKnGPK/A460rNmHZ+/zouu60aFlObgvvq/f2kR5HevI46LrrSPQfNptUBvy2r4LQqGuDJfhG1xHhqJe6ZNTGCnuSKF3L7513nvOmFlqRRz+3ojLb8o4a9YWek721cNeYHHKnIRlUqLgbCzFC2wUc41heHQvmlcdSFTyVrF1D12eZYRmNtyNrF8CP6CwNHTIWff5gAPyEDuXyUr844O57amBa8PcqTDf/Qm8x5ou+O79MTY+0VpZHHePxwr3yDCjon0hUXhR8V+oGV82lZVaaK8H43KfX1pnVBM06YF7n0J0yPAMix7xLs3b0DNuFJGUcjM3KnclHgRfMyhtjSxfMYYgDikWZ81F1DvOqsJ7ikpPhE9VxYEWcopDzGXj4GIfiUI2sqUHFFgn+uFjB0yNfw9deavyEj4EN8l2+8vLWFPlLCPV7wcdmjML7dG1AkswsC1to7xs9YF3++FARfYuBTpOXpI9Wjk7rAJ/hR/HOTpkHdnPfgGg7sd6MiICoDwPHzV+Amnh9tYvdNq8xQrCrga2nYffg0HNs3FaKbtoUuHzeH6IjVcODqKdiD/luHJhX5R63xN0I5jfXtqkGeggWhWLFiUDhPMXgXHYEsl3C2YXHZlWlveKeGVwtWwFsdVuXM4u3iYdZ+M3p24uiDpb4nTgJuX4LgSd2herFsUH3gMrguF87IJMe404tFoAD2T7FiBaFgkf/xQUJLn9wDP/9s2iiP4XSqukKG4hV1E9SESxuhYd6y0Kh9VzgdGQcRO76HtgPmWNBTCQkd96T3dtpTut3PsHduP2ChM+DTWqXBBx3vHeH689m0iwPEWMwtsh4AuXNIA+e5lV9A/gp1oUuvrXAz/g7sHv8RdJh0DmJy8WzKv9LlCiphY4A+vCbHv3xuSTeKF8wLz703jmdj+DWdt74z0qP8b/bHhY1Vh+HCqb18MtyhY3uurzsOnoGwPdMhul5DKCf8DCMBr89qX4D62brXUmnL8JjqSsWYlhEPJPCFEpBPswii5Z3Sn4FykMOQfufkNjxoJD9klX0qM/21OybblSstXyLsSefs6AXRsdJzOzoj+HiUe1qwS+u4qsXLFX8ensml1Y0MkLt4Wch2XmqNHdtNzvbPb+eCqk3awNRD1yD+ajB82l2yaxnpTAj5stPGx4W3nboeReZEm57W+2N3uNPaUB9mcnLA9Y0w+geJ4pkOU+FIimfqf21cwp1YWkGp8/pb0PCtt+CDHst4oY1jf8dVdu9X2IVbbpl8cIXbJ4e/W/yjRGTOVYIXj0xKTjUZ/VCMK7e4Om922WmLf+XmMOdkIlze9wtfRfy6SWmYE2aswYy6e9yV4F047FWExhUKuCfKMWQEdo9fwZ9O96oJubLlhII4sOfyLwU99mL01EaQD8+PDtKszlgSwwRXuuehTnuA5T/PgbkzbsK7jatB4YrVoRa+GVk6/WeYhvy8U03ixyd/GX6MZbOVJyE6OhJu3rzJ/yIjI+HY6U+8T+g8MYJp3vBODa9WVXmrw6qcWfyTw0O7eqJ1VGQunikL7SfthvtXj8K8DjXhwJiW0Gr6KZ6Y6JJW2padi4IY7BepjyIhMvIm/NGhnKEZJrQNOcwfE/lALtL+WvUN7MUVpt9vMVg0cwJMW3MS8JW3SH6ku732ZIaX230PLDZCcbxbFRuoO9dYnJQgmHmmIO5Ex+senuNGb/Y29Z6GM8tlcI1th5/Gz4SVxxkcnlQVChwQJaR72MWr+gjNUxwuHOAra7gUEw13IyTsI+Q+aFtU9oo99J2GlBIs22gIJB1YBnPmLOQORNW85aFeU4Afl8yEORsA3m5b2ePkXCH0LwgcP3eTnzKjsMro6CjDlYoxLSnehZb9PESZm3eg9Ptw0i09Z5WPIAFuwIO0qofMcmrkytBKk0e9ztnTC0HGrCHedUaU/ifuj3NcVfjHBTdx2bHdyWGr+MIWbjmC0DUzYMLMRYDbLnWLDYKe9/vfg/fjlTnvrfq7c3h1uKWjlx4vW765C6AhuQB43KVy3Qo9pISlQBys7tUIjsNgCDywCCJgAvSdctSQR32k7QzrvlvJt56E4/Fa0dHR/O9hUiwcmt4U4g78CL/f0Hvsx6+rPyHjQlfRvzyumn0/CXZqnL3ksA3QEVe4PyysvpJWa32EUKHS3MENGL9Jt5r7OH7lzG5b6Gzmu9HUhgxQqEYzmB0VyB3SiId6C6/FyVOLI88ewHWVplD5WYNYJUfCyX3BcP5+Mq6S+cGHO0/D0dOn4bTm769zewFPHIE8X62CU2cvwsvywv+Da2fhxLFzcMdyXpIBqjTGdfW1E2AqLmA3fRWda1dp+LQ5wLxRkyB7oTYKP+lyFYKXsAF/7r8K2bL5Q548efiff7ZskDcVq6VGDOziTTjb5TXtdRhLWj8/djxwXCQt2XjkolKp63YITEanL68Sgy9Qb8bwp6wFKsCnP23jW7Z2npIcwYLl/sfTzqHf/Yy/6CN/7K884J8NX4E8gSujjz/yXRXKaV6hJd/XGKdHqNNOe1Ji5Dc6mfNyx/sCbglIwOWB+/ILM4ar1GE7Q3QLBufw1Q1tx6hRPCu4Eq7D0Su47aRqec2bxSSIunYDYqR5PeqdbN++mwZbpTkNb5Wom9Kz4VaFHMEX4E6WbJAjr4R9XuyDHKgn4iRFT31nBlOOCm/Buzj5HT1hF9QYWZ071+WbdgVYOAHm4hyr2SvqNjyz8hRn1/5YlTfGp3lB3UhIeZYcwnwrwkAMHWRbD/2xTcFfypq6Ma1Alf/x7TxLg7BzxZUUA/gShl+FX5XS1+/CAUq+6Ido1g9fCdH1P4CKWUWs9zs573Sl17yatCNX3imb57CjF+YlpVght2ChMwm3zkLwoTCTH4nzRPXxpNkdVx+lNju2O/GhpOj5CudTq0qK1y02qAmeQ97wNpY2kydjHrNnuzKXVvpmdf6dcQbPyL3qLbgSsWDGTJg5U/6bNQUmLd6tcxLdS5nHiJf2BV9vwrd5fPjBl7Bq927Y+esYeLbZdF2hqKDx8MFydHQ3dYfaVVtDYP9CsKv3J7D6ut5pFoWSzm+HfuEALdrXhSI+PjhAZ+N/vukzQ6WGLXl9yzahRyZfNIjl/n4ZrAnErSe76D1NZqg/eAE3cG9W7Qqr9p+AI4FzoVEZWvnsAgOalhJF3e6uNCwIu9KVhV7T6+LSbAuoja/Uj4Udh7UjGvJfOZt9Pg0EZa6kMdpeW3Z198MfLXoLxq3fDaFhh2D5FPxlTqTjk1F1bNxxcms+jyAjc2z1QYiqlpc7XdpcZ2Y1hxdfeRlK9lyH0Rng2ZJloEKZMlBG8/dciUpQFB2eAnlLwwsli0J2mYVrvzSH8hWfg2VnrTHJV6Mmnyjgxy1QFT8ecEE2eKn+R5yFxI7VQBnS8XXuF7jqd/X7elBvxCqO+R9LhoELX5d/tUMdtLS8ewtLMm0Pb6Jlm1e3iu3X4VbUKuIx48GyFoHXCwEcbt8dRi1dD9sD18HAV+txmUqUX2BFBY0C/3x+0A5172BYKBxcN4NvAytfUnLJ/V5vzff9Dqv8Pxj/6xbYtT8IFg+qCXkzfiL/+ptVY8zjE12SI2GeKsVm9MkOl2EIjJy5Fc5eOgd/LB0AOeoM8VSEp9nRe2/toR996uOXE7K+NwQ2Bp+AsMObYMGSbZAeXdNnZB3IzLC6X9pCnndHwe/oROz5dRiUab8SsvVrD9XIe8xUGurWB7jedTDM3H0SLoWGwNzeZeCN769otpSo8tO42pewevd+CFw/Capj3XXnoeeL9u/dEQv4wsZLtYfweg7vXgEDn3dBpvYb+cqtt77joBj+sexloU4NKbLm68/xAO1xpUvSV8/ur137wwl6+4crzvfv/AazZ85XxzMc12ZNngI/b7/srbRlOu1xrYzjTkREd2j11TI4irb014H1oeUvuPUHxxlxpXZMy/76p3wRYsbbjbg+7dq9Foa/4QflfYfAWRwGn6n+Kf+xsNEN88PgX3dCyOHt+IKwOB8HRw9vbOvNgRiT81R4mY99W1fthK1rdkhbvGzJFW63lBdepbEH94Pb0DlveiEwM7t70xkai355pxS8XKUMjD3MV5TMyDxynMDOSMjOuKotYwcvbX4etmG7ffGNLl3zx0+GvaGXIGz/cuiU4w3lN0p4opd/1EZveJuRMJUns4yaOI6nTZlLC31NVf9c0Op7zsRQ+cg22rFg/BNn3spfEYuv/cWXtMYvxelUEv2XvoydXtFXR1ecgTs79D4/OWJWDawXz8e+JRiMCuQnUOi+TBdpeKev6ekLfO0JIyKZTqIgetovqcX5z7xtmiPsruz6kR9DprQZj8jadk18PYwU5TYrX9ZjlDhOS+BA9dKXy7pTBAxYUR7Ca/voZjocmg//lV3XnbVJOaWLcNS2QcSLr3/peD3lfFZM9NaWO8c2sr7v6fu3y9z9ygkJRN8KJ1G3uBMPdB6rGX/01TbhWaSfejSkKCfuZrIjaIpjsERe451OoxlPMiqOL8MMiaELeJ3ieCxRhr64Xtf/bR3mr3WcyoKvmh9+bsYX0TKTaW94U7nU8Er5jZe3OgS/peRTWkR563jPeIhyRp0WdI33hLMb+FfwQn9e/qw311txakxy5F9s0QD5qFDZrhTvpD+nP+XaTuV4M6JDX+v3mx6o2gITHTTyIZ7paDqdHlKCoTz1yeIeryoyQflHDGrF651/SdZ9QxkiY0vvKZ/H9sSyY8u/1dkcOo5QnBNO+PNTSj4erNPVkh1nsb80BwElhP+uO18bMP+oz9z10U1+8HcGtPYtfNMo3e8CuMp0YQv+uETNZXb6jmc0/Ds5sS4/3kwcrZrMLkj6qrG7vIiJjTS1P2Z9gTjREW6e5FScBiFkU3sXJ69Y2W2dvTepi2RobsfnFBkCPBf6kzdU/MUYlJoxjWNy84By5CHxS2Pcd9vPqwgb0klXtL8rYKW/RvslzkgXdYjTb7zLlXS6jfaUJzs6Rw3wrBeYwaSfpYZ71xl+Njjipe03qaz7f0/jqtnJWUbsjDJjZ1zVcmGGlxlPxjg7Y9m55UNVmUQ8Wn7Whj8Le2xPPjzjrW2LCJvJk726GPMuc5LtrYLtMcqrqP9pvbuIMWT6n7nw9dhd/JW49PgLi55+Oe1JMZcQeRceuDLgq+ts+EJVeyUBbe1woXnLkVNemtMmP+ZwclwMRMc+KRy8tyWeXmnj8kRm3GZh9kuX1jjZB+I+fgjpg6+n9Th7Lk8rFYuq+0HbGluBTZVWxTyXsJ/65DD3jrd9Lq1yPv46Hi8eSXAf9SfJk/6gzN/1IvMkM4n4RsRdP61webR4gYGVHjwadUBMPLVHwiwhQwb+Zk7oidCBUe1PQmiXshKNDL64vcbcLok6/D1ukZLkB6zo4C/X3aWf0LVKt9F3j4qVtvzjsD9aek8yLGwp2TrN7oxHrtIbXW/pthjAfr2JOknb7YzjgD25slWLWyZBO/V6bq4zvAKU4Shc3P47xm+3BskRok+elD0R9Qq7ZelHyfpsmS4Ieb17wNusrAd5MstujBNyYWnLHpG+sb6/4/mfdbj/jhY6dfyLEYiDrd3egG3NN8L3r+f8F7fDYd1BIG0ICIe70wcHIO6rqmkj4pRyEHAQcBBwEPjHEVA36/7jrDgMOAgYEcgM9X7YC/WM0c6zg8D/GwQS+W8G9Kyh+fDp/03bnYY6CDgIOAj8dxBwVrj/O33ptMRBwEHAQcBBwEHAQcBBwEHgKUTA6yklTyHPDksOAg4CDgIOAg4CDgIOAg4CDgL/GgQch/tf01UOow4CDgIOAg4CDgIOAg4CDgL/RgQch/vf2GsOzw4CDgIOAg4CDgIOAg4CDgL/GgQch/tf01UOow4CDgIOAg4CDgIOAg4CDgL/RgQch/vf2GsOzw4CDgIOAg4CDgIOAg4CDgL/GgQch/uxdxX+aAT+6MfjvezSTIKoyLjHW/VTRy0OouPEjwinhjm7GKaGZlryppX/tNSV+jLx0Wby85h4xh8quJOmvkt9O5wSDgIOAv8BBNJgM+iHkvD3e5zLQeCpQ8BxuB9zl5yZ/i7kzOkH4088eGyU7dBkKRdh6qsZIf+sE4+t3qeNEEs5CwEuXxhx7GGqWbODYaqJprLAo/CfyqrSkD0J/hxeELJP08vP4+I5BS5CgK8flPMdAKdT0sCeU+T/BQI3gyZAdtf78GeCtrmSbFYZfVAbmaawOf00kXqqCv0X25UWm5EU9hP45MoJNX44yvuHxsVxxVzw9X782cmn5GKXNkJ111uw8/G5CE9Jyxw2vCHgONzeEEplega/grxEjozix5lTScAkux2artjbsHsvwGuZH1+9Jqz8o1Gu2CjYjRzkzMhSzYcdDFNNNJUFHoX/VFaV6uwMYuHC1GvwvEF+HhfPLvyh67wNAZILPQvpHauT6v75/1Lgdshm3tTERLXFQjYTfR/dtpnRV2v694b+i+1Ki81I75sLqmA3Fs8uyQqNi9vCAXzTMGY8KWmIuxMKtKzh86QqcOg+tQjYG/qS4iAmJg40NtCkQUkWeZIgPibG6yueOHx1FOfhdTOle3pNlBwXh+XNXodLrHqjT+WjPZQHwHbg63bPGACUaD0fGGPQoXQmU4y8YWHGpyeaAhfmmwX8sMabJrWCrf4zFEyy12+6Ut7q8ZYuEzPDgCcp460S0FVPD5IcuL9P9IShwMeNmDbCFu9WOiATktnOnDELRtjANy19oOUZw97l2lDA+Jhqns1thQvyQueNDG5d7gvPG+vAZ296oRaxgZua2XbIUuY8UZBlwmMWG3Ij9ZFeZs3ijPUI3TfGi2dJF6xtIuXzWo8tGfTSJzYwEDxn8JEm08b1ClYCIEGeDNrpK6ntekypDiv6on6zuxlGZnG6srZw846/1A7PfUj1em1XKvpA1w47Dzb0gMjY0XFtHm82w4w1V5H34SCOv2vblZWSrYcKNMHmtkpLV+pn7/h700Wt/+CbhUZqm5cNbJNstMO0rSSjXnwab+23I58SDXdd1CIg0fGcx5vee+sDb+W1/DyxMDqHplfY3E+YL7zJRs0ewXDGSFaQ+UETNv3QbSV/SvJfbEQJYPX69Gb15TxQfyG7y3MksmOLhiplqXzz4b+ya0ppKXAvdBXrXkaiT3leaNyHbT57X8kVGbKQNRO08f72gKV6GjEn2cRWz3P+qDy82ISN3RRmWb5km8E6+sxYvlYftik8XinPWCzbN72bSh/raDdmPbulyaENJpxbyvyhLdsjN0Fg9EHASF07Pp++myVoChrbqeXTSJOKpVzdw/rXUnHr0KcN57HW9CMaqnreM0JFNnKNio0moxKMDFnGur5XVtfeTycFyn2qZNMH4i6wOT3eUcqQ3AQsP8weiFwm6do+YiyRBfarwar3HstGdS6t0CnTcio7HScTiT/JemrkgPpatDXp7hE2rUdLpRylPd9qLAuRBJETMGJI8k35OvTprJQj+V50LEpwLd89Yyj611wHDKTiD3AZqDN4JOuoaYu7LHjoA8RhEJZtM/ekjvjdXQGM+nfWOVl2vcq1tngs29pOlSWuRw1mSX1uk2ejnhhlLYVFs1XNsI7mqn2gPi/UOYANbSzVTfgHqqqvZRDDnu0J9S/VuVBufwqLYDMbAivYf6uiZze3B2h004bMGTigR3tyk8hCFn3D3qqgYkptm7HvukJR0Hmn7XuK/NXsvpSdv36QjWmklnu1xwIWnqQU4wGjrUidTZTaXWfEUvbLiIZK3RUajmXHYtR67NkB9z5pifb5rNBZg+00yoRamxQKm/aRwg/JoLCjJDsLqyEmncey8Z1VW6+zD0jCmx2wom/kg57T2j/ecbOHv9u4ZBjXtDx7bJdX26ulROFYtqVbEVZ7mt6+hM7FvlHGdhUfT/aTbCPZql4L57OvSqkyTeOJMjbItt/MDhhtRsy+H7hPsiw8WcN0LFvXvajCG9U5Euscd1w2JGi/yDcZdUhr1z3bdCKewu6wNcPfVuSxVOsANq73axr7JbHgVRcxW/hv4xU/iOzAiMGNuC8lfASJkvpfyJ4nbMkeerMxZmNTbujCNp0PZ0GT2iltg7Jt2ZpzBsPrbfwwpuvk056Me9NXgcij+ojGPtL6VqKOv+tOq7Gml1aJRy0OZEGb53JnQTco3pccCDKOH09ZylbOH8aGLA/j9M4tkhya4p2msq3Bu1Tj3k0dANm1DVwQybDO3xHEtiwZxoWg5twznEZK+CpJKNAJXhUUzDZObi89DxA0JEeBeJq9OYgF71gkOWWijvgjkpPbJoCtDw5m6+f35+WHBkkDHw3KUwsBH6hHrgxk+zfN4cpJQnlU9lseHhrHy3wxaT3bG7ydzelZk1H6Ya3OaxB8cHwcNwqKMmkwokFub/BvioMxep9sBLzwaaSZzC5wo0KO7czAIBa4YqKi0MIJJZa4kcS+afDVArYTeZ/QWjJ6Sr0avkUwMlhySn5csZm3d3pHNDJIY8D2GyKL7k6GaUEDiW7v+evZrh3LuXEtAIMZSQKl88ESaXSZsZ7tC1qjTBSG7rrDaZFhFTTg9cFs465gtvq7FlJf998p1Zd0hW2Y0Z+3s/7AWWzJ3Hlse7jsISB+5MB+jjL4e/A+tnWe1M/QdJVi2I0YauV77LogtnudhKG276lirxhq+teoAxLjmv9o/IWjbSkLmN1THwi8cxcaq5l4xrL17YEVhgB2EcvbkWsNVxiMZUfXTGPty2I/oq4sXjyPzfslWMLOJs/ecBJ9nK2a5MiLZ+7cNwpga9YtZoO+WaJpk55Dr/bk1lYuGy2WX5AK3pZsSz7ow07JuvpnvwIajGzInJ4F/mRPbhLZzi8KsSLoIK7eLtkl6neyc/tluyLokO0i27d6jGzbMB/J4JLdQWz5cEkHyk06oHDyqDZRi7tPqT5sGdat2NVmyxR98SSDgpnLP7flOpq311S2LWg7W/SV5MCLSY83mRB0xD3y4Go2pE0Zbo+HzpzP5s9ZxycbxPMv9SUbY2kfiIgXO2BFX9Svvae1f7zhZg9/L+OallEMW7XLju01kELbIU9uJmkXbtDBnl6ZFcglT8KxkMCH9NfSfmpso3EM6r5JGk+0eIDBDog0YTOYrOO6ycD9PXyMV3QE69Q52CYOtx25PDyxHpfttpOlMWvYa7L8iYUIxMC7LjKWcG6BNI69M5b7QT+PkHSa9F7xEQydYAtbdLi92Rimwb/z/C3ow01TF0ax34agX0fjHuElxg5ixfv44Vk+Rb+RbHiyMd70lcPyqD6iF9/KAP0Tf/TgcNfhhu8XsWKGrCQdm82Fp9UiySFmKMy0+pzrmz91jNLMiq9GogHXLDKy4NGSEEsz1ES2pTtw53SDZrk4PvKmbPSldBowT2iok7KQsO7GgUsYFKPzoawcy8qnDMLUhthYhVrMPsmZnhCimd2F/8rb2GHtZZ7v0vKuHIdVmqX52IcKCbfAg+NT9Q63jBGttCmXHFd+omzUvPBppBmNTjEJ80+h8uiNhFPCJQfjLZlmSrK0Ipx9mOywUh55ggGagVXhySKQzE5yJ1ExaIZ8D0Omcl46CUeH0hOjWeQ9KaNI77lGwpNixSqEWDEhBaUBlfpanchI/a8zBCnSBGr8caWHpUpM/tOKrU+NqcqbCCOGwqhN0Kx8CFzFaogtDC10wIQldAgkffEoCyYFjX1wbW1Xjrmy0iMbVjEQ2ZFr92oS2fIqwEpP169s2eHZDk6ij8XgKZ6fKSFNzNz5UWPs2BOyBT/lw0Gx3Qa+on3rt685RqQns84lo+xfYeM1tkrU703mVC6kkB25MZah56QQydYIZ1TQ+UHR4Vj+BoBWgUW/Eo80WVXl+NFtItHkk9uWs3STm+DR1TyuuhllUPS50GHR5rsR0Two0lNrf87P+ZDzEZwiKJLdsmcf1BJqyGgHzOirudVQ2vpHLS9CbrjZwN/ruCaIa+5m7bJjezUkeFDInDI2yRmsHG5P9lPYjpaLVZuSzKQVaCE3om/N7IBIM9oM7XgftX0I1/P5YtUbbawnh9uOXIo8L41W/RoaO+e1BCZ4oRVm8l88+Scij3YMIzhp8cCOw+0RW7lftDejjRH4V/5WnbALu9h4rtonNHGmxTvxdtHb+OFNPqnf0mJjqC16fZUwJt7S6iPSpIPkwcoH1OL3d4Q97uH2heJQsJC6F9lVvg7g6xo4fkt/SkTHWiUxVr1cEWEwGR+HfPk25FCjoVqrLvzp3J0YHBljIWIfQGy3r/6vveuAr6rI+v8HCUmEBEIXglQNC4uoFFkLNprIWhEVG03EwroiFsoqIiyrCKKwFKUqXUCKSpHQgkpAQJokICWUYAIkIQHSM9/MvW9ue/e+Oy/Fj7Bzf7/kzp05c+bMf86cOXfuzDw8UF0nqhBZg26vogh509kmK3I+CYmJiTiedBZB1RogA8ux59AleFAVbV/qjnOn3kTdv7yEObGH6BrrUPBlW6TitehQH1jYoyHavT4JOxIvonxoqFZY4u61Sjg8JBVnKP/ExCQkeaqDzkZh+9HzSlrUrR0pzz14os5NGDx7E07mAKFhGguhwAVK9fKTt2u0pEIjdGujPcJNTp1SDZ38aTNdr/0wmhnbpnYUWCvwNdwk+ZjSBu3rV8S5JBW/0+ey0KATEH4sA+YW1EsgSMXOFfPw35EjMWTkRHw1aTym0+RqIRxVnZaFjm5fqcjSs2sDPSEoHJHeZWo8/YkOUVq6p1wT9JjcARFrl+GgYad2cueb0EDTyCDUv5m2LTbgmJfGQ3dSMSyz83ylT963Hl9++iGGDh2KCbOX4mTlxqhQGIIgrVRrIF2Ru23zylpCWOV6WpgFAsHQ2gdMjAwPbrqglOvSBtfe9yyoEcH8mHiF84W4FVhMQ/0faao8i+i1Qmj4x/pbNsW+QrbvLgU3mQPByVCkErx4fTRd3e3/ErEnzBa0e6cVas3agCTK7sD31FI9O0zpy99vOgHPpcOYT+P73KdixEt00zlOp9/d9YbRFp49iO9mTcXoIUPx/mdzMH/9QYXFyQtZXlYqn5saVvA+h6JZl+5gNjeqttoJPPSp8d11ND0uCZvICvNQ0xbd/nZc6y2Z3Vo90F+xq9sS1M7mZgc8qaeVDczvDnvAZOOr1AxXuBZVJ/JymLbRtc2+XRwibeVmB/zxVwrW/gXePiyrG26Mxg1/t3GN8bBedvUKxPZa+bk/i/UD1prNbmygsSuHJnjkE9pPf71Ad7Hol5AdQDju/ecbyni/5QQ76igfsfNGoVatiXjgOm3g0JnahET00uMdO7vT8YhfbD353Xd2QPhRNUakL3Kak6+2RR3OiN7rtW5NfQp/p6aIYetuY6CMl4918a5np2VXiVKtbfs21DHyXrVbqs5IiPfZbfwQ0U83Hedl++uvHL/i+IiB+lZcrtK6u2ppOcP460E11KdtwzevMKFYh4qIVI0sFzLrD9URqBpUnkcpd0/teoqjAM0lpoa/eV0TjfEhpCqUztWiel00aNAADevWRJOHPlZIiHdXTXTvr/DzzDdB4qeiV/tohFDHe0OieqaUB3UxeP8B0GUgiJswEG0bhKPtkIU44y0kmKjO1gt/vQ51KP8GDeqi7nV3KQ4ml4NtwqDr8vBssz0Y1/seXBfqwagVh3hyAHcDkIb6MwZucloLYRtkKkTdjgYVjSlG/nSDircNVvVugxp1Vfzq1WiAv88ErjlB3xpsLjZYfHV/NbR++BlM3JWEnNNx6DVwhkIZ7LBvJJhuUAlDI9RyeAlh6ZXQHFUs6ecPrEcF1EZFrx+fkwq06HKjafD2ZKdTpCJcd3MfWfIKat/YEQP+uQ4pOeexdVx39J1wBJnVbCppiTLqd1DDluhhSBfF0K4PGNjYBI1tZX6REWqDijfj1T5A3JANSKfct88dBToLio5eR01Er22EcolyllkUJ2sBdm1upWHPovak0V1PUQ2Owa7j+xE7CXipdz/0HwEsXxuHI7/vwm+4Fx1upEbFe9mVL6pz/vQmlx771bVmM3Tr8xIO0nPxkzd8hOfeVvsRL5vfjXw8OUdRqVpXNOc+OH1drN6wmTbIszzFtYm8XOuLVebZnUpS9SrBitPoZgeyTu4Fy1GlIh+mOWf1XlSdMHPRn0Taqjh2QC/JHAqkfYT6rpe9P/wZib9xzSyh85Oo7XXm4J5ixMdqP3nucsYjZ2hkfvpOlM/XJ0Ps2pbntd6r3/mkYqPnxZ5AIQ7gKzqetRnXGYY5O2sW07OIXnJ7A8sRCbkeOkgZLpG+yMiZj2O08hY4DBzNQX/YBmJjjPXI9ahl5OTprzs8jpcuMn6I6Kebjov21+L4iIH6VhyD0rq7OtzGgj25R/HtDrojOsc6/WAcjOkMcLVGSrbU/AJjduD8Cahzyjp9wvHTZhrDUzZVDuZInMjMQFpyKlJSUpCcqt6fq89HpVC06/0RSFay5nj3bDBEP+u3UjP0mbAVF0/vway+t2PHf55Czym/KaXkedTZlIVH0pHp5ZuSkorU1BRs7ttckyTylicw40AeTm5bpMyY/evhaMxIUJ16jai4AT9yWlnneTwof+oM0tlLvsMVUrupcjxSjyUHkJGhYsbwS6X13HvweVsDVZCwDM+vAejyD8Qvn4rx0+aCXPzJ5IRai8vP8dC50aNI5xN3FgKWfpEaRmt61VbdkYs/cElXBUtOsUdC5/RXvz4Z6LsQSSQG08dNw5J9BLsntEYdqquBXeoMOs8TGIbFrIi3ULE2CMU9vUYhNXk6fj4cR2dSgUfe6Ka1qahe83oW9x4YToGXJmpPwm64C4/Qr1HzZ8zESLTEvbc0QLM7ByFi8ULM+HIFImo9glv0DxqBC+KYw6w3h5e9h5/pF6gfzhLMnTYek5cfAP1M65jbb4JlkC8Rm0gLNE6asPIr1WWHqdEJFOoNiOigY5soXKjdLoL98WYt0q1k7UAAIhjaRwQ3ztkf/iqNy7jGGfm5F8f27juSYnY3if6i6lykuR9wukLLkTM5YbVREJRjmuHmtK73ijeh70Bg1VexOLxjA76h/XxA5+tds3ECEb0MvqaGQh4SbP4+WsGCgVhfBI6nm/2lCmwRTMCXGdsStTEWWcTGD3f99KfjgfTXYvuIAfhWFihK/NGvw01P5sXxTINXd/4UjlAR7o2u51+QqGi8RilGTYsxLV34ddE0+qbXEn+pHU5ndYMR2YLOjn84GetUv1fhWZiZpuRh6eF0WUKVuGM4f004qtSMRI0aNVAzMhJV6D3cuzKE0yO0puJ4H6NLFXLpQoSL3he49JRMhW/FOjei1/T1oOs8sek31cmv2/wuJe0ILb8S5cv416gRifDwGogMVzsbQSbSlK8/QYi6tQe+SN+oOLLJlx08TIVj4P/8yWnlFlGtCZIxHhsOG5z+jDTla0NNL3G5alG4mYZ/3H6a1ofXjdUrnGIYbmWpPOddVhuiVj0KEr/ycxS+/NF6r9PqLvpxbDkWxJ7Sk/IzwX/wst5tavqqLclaOvtBg1XvL0FG50fR0jRLr5H4DajH6qkkntwz2EOLjm7dwjA7Tn9xM+kPZKrvfX55+UssCob++ImkibZBxVu74WXqXHa9oR0+pzO3vTs10NiL6LVGbAnsO8PmzAO7Sh0nAXvCJCYVo/FkD2DJqE9QOeoZtKHOdcUbu+BvVD/HjN+C6BF3ai8lgdUwMOrgkEhURms0N0y7FVx0+EQUAOuSsomEfvlJ2LSTWkn9OvLTWtBNnbi1YUUI6SBtk340+6hxq002nv/KblF1gjmJ7CrP1hUGcInagaLyFxFFCDfKyA1/VpbbuGaVx65eRbO96sRBra8ToC4uYstkMrFr8/oi2VP2fnsiXp9UY47W9kl/ILl9XWXpqLUe7s9BuO1p+vK69jk0bTsIeU+8gdsN/cwtv4heBtGvStSMYP6qgxo7hsH+X3QMRPsimwWvNmQ5jN/EU04fp96Nd82lVkJggdKyMUwKkfHDTT/ddFykv5aUjxiIbxVYKwRO7cfhrqKsXe57bUdMXLsd+35dgRfqdEMiBqBPJ4NDZlOmp1wz9P+kIzDzUTw25EtsiYvD95/1xc2vr0Pe22PxyLWs2FB0HjZHcdYebPMGvtm6HRtXTUDbiKroOOs3Jf3vI+cojuXNdw/HD7sSsHvr1xhygwcV+nynvH0T+suDgyh9xYeG47u4/UjYvRpz5q9HedqVK1F/OT12NCJrRaD3RwvxS0I8flk5FVOo39eiseqWRtz5tLImfcQtd2Hc0rXYsj0W84bejprBz2Ov15fdMjACdSvfh49XbUV8wi4s/mys8inV+vZrA4NwlJucVkb1uqpreP/V9AXMWLkRG9bOQpcanbxfD7zUFVriFTrLe/qjTug0chn2JuzD5vkj4KGzDe9s0J1fI+8wOivFrtnjPsXP8SeQsH0xXqhyj5mvMQMNV76zF8bS5WBT7++G0QtWYcvWFXj/ngi0CBuO3+m7WqW2vTCO0o3pWhvDlm7Czt0xmNitId5MpHHvPyhkdLUFMHQsYAZ8wfwF2Lh6DeLO0S8oFaLRsTNw5qVhmLb1ADXuOzHz9aa456NTfpeUsK8ErlcRMHTl6UIg3AZUtsdH1FG4ZT3+Ku5gwHgvEb3mtMY7M5LVaV9ZvnEDVm85akzyHxbEiX06Zpf+MVN9dvsvZk/Y0qxw3NT5MYVdo763gaolPfKjJbpFqSU83LaJW1FauqZzWowaENGb4JDKOInh+GDaOvx+4gg2L3gbVToMN3ES4WPKoDyEorg2kbEJZTNsi55Djb+PVuzqT0tHoGmfJQh/sw/a0A+HIjrI2uSfU6iNX/wk7qbL9Jh9WTGyq/Iru18cpcZTUCeUahn+1bixnTImrFu2CeuWb9CW/xlIfIJKWwnaAVH+RWkfEdyY8G74u41rPgDQCLt6FcX2svW5t/TpiOTkgej5zkLsoWPe0iGd8dQimOypKD7Mrfzi8Rvw3GfLsG13HBa89ggG0gmS0UPuFbP9NjajYpv7MdQLwsBenQwTLXbIWOJE9LLCX5UX911D22DA7E2I3x+DCc9EKMsx9WWK7n2R2SO25jwJo9Gl/yT8dGgfvvu8L+reP476KM4Otwi2IjbGUnPl0eP1a+zSeJzb+CGin246LjZuF99HDNS34hiU2t1pZybfpf235/VzYtnO2kXG8xq9py5oZ14amLGdqjFjejDTrv11fdv3HO5TW/5LqL+k0eDBYWR9kn76RuLq0dqRd4yXp+kAMmfzCW9JWWTv4n+b8rOjt/hZygWph8nct73Hy3nLYMcUamc7Uy6FSZu0Y+oYf3ZKwJtTNmqnW5zf+x0Z/JBBPkozYOZ27WxfQ5WVIDsNw7QD2QYjvvua7wR3k9OHJy0pecskEy6vjhqiPBtPC2G7iVe+pZ8lyup3R7+JJO60dlCuVXxyZPG7eltQ+qdefEZ5Nh436JMpZYd21CErg+0q/jDmqE5mSbeex8vwYKcxcDx4xoTJHUwnl7CTJtjZyqwM9jd61yWFNDfxB9NZ7nSzHBn9onFHOSFWDNlJH6Z2Ypxs28oFQ5s8XH6fuw2tVRdYHtE2uLxPPTXo7Rj1eEVjeW56baTlYX70noLvQPW0D3tM1FMjjO3lrmvqjnN+Qo5Tm3NZrHdGL2JP8uLVY7iGx3mPyaGMDnzSUTmSj51sxC+n8q06x+n5XURvmJ7O+8dtmp4yPRs5tKdiW2afUIWw48PK1k9BUEu0iyuOTWT1Vk4QoH3EaNca9/ucHDYcdSqig3Ztwn5r4Yz33HB3neCo6nd21Forb/9mdoQdnSbaViJ2wI6/XroeKmr7uOEmhr//cU2XUg851svF9uoc9BDT35n9mmj6y37b4vl7zPbUDh8fW+G1d9c996JpjO4/b7dWmFPbqgRmm6FlogF2qg4b632O1vOWyU+a4jJpzzSvkF6m/Uq0owCpPtZ5cZhybCrrn4ZD1Yj/vsgkzjLZLSbzJ5P6+Y49jNR7iWArYmN43Y3+GT/K0IiHdWxkYvgfP/zrp5iO0yMTBcZtJktxfEQ334rx/zMvDyuMDrA+1yE6e9Hu5TpYUzgHbTNTkVbgUZZdBPtQukRk0yUZ9Cciy4eFIyKUTjvbXvlQPkUGhdElD961IkY6+ktKaZl0CYdTOp0zu5iWidygILp8Ipx+rrFcAjJcTEujs+ZBtI42+Sm7HLbUhU7NhdLlGWFO1bAUG/CjgJwmnl5c/GPLfs0sExmubWDgLMjXkEMJcoxC6PIcuy/CbulWfvbPdLkIXSYUFBqOShHmhuBtGOmwZMaen1hswBiKsXWmKmIbWBlyTJz02kqfm5qGSx7nfmCltz6XOk6B9hGrgH/iM8eiVGxGEW0i+zQ+t20ERvc5gPgBzajdpHbPya4K6iCvp5Mdckv3aRLaxinUXrGlcEWxtVznHe1AMfn7yGuN8INbQPi7jWvWcv3Uqyi2tyh5TCLl/oIuIW3QIT4Xg6ML6BifRYdwumTTZog35fuTHkT0kv3yZW4wHWtCT+MTTxTeeHwZLi1+xDy+ufZFukQoIxMXCvLhNDYWtcq8DqViY6hQvC/Zjx/2fldgOq6X4dhfFXCK6SNeIeOG2WOxtHo2TuHyZRpJl21EWtKEH6ljFOnawYIQSZ00xysolKb7Y8IcBD/5BWTwm58KFkKNf4ijgCWUICCnqSRXXFTq8qXE1yQLfXDDyC3dys/+OUhZz2+X5taGdnlE4wLGUJSxE51g2zpl5/GBYlKhaiQ9PaboV6njFKguF70qxc5Zqli46od/m8g3cvnVD9cyVIjc6umW7gM0beOa/sy9TwZzhN86MdJi8jeXZvMkgJsQ/soEkJ9xzVq0n3oVxfYWJY9VJPZ8QTkKM8JlDLfLWbpx7nqZjZRTp3HmzD4sfb8HPqLijLdbCiPQ3uUiqB9UCtVxr0PxCvXfl0rAxlDx/JfB5S+mj3iFjBuODndY9evRuEc7RBdhUxuHSN4lAhIBiYBE4EpCIE85b/21W/3vw7mSJL66ZPkfwp+eeBOJh3B3vUplsglJ4VEMbtZc+Y2DFu1fxKxtI9DrZsNmmTJZqz9D6P8hHQ8QTsclJQHykeQSAYmAREAiIBGQCEgErhoECrKz6VLV0CItbbpqQJAVKTEEpMNdYlBKRhIBiYBEQCIgEZAISAQkAhIBXwT8HAvoSyxjJAISAYmAREAiIBGQCEgEJAISgcAQkA53YHhJaomAREAiIBGQCEgEJAISAYlAQAhIhzsguCSxREAiIBGQCEgEJAISAYmARCAwBKTDHRhekloiIBGQCEgEJAISAYmAREAiEBAC0uEOCC5JLBGQCEgEJAISAYmAREAiIBEIDIE/zeHOycgOTDLQX5ekvx7pftFfHkwNlLc716uJInDs1dqzXx2kP/gmL4lA0RCgv+51PrskFCgbGSXCp2jVKN1cRa2bqH0sXen/d7gXtZ3+/xEqqv23k9yeV9nFxq6O/6tx9m3rDw1RGyR9NI7in+Bw5+PH9+ui8uT9vEyh+6Epf0fVqhEYt/+SIz0pPI6JtwWj9ueB8bYyTIkdj8qeR/BjrjFFlbvVmF+MkWUsXDTsWSXzE6YjpFpV3DppzxVU53wcWT0TLz90N1p7PLipxX14YchEbDySfgXJWLKi2OtmyZZRGtwKcRyjwiLQPOxtHCwsegmk8HeM8oRh5F72k7f6VVZx0WsAONXNSOMUFrGPTnlLM56c+A5tPfdhk7PZLs3iS4V3cdqpVAQSZlp0++9bhD2vsouNWsOrwY74tlWgMfZt68ZFxAaVlI/mJktZSS91h5sgC8cmJuGG0OCAMAmKqKvQVwl2zufJOoetPwN3BMjbKsi5nWuUKPrDWNrF5c4Lcy5fI75CA7wOgWLPqlM+rBpa0XvDyldO/RPm90OTrn0xe2V5/O2DD3DfTQWY/p9/4N4mkZiUcBWN8AZ9stNNQ/IVG/TgGtTsChREXYvyxbAynqx0bKW1rBpMTHUtq7gYK+FUNyONU1jEPjrlLc347PPxYNMfIaVZyJ/Muzjt9CeLaiquOPbfxIg+OPEqq9jw+l0NdoTXpah3p7Z14ydig0rKR3OTpaykCwyF+cjJzCzVpQXZ9NNztuWTcaOnZ4MQgr7RFXywZPRsqQMJuwYRNDXFh4JG5GcjMzMbBh/ajkqJCwpRB3Orb08aAbleZ95ORitDLpc13t+zf76C2Hvr6q8cp7R8B5w81z2CXyj+K3o3s83qX241iwge7Je8RJYLEKRi+4Q5wO2jsLcgBhOHD8e4rzbh0u8/4KPxa/BMdEVfOR3q5ktoiMkXxNyQhQWd+kg2rZ9Vty1Z/eqqk2768AgggmHO5PJ3ibSdU50ZXw9qov93BGdPDsYNNgWJ6I+STXvf0wJKNMflmmvoo4D+q3rmv84+Yrrpj1u6l6FjXbUqaQEfEdS28l2W488+lhwe+YI2lPYZumSQ2dqwa5hFdrhE8BKgccTToViqII79U8/ih0ZrHi2gZ3MK2dWD2RYvTk7ZnNrbRG/H20Qg/iBkn/yx80ISGqx0RHeciyi7o60R4ufcttyOWMd+f1V2T3NvZxH7qtos377vW75z/XxpixZj1+f82SBev5Ly0Yom9RWYizq1Dlce2Tv3XUJnOZk3qvw98f5SkmSgTpj5PKmOAeSni3pk/rl1pAel/3gfi8wi63rr+RU+XT4naV7y1J1fKrScf+NnhpE1v6vMco8sIJF4zsS78PRP5K32Or++g55R5Go/5VddAFrmtimvajIHoyX5YHmCId0cTJjcXaNlcvAyC0kG+bINLav/WDKu/w0aTdOnJpKD2WYe1nrc//YCE05mavXpQvwyMrCpXpe/PDhIqzshYtgzefsO6q/JFoGHydy96d7i/GGfR3bOfY/cd6NePss7ddsZTdTCgsPkA60dWXQe2fjmraTt62PJ6P7RWplFwYPpDZO9y0sPaXxG7+JyayKYAlp79P6W5JpSbB6yj5EZ/3hA4x2Ge8nY1c46wDik7lxIXnqomZaHyddrwkZNV31LUfGI6j+KvPugiiPDcKO3L7D2ffluHV88OIzEHM8xs3GR00k3zUzYUxZZ++p15O7JB0xJ8TOpbnf+Uq9D5gHySU9dl/HXh31w8a/L/utsLJy117IetP5P8PLF9Ufjk3OAvEbbgbUF/+N9nWPzhKP+e7lY69x+EFmdaGkHrUBvwKZdRi3eTS5xOpt0s34J1NVP3fLTfiWT//GUVmdW9xt6jiU7ueGkcljtI+9TzvbAK7wLHqzfj2wE0mnQ66Qzx92oQxwD7z3x+3HaGMH0f+SwboTdjWMCccWLMXO321bdNI4XFrEIr8ejoz4wjTEvT9lqsR8uttZPOzmVacSOjY+rjyaS2Am99fZs9hxZfkQfNEXam7Uvs2OjvxhpwnvKrnNWMbzP/uw/IUL2SePsh1fODgXfDsM+IP24vtC7L87u7asVpwRcbI2QTvlvW25DuG3hY79ZDvXJ3ddhdOY6Mr69/7OKnDUwtOqw1Vfg/VhsbPRfP1asu9x+2pbmt8pr7HNWG8TKKw0fjfG9Wi42i2x7HZmrOkUNX5hI1sVtIYtGdlUNxqvrNIOVMLmDj3G9vOtjhU51oLLInuWTSZ9mdMB8ZhSZN28WmbUoTh24cn5VDSGNXxUXR1bNfkvJ926s6vRd2vexYmC44S4gxxQHkBmdaRtjycavP9EMDx+EWUUUJ4Mqepd35pBNcTFk/NPqYD1mm71Dl/rLN2T4M00Jc8zfnTabzJ6xkiTmU8WhDsOizt6B/s5h5LstceSbD59UMXhrk4ZZYeIyNY4O5Mti48h3n/ZRn9/WcdKIeSDpW0V21sFnb4gla+ePUPLcPvOQQiGGvf6iMHZlLNm6UsWDGfg9OYyNH+yp87zplShyHX2Z+CYmlsRtmKsYSybPdiUvzX5xhzLgckeY4TGnS8ngwQ0da8tJS1aSL95/h3zj5gTR+qzqo5bfkb74JaRZ3noU5Fi7nVdflKgODJi6imyLXa69pL275byXyveWGjdKedn679dryM9Ub6b0u0Npk7dj/vAlpjEmPLqNIstXziND35uvvmgZ2nfOhjiycckYrb05viJyOummVSAmi/JyOMH44kmN7ZRbSJ1q/AVXNazMGfpijdrmijNr6M9uuuy3zhahOG14G7V8/qwMbn76k4lN/iny7dS3FOw6D/mczJ85i8QkZiokXIcYP3v9Z22UTCZGQenbHyzZSLavnqHotN5HTKUpD6xduJ6/PnsV2bJhMXnnepA6GEYSKIVIuwnV1U/dCLWNzHl5+bMF5Ie4bWTdLNU24vFlmtNvtY8lhgft92zChOH6LC1/yewRZPhiVnPfK/fIHNXWPTBWGSO+GqnaR6PDLYIX4+xqt13GCx/pDPXoMHIB7dPfay/GxrHA1db6aydroYYy+89eS2LXTNZfWiiew+dtVOw0e5Gph1HkOM8v0N7G9h1N+cSumam0E8Oav+Rzdurdj/0XsE/CvKjDzR1tfzi7tq+5QL/2VVSn3NpW1L4y0dx9HUK47/PKhFXKGDLjtduVCcndBWrl3OyrWo46rouMjW71E5Pbj5649DmrDSotH01F7+r4b+tws9kBZTDusVCfHaP1jRvTSTGwCxNVDbJTwkv7Jio03FFjM6OLW4FETzHPvnGH7snFxzQk87OytDDjw5SOO9wZ1CFig8D0eO4R0sEvUXVc7/tEdTQKC9QZscojDA6xd9AFrYs2Q6WVogaOznhMeXGIK9QT2KDJHO5aGER4h2F1WTvQaCzVZ0azX8+qDB7MEG7VRTWkqnlY3b41vPrmpKYo8oljr3bM8YaZYY6RK/YGaXgwf6f6ovTlEa/Q1JCygYHzKkk8+ODxX+UrCJdA4J62Q5l9U5w2KtttdHb5252JpoyXd6r699ryk1o8w5TN1ptme7VU+0ABOaAMJM0n7LAl4HhUaqQ6YjqR2r6s/dca3vEu7/tC0d9uc9WXKlE57XRTL0sNMVmYw93C2w94utHh5oNU9aixhq8vWdrLM9dtf7rsXGdeon7ntEaH270/6fl5qLBQfTEft8/8XYPrkD/9z9ym6vT4nfpsIklcqrRD3xW6fvCy2J23ywsGu0TyMkjqBZWKp/vTL153/7aD2i+Huhnl4WH2pTDk1onabJnVPpYYHt4Zy2rv/ciLdrhbbaFKxpwAo8MthJeI3fZOADiNFz5CeutR9611epI3jvcTUVsr3E5e/rf8W7cZZ7//l6JvD87Ux7+TXz2njG32jrIqrrW92VjLJoUWcftMyfL3qjalp9em6BXlIbuxV8w+cQ763Y4XTRXCOfBxmfchX/uq91G/fVDQhxGxrwwDEV/nxOKXlDZaZlgGkHWZI6ji7s++quWo47rb2CiquyJylwUfjaNY1u+2a7g9yQn4lHo1w9+4H1XonV9teg5QgkfOixzXp+ZiC/KzaSkVss2rqUnFa9GhPrCwR0O0e30SdiReRPnQUF6Uz/3kT5vpeu2H0SxKX9PtqR2FxpSSr+EmyccUudvXr4hzSUlITEzE6XNZaNAJCD+WAfM5B3oReTkXlIcCG4LkzjehgYZSEOrf3B3nsAHH6B49VrfkberGMHJeLe940lkEVWuADCzHnkO+G/l4nqxX38ED1XUZKkTWoNvM6NpXYezTFTzaNq+sMQmrXE8Ls4AT9iyt8OxBfDdrKkYPGYr3P5uD+esPsmicvJCl3J3+lQwequwtb7BZqp8FgwAAGTdJREFUd+1UMIuv0hr/OpKF45sXYdiL7fHT58PRrVV91H9tIW0T9Tq6faWCyxMdorwxFNNyTdBjcgdErF2Gg75NotCxNeI7V8zDf0eOxJCRE/HVpPGYTlOqhfhft3nx+mi6Wlm/ePtmvPVPdNKbBqF/fRTTawE/nFR1TVROf7qpl+oe8qAq2r5EdffUm6j7l5cwJ/YQXXMbCl47Ljfb5Oimy9Y6u5euU/jTH51KD3noTmaGWHaetXO663/i7rUKo/CQVJyhtiAxMQlJnuqgM3LYfvS8XoghxNulZ9cGemxQOCK9S5N5uoh+udXVuW5A8r71+PLTDzF06FBMmL0UJys3RoXCEATpUllCJYtHv/bMsjpfXF9OvtoWdQxk9Vq3pnqVocWI4CVitwMdL5gATG9efvJ2TRZSoRG6tdEehW2tv3bSuakhVuZjXZpp0VWiVOvQvg0d7LxX7ZaqEMaNpSLtHYaGqGsc/1p0AJ1IwL6z1r6hFmRn/3m7udknLiu/2/HiaW44i7Qv52W929kaEZ0SHUdLyr4yuaNu7Uh1fw+eqHMTBs/ehJM5QGiYWiOOu7t9FRsbRetnxdPu2altA+1zpemj2cldFuNs7XfWH/FKXaoGlTfVyVO7HuisJ734MG1KDujBg7oYvP8Aqg7vj74TBqIt/WvzzgKsGPMkrrXhxDY3VIi6HQ1MPprZic/xyr2qdxvUsPCoVYtqf4BXTirQoueNppcOT3Y6rX2Etgs/pCpwbsebaFH9TR/uxM9OjOjmdX3oWUSg2JdjEHjfQYIatkQPW67myFx6dNeD9buBuSNP938dEQc/wogVv5mJbJ5KGg+j7DbFOUSFon77HhhF/9599xd82qMN3vrsKbxz3x2Y/mAUgulGz0pojipeQ8eZnD+wnsI0ABVtVJc521/dXw3P08Nqoh96EV1rHUKv9+YpWYP97LOzw4OXF93QqoF0Y2Uy/UtPU/kWQU7Ou6j36N5f4Wc6aP+tz1j0aj8VvZsOwPo1n+Le+qoCuetyDvzV2U0uu7zW/uTGw5pu1CGr/gcT9Y3nhb9eZ82GFj4xagTTnzA0Qi2L/nByUf0qTl2PLHkFTR6fTOW4Fz0HNcGhcd2xlB390YVL4XwvCTyYAxURGe5ciCGF2TFjlzKe9MTIRPASsduBjhe6iMYxwihp4LZW5+kW0svM9ai0OXn65jcex7kE0t7G9vWgGupT351v7Of8RO5u9kmEh5lGr7PVPxBpXzMv9cmuD7EUEZ0KdBy1Kz/QOHbQAN0LhMHPPolxve+hfwDdP4bhD92gsHK3r3qJxnbWY/XQn1G/QPvc/4ePpiNSNkLa3K1R3NBqjZTH1PwCYzRw/oTipEHZj25O4k8hxHmWmtNo90rN0GfCVlw8vQez+t6OHf95Cj2n2Dt+efTc5fKnziDdz5m+IbWbKkfZ9VhyABkZqUhJSVH+UlNTsffg8zBMKGsiFDeQTQ0q/dSLE5kZSEtWy0ym5bGyn/M6MnZlJBw/bReN4mDP2oUNlm7X4WXvUcfrYfxwlmDutPGYvPwA6Od3t2xC6UXFQ4i5hahCndZ4c+1Pykvg2fPqrFp+jgcXcQDplon6qq26Ixd/4JJxXPDyK0hYpjjb9BMl4pdPxfhpc0Eu/iT08mIRSXtMOHZWC/NACJ3hDqkSqTwWRU7Ox+m+70iKuWcS+jZoukLRrvdHIFnJ+HnmmyDxU9GzwRDtnOw/s+1MYpXYg1n/8zxqb1hIz2nP9PbJlJRUpKamYHPf5ralsnbJwlEf/eHEpdFunDe7E/q9bvXrk4G+C5FEYjB93DQs2Uewe0Jr1NlhpBQJFwcPm45iU+Tx9Mum2ApsAYXhEsFL2G4HMF4YRHAMFs/WOrINKKE47e3JPYpvqU4E5ZjbQEQAN/skwkOURrh9BRmK6NSf0bZ2vk7kLU9gxoE8nNy2SPmS9q+HozEjQf2Bj5K0r8Wpn53cjtAH0OeuVB/NsW7/Dwm2DjeiovEaFWbUtBjTMoxfF02jsxkt8Zfa6uxHWPU6dHA6hjOGWcCz8btsq7HvjO+Pk6SnqEtTKta5Eb2mr1c+uW/6zd4RjajWBMkYjw2HDb9Ok5GmOJg1vSWWqxaFm2n4x+2nER4eiRo1aih/keHhqOlnxoZ1YHaVZ2s6Arg8FI1w+qm5StwxnL8mHFVqqmXWjIxEFVp2uM27B8sTSafXIj6cjHUG77gwM03FWhD7AMSEFfvgkEhURms0N7yBFFw0NGIgzA20RcHDkB1/xO/ELw4/YkOQiY1j3sa8/eeNWYCMM8pykvQc1UGod9td9IP2cqzaQqeTvRf7EZZV7y9BRudH0bIij9XveZfVhqhVj3rE/MrPEXp54eT8rrXvRxNMP/5RkPAt+lGRHqunzrqKyimmm2rda32dgEteQRheuzavR6b67qzEajoWWlNxvI/RZTa5FL2LdPKtuG3H619ad/XYscC4121+l5LhCG3eSrRPqvYgktqGGogMt/24hzqtVP1ZEHtKLyw/E/zHbEXbTc/sHjLWzZN7Bnto0dGtWxi+rNFfakv6w9SW7lx9KYqChy8XPYbN2FUbshyH9CiknD5OLZx3/Q2NF8FL1G4HMl4YRHIOBmhrje3kzDSwlEDam421xzMNM07nT+EILe7eaPNSQqsERvsvap+sPPizkRePc7uLtq8bH54uolOiPoyYfaXHXQr4OszmpinzPkF0eUkPfJG+UZkATL6cVfL2VVB3ReTmuNq1bSB9rjR9NC5jmb87LUI/8ElHNlehnPaxeds20+kbPE/BGf2EjqWx9OQQehoDy8P+jJvt2K5/djLANxtiyPebjyjZ07aomyB7fbiA7Ig/SHasUE/Z4BtarJuC6IwjYZv42Eka01dsIDF0lzZ7ZmXxTZOMMZ0JUuLYSRZ74veSTfPeU56dTptgeVJi1I0t7CSDtd/EKJvK2KYN241o3pNZ+IaXvHjvTn168sK6nfFkV6x6qgH8HF/Hd/eHXK+ebLLBe8LIbd6NNSLY75/S0bQ5idWDbWBhmLhhzzaKMNxemrqWHE78nWya7z0FwZDXjldJ4WEne2HiAkUmp82mPJ3J3WnIRPJ9zBaydt4Ypb5sM9GyJHUjbyE5RcZRGkY3lLbnL7vWkwkPqM/G0wkUvPg/umuf0bOj1346mEji4xZpO++NusXJ2d1JP1gab19P0wFkadw+snuD7+kYonLa6SYrw3oxTFkd2DFTv8bvJF+/8zflGd5jOLVNNvR4wm+37SPxu74nI+5Q++Vv3l30brrsr85WeTgt2zTJ9gbzZ96/OT3f1MP7E4/X7t6TH1oPmUM2fL+abDtLjxCil50OWXWW75pn+vHxkjVkMz1tae6Q2xQbop7ko5WiBVi7jK2vnmwyav5KspmecsNwYqeUHKY4ibSbcF1t65albNZm/WBq7H6SePAXMuOfjU1tyYS12scSw8NiQzRgbAJnV7+hyMVOsvoxYS/5dpp6QpPxeDURvBhrN7vtNl74iGdTD7t2EbG1bIN/D9q3rDooUibfNMptMstjbjux9uabYtlm+8/WxJG9u5crNoqNq/qmfrNErL52Y6+IfTJzUvuvHS9rn2P57HB2a1+78uzGG5W/mI0XaVtR+yri62x6lf40CG0fdmrSQWqD+clu6hHJdGuigK9g24+t4HifReonIreTnrj1ObMeU6FK0UdzgKDMRdueUsJqwRohZkwP1dBTY8MG865vm8/hZnQHvx5souFnO38Rr58MwI+vYTwwUD1HuSD1MJn7tveYPS9/Zrj5GdesMY273VlZyVsmaUcBMl6vjhqiPBtPFGCnMax8636TTHf0m0jiTtsfI8f4suN6+HnjrMOwk1HsjAajZQ6C+fQBQhJXj9byM7mYozVn8wlG7nid2vJf7YVBwYU6QuuT1BNCRLBPWvGSDz7M+LGBgXdwVrgd9mwQnPeP2zSMGM4jh/ZUdljPPqGfUsJ48YGiJPGwlf3sOgUPf0e25R7fRM8Av1OTW8GNnmk7f6flLNqUHdoRYIyGOVz+zmJXcFr8ronvUy/anfGuN6cTHpzCp33psZG8fTkNEZDTTje1/IYAa9OZ/ZrodaBnbD9/Dwg/JYQdE7l38b9NOsccI/3cdpWZP112q7NBHBpUd+Xz04Gc8tr1JyMfVq9pXVX7w9py9C71rCFbHbLR/8KkTdqxkFwX3pyyUTvtw1iWFra0C7MJH8Yc1ZLd2k20rk51y038wXRGP54dRka/aGxL1Wkz2scSw8MGQ73i1lCWaYxg+vTJpH6+dsmCp11/dLPbbuOFVTI7W8jahZ2UY3zpY3Fu45xTOwmV6T02lttRlsc6tom0N3e4//a8/tsFrP0XGc7z9pGHRtjZf0YnZJ8sDG152eiLPc6BjctOfUgTSUinBNrWZuzXyrAE3Hyd83u/I4Mf0m0VszcDZm43nATl7ivY9mOLHPxRRHcZrZvcjMaubd36nFWPGZ/S8tEY76vh8rBKUMVwvuivOqbRn3UsHxaOiFD7z7Cgn1zTMv3T5Kam4ZIniH7aDaefHA2XCH8DOfsVtbTMLP/yUPoCyjfDTW4jX0qfQunZUpQwh2oayX3CXrkQFEY/V9usJfHJwCLykZZGl9U45QkUG9sy6KYaB+w5RqFFrbNDeUp0EfBgSx4uBdNP/i7wcbkdcfPKlcOW6dDlEiF0OYHQaiFB3fJXbXOa2r4eOu9RpapzpVzlDEA3XXlRnbtIdS43KIjquqUvcuGL0HY8a+nc6ZIKuvwsKDQclSKK0jlB65xG17fb2B8/Arth6Zbuh7UhybluXOZIP8vhDIwCCnLePvY4IC4qcWFGJi4U5Lv2MxG8eN92HG9KyCb6VNOVr3M7+fAqYgRvE7v2PjSlI9q9XAdrCuegbWYq0go8yjIp01jqUK6T/efjj5t9MrJ15mWkcg67tq9zVtsUEZ2CW9sGYF9FfB0uk+O4WtL21a1+DLmrwUez1YCyFenucJet+khpJQISAYmAREAicFUhwBzum14uxPcXY3C3zT6Uq6qysjISgasUgaJNF12lYMhqSQQkAhIBiYBE4EpDIKz69Wjcox2ipbN9pTWNlEciIIyAnOEWhkoSSgQkAhIBiYBEQCIgEZAISAQCR8D+WMDA+cgcEgGJgERAIiARkAhIBCQCEgGJgA0C0uG2AUVGSQQkAhIBiYBEQCIgEZAISARKCgHpcJcUkpKPREAiIBGQCEgEJAISAYmARMAGAelw24AioyQCEgGJgERAIiARkAhIBCQCJYWAdLhLCknJRyIgEZAISAQkAhIBiYBEQCJgg4B0uG1AkVESAYmAREAiIBGQCEgEJAISgZJCwMXhzkZGNv2pvqvyKmrd6C9dsl+HlJdEQCIgEZAISAQkAhIBiYBEQAABR4ebFP6OUZ4wjNx72cQmJXY8KnsewY+5pugy9eBUN5FKHJryd1StGoFx+y+JkEsaiYBEQCIgEZAISAQkAhKB/3EEHB1uT1Y6tlJwqgYTE0Tndq5RnvPyTNFl6sGpbiKVCIqoq5BVCQ4WIZc0EgGJgERAIiARkAhIBCQC/+MIODrc0PxJLaBAFRSiOuDXXEMf87ORmZntF8KCbLZ0wz+NDwMvX0ef3i3dyzA7OxPZdktitCppAR8RmNx2eRs9PRuEEPSNruCTRwQPTuNYN4VrvoKrfxrf4mWMREAiIBGQCEgEJAISAYnAlYeAvcOd+xv+GdIGa6m8w26pCI/Hg7um7vFKXwUZWI7xg1+EJzgMERFhyhKTefsumGt38TdMeDoaQWE0nf557noDa064rEPJOY6Zr3Uz8L0Po7/+FdqiFpv0j9ccMpSbj01vtcOtgz7Gv19sirCwCPoXjL/0nIT4HC+Zn7oVpO/BlNd6KvVlcrO80U9/jF3pehF5Rxeiqud5/OxdUXJoVi+Fvt8bLnggG3FTB2p1q+i5CaNW6LKzZS4fNPag8xuD0MUTrOBaoctXMBStCyFDEgGJgERAIiARkAhIBCQCZQcBOlvre+WfIt9OfYu0AkjnIZ+T+TNnkZjETIUuYXJ3NsWt/I1dGUu2rvxEoauOAWRPjsqqkCSTiVEgwWhJPliykWxfPYN0pnmMNNZCC8l5MqeLyvf12avIlg2LyTvXg9TBMJJAiVn6l23U9AFTV5FtscvJW+3V53e3nFfYFZIMjQfuHEa+2xJHvvnwSVXetzapRfqpG8n5lfSjcr782QLyQ9w2sm7WW2rex5eRS16BL+37mIThXvLTRTVCBA9GGT9Txa3LO3PIprgYMv5pVfYx29JVRhd3kB5eXJ+l5S+ZPYIMX8xqLi+JgERAIiARkAhIBCQCEoGyjABbHmF7FRb+qjiA4/blmtK5gzl+l9dRpKkZcaMUx3S0Ny5z28fK8/idXq+UcUhcqsT1XXHSxI8/XN45UUl/YfExHkVIXgZJvaA+8vTXluv5CwsOkw+Yk9r5S5JGyZjDvagzSC0MIrsLOJs8snYgSD2MIse9UU514zmM93W9QUJunUjOeiMv7Zto63D7w6Ow4AB5jcpZeYTX6ae8+EsJeixUnfkc1eGu9t6PxuJlWCIgEZAISAQkAhIBiYBEoIwjEOQ0F++huyLZIpHsPLago7KBLB0ReBhtm+txYZXrGdKBxN1sMQoQHpKKM4nnkEsXhAeXqw46e4y4o+fp/yiWbLqObl+p8O3ZtYEeHxSOyAj1kac/0UHP6ynXBD0md8DYl5fh4KVn0a6iSpvc+SY00BbLBKH+zd1xDhtw7NIw1Kc0znUDkvetx9oNOxGffAE1b2iFiMqNUaEwBI5A0UUfbniQ5GP4lIr2d1r4uaQkXKLYlqdyNOhEMdqXoSyZYUvi2dWvfWM1IP9LBCQCEgGJgERAIiARkAhcFQg4+5Eu1SvHdvR59w0GNWwJuhxCu4KJ6oy/8NfrtDgeaMEDlnsw3YgYhkaoFWZJ8D6y9EpojiqW9PMH1lMxBqCid/9jTirQoueNqGJg48lOpy5/BEIMcXbBI0teQZPHJ1M57kXPQU1waFx3LN1PKbvYUZvj/OGR80e8QryqdxvUMGdDrVp8cTmUF5yIyHALhXyUCEgEJAISAYmAREAiIBEoywgU2eE2V1qdDedxeR51A+XCI+l4ILIQWfnsx3OCEBRE70GRnMx0z8/xIAtHkZ5Fo70z1UYCln4RB3zSq7bqTmfQ/6CzxpTa5uAQIw9/YYIUrH59MtB3IZKmP+F12Kfh10/b4AG6biWwy4xHSO2moOvh0XjJAUzvdK12+klQUBDyKC7VTczl2SQmOOSDREAiIBGQCEgEJAISgTKOgLbwwqkeocF8sYMThW983eZ3KZFHqN9dKTISNWrUoH+RCA+vgchwex+/Tqu7lNNPFsSe0hnmZyLVe6JgvdvU9FVbkrX0QhzHqveXIKPzo2hp46RrhA4BY908uWewhxYd3bqFYXY8H+lJfyCzkQMDwehy1aJwM6X9cftpigHHg2ERjpouM9q5Z39H3K4EeVqJINaSTCIgEZAISAQkAhIBicCVhoCzw00nWtnCkAXzF2Dj6jWIO1egyJ5Hjwh0uyLufBpsUnjELXdh3NK12LI9FvOG3o6awc9jr8PJgJXv7IWx9YGp93fD6AWrsGXrCrx/TwRahA3H74XUcW/bC+MozzFda2PY0k3YuTsGE7s1xJuJNO79ByHyWqAt3rCrW4VodKRHqZx5aRimbT2AE/E7MfP1prjno1PIrOZcYxE8UKElXpnQGqc/6oROI5dhb8I+bJ4/gh4RGIx3NugvENZSCDKx6IHr0a5VU4zdnWFNls8SAYmAREAiIBGQCEgEJAJlAAH76WYqOKl4Le7rCiwe8zzuHQOM3nUJt1a/BlXrNKGpZ3yqxpzzkGCVXTk0wLCkTch88m4M7q4ugKZHBOKfU3qjjsOyDw/qYvCOHcjs1wbDez6o8GdrqUfE9EUT5bWgLgal7MAFmj6y+z34N6VgPD9Yvhjv3Kpv4FQy2vxj68P5+m+nuj3y+Q/Y2rkjBty5XOXw7DCMfnE0/rPLzJCtB+eXCB6MtuVra7Ey6Rk8+N5jaPmemvuOfhPxaFN9tbkRQ86/UkMa2sF+8bM8j5J3iYBEQCIgEZAISAQkAhKBMoSAh52y4iwvXVKRkomg0HBUinD0zZ2z05SLaWnKOuVKdOmE8+86mlnkZKbhMl3uHUKXo9jNXLulm7k5PTnXjcsc6bLcw4mzv/gC+uuXGVn5KB8WjohQAUzpr2qm08ntKlVD/bGVaRIBiYBEQCIgEZAISAQkAlcoAi4O9xUqtRRLIiARkAhIBCQCEgGJgERAIlBGEHBew11GKiDFlAhIBCQCEgGJgERAIiARkAhcyQhIh/tKbh0pm0RAIiARkAhIBCQCEgGJQJlHQDrcZb4JZQUkAhIBiYBEQCIgEZAISASuZASkw30lt46UTSIgEZAISAQkAhIBiYBEoMwjIB3uMt+EsgISAYmAREAiIBGQCEgEJAJXMgLS4b6SW0fKJhGQCEgEJAISAYmAREAiUOYRkA53mW9CWQGJgERAIiARkAhIBCQCEoErGQHpcF/JrSNlkwhIBCQCEgGJgERAIiARKPMISIe7zDehrIBEQCIgEZAISAQkAhIBicCVjMD/AWP/TK16xm7XAAAAAElFTkSuQmCC" alt="" name="en-media:image/png:ec3f94db0fdf23a1ab6538aa673f8844:none:none" />
(引用自 https://www.redhat.com/cms/managed-files/li-new-in-rhel74-technology-overview-f10498kc-201801-en.pdf)
2.3.2 Docker 对 user namespace 的支持
在 Docker 1.10 版本之前,Docker 是不支持 user namespace。也就是说,默认地,容器内的进程的运行用户就是 host 上的 root 用户,这样的话,当 host 上的文件或者目录作为 volume 被映射到容器以后,容器内的进程其实是有 root 的几乎所有权限去修改这些 host 上的目录的,这会有很大的安全问题。
举例:
- 启动一个容器: docker run -d -v /bin:/host/bin --name web34 training/webapp python app.py
- 此时进程的用户在容器内和外都是root,它在容器内可以对 host 上的 /bin 目录做任意修改:
root@devstack:/home/sammy# docker exec -ti web34 id
uid=(root) gid=(root) groups=(root)
root@devstack:/home/sammy# id
uid=(root) gid=(root) groups=(root)
而 Docker 1.10 中引入的 user namespace 就可以让容器有一个 “假”的 root 用户,它在容器内是 root,它被映射到容器外一个非 root 用户。也就是说,user namespace 实现了 host users 和 container users 之间的映射。
启用步骤:
- 修改 /etc/default/docker 文件,添加行 DOCKER_OPTS="--userns-remap=default"
- 重启 docker 服务,此时 dockerd 进程为 /usr/bin/dockerd --userns-remap=default --raw-logs
- 然后创建一个容器:docker run -d -v /bin:/host/bin --name web35 training/webapp python app.py
- 查看进程在容器内外的用户:
root@devstack:/home/sammy# ps -ef | grep python
: ? :: python app.py root@devstack:/home/sammy# docker exec web35 ps -ef
UID PID PPID C STIME TTY TIME CMD
root : ? :: python app.py
- 查看文件/etc/subuid 和 /etc/subgid,可以看到 dockermap 用户在host 上的 uid 和 gid 都是 231072:
root@devstack:/home/sammy# cat /etc/subuid
sammy::
stack::
dockremap::65536
root@devstack:/home/sammy# cat /etc/subgid
sammy:100000:65536
stack:165536:65536
dockremap:231072:65536
- 再看文件/proc/1726/uid_map,它表示了容器内外用户的映射关系,即将host 上的 231072 用户映射为容器内的 0 (即root)用户。
root@devstack:/home/sammy# cat /proc//uid_map
- 现在,我们试图在容器内修改 host 上的 /bin 文件夹,就会提示权限不足了:
root@80993d821f7b:/host/bin# touch test2
touch: cannot touch 'test2': Permission denied
这说明通过使用 user namespace,使得容器内的进程运行在非 root 用户,我们就成功地限制了容器内进程的权限。
2.3.3 检查 linux 操作系统是否启用了 user namespace
运行下面的命令即可检查是否启用了:
[root@node1 ]# uname -a
Linux node1.exampleos.com 3.10.-514.2..el7.x86_64 # SMP Tue Dec :: UTC x86_64 x86_64 x86_64 GNU/Linux [root@node1 ]# cat /boot/config-3.10.-514.2..el7.x86_64 | grep CONFIG_USER_NS
CONFIG_USER_NS=y
如果是 「y」,则启用了,否则未启用。同样地,可以查看其它 namespace:
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
2.3.4 在 Centos/RedHat Linux 7 中启用 user namespace
资料来源:https://github.com/procszoo/procszoo/wiki/How-to-enable-%22user%22-namespace-in-RHEL7-and-CentOS7%3F
这两个版本中,默认 user namespace 是未被启用的。
运行下面的命令,然后运行 reboot,就可以启用了:
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
运行下面的命令,然后运行 reboot,就关闭了:
grubby --remove-args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
2.3.5 OpenShift 对 user namespace 的支持
在 OpenShift 3.11 版本中,应该还不支持 user namespace,下面是 dockerd 进程:
/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc
--exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current
--init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json
--signature-verification=False --storage-driver overlay2 --mtu=
[root@node1 ]# ls
attr cgroup comm cwd fd io map_files mountinfo net oom_adj pagemap root sessionid stack status timers
autogroup clear_refs coredump_filter environ fdinfo limits maps mounts ns oom_score personality sched setgroups stat syscall uid_map
auxv cmdline cpuset exe gid_map loginuid mem mountstats numa_maps oom_score_adj projid_map schedstat smaps statm task wchan
[root@node1 ]# cat uid_map [root@node1 ]# cat gid_map
正是/proc/<pid>/uid_map 和 /proc/<pid>/gid_map 这两个文件, 把容器中的uid和真实系统的uid给映射在一起。这两个文件的格式为:
ID-inside-ns ID-outside-ns length
其中:
- 第一个字段ID-inside-ns表示在容器显示的UID或GID,
- 第二个字段ID-outside-ns表示容器外映射的真实的UID或GID。
- 第三个字段表示映射的范围,一般填1,表示一一对应。
举个例子, 0 1000 256这条配置就表示父user namespace中的1000~1256映射到新user namespace中的0~256。
比如,把真实的uid=1000映射成容器内的uid=0:
把namespace内部从0开始的uid映射到外部从0开始的uid,其最大范围是无符号32位整形:
上面的截图中正是后面这种情形,也就是容器中的 uid 和宿主机上的 uid 是从0开始一一对应着映射的。
备注:linux user namespace 非常复杂,应该是所有 namespace 中最复杂的一个。这里只是一个简单介绍,还进一步理解,还需要阅读更多材料,比如 https://lwn.net/Articles/532593/系列文章。
2.4 network namespace
默认情况下,当 docker 实例被创建出来后,使用 ip netns 命令无法看到容器实例对应的 network namespace。这是因为 ip netns 命令是从 /var/run/netns 文件夹中读取内容的。
步骤:
- 找到容器的主进程 ID
root@devstack:/home/sammy# docker inspect --format '{{.State.Pid}}' web5
- 创建 /var/run/netns 目录以及符号连接
root@devstack:/home/sammy# mkdir /var/run/netns
root@devstack:/home/sammy# ln -s /proc//ns/net /var/run/netns/web5
- 此时可以使用 ip netns 命令了
root@devstack:/home/sammy# ip netns
web5
root@devstack:/home/sammy# ip netns exec web5 ip addr
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN group default
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP group default
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/ scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80:::acff:fe11:/ scope link
valid_lft forever preferred_lft forever
其他的几个 namespace,比如 network,mnt 等,比较简单,这里就不多说了。总之,Docker 守护进程为每个容器都创建了六种namespace 的实例,使得容器中的进程都处于一种隔离的运行环境之中:
root@devstack:/proc/1726/ns# ls -l
total 0
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 ipc -> ipc:[4026532210]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 mnt -> mnt:[4026532208]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:44 net -> net:[4026532213]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 pid -> pid:[4026532211]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 user -> user:[4026532207]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 uts -> uts:[4026532209]
3. Docker run 命令中 namespace 中相关参数
Docker run 命令有几个参数和 namespace 相关:
- --ipc string IPC namespace to use
- --pid string PID namespace to use
- --userns string User namespace to use
- --uts string UTS namespace to use
3.1 --userns
--userns:指定容器使用的 user namespace
- 'host': 使用 Docker host user namespace
- '': 使用由 `--userns-remap‘ 指定的 Docker deamon user namespace
你可以在启用了 user namespace 的情况下,强制某个容器运行在 host user namespace 之中:
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web37 --userns host training/webapp python app.py
9c61e9a233abef7badefa364b683123742420c58d7a06520f14b26a547a9476c
root@devstack:/proc/# ps -ef | grep python
root : ? :: python app.py
否则默认的话,就会运行在特定的 user namespace 之中了。
3.2 --pid
同样的,可以指定容器使用 Docker host pid namespace,这样,在容器中的进程,可以看到 host 上的所有进程。注意此时不能启用 user namespace。
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web38 --pid host --userns host training/webapp python app.py
f40f6702b61e3028a6708cdd7b167474ddf2a98e95b6793a1326811fc4aa161d
root@devstack:/proc/#
root@devstack:/proc/# docker exec -it web38 bash
root@f40f6702b61e:/opt/webapp# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 0.0 0.1 ? Ss : : /sbin/init
root 0.0 0.0 ? S : : [kthreadd]
root 0.0 0.0 ? S : : [ksoftirqd/]
root 0.0 0.0 ? S< : : [kworker/:0H]
root 0.0 0.0 ? S : : [kworker/u2:]
root 0.0 0.0 ? S : : [rcu_sched]
......
3.3 --uts
同样地,可以使容器使用 Docker host uts namespace。此时,最明显的是,容器的 hostname 和 Docker hostname 是相同的。
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web39 --uts host training/webapp python app.py
38e8b812e7020106bf8d3952b88085028fc87f4427af0c3b0a29b6a69c979221
root@devstack:/proc/# docker exec -it web39 bash
root@devstack:/opt/webapp# hostname
devstack
参考链接
- http://lwn.net/Articles/531114/
- Docker基础技术:Linux Namespace(上)
- Docker基础技术:Linux Namespace(下)
- https://github.com/crosbymichael/dockercon-2016/blob/master/Creating%20Containerd.pdf
- https://events.linuxfoundation.org/sites/events/files/slides/User%20Namespaces%20-%20ContainerCon%202015%20-%2016-9-final_0.pdf
- https://blog.yadutaf.fr/2016/04/14/docker-for-your-users-introducing-user-namespace/
- https://success.docker.com/Datacenter/Apply/Introduction_to_User_Namespaces_in_Docker_Engine
- https://segmentfault.com/a/1190000006913195