本系列文章将介绍Docker的有关知识:
(1)Docker 安装及基本用法
(2)Docker 镜像
(3)Docker 容器的隔离性 - 使用 Linux namespace 隔离容器的运行环境
(4)Docker 容器的隔离性 - 使用 cgroups 限制容器使用的资源
(5)Docker 网络
1. 基础知识:Linux namespace 的概念
Linux 内核从版本 2.4.19 开始陆续引入了 namespace 的概念。其目的是将某个特定的全局系统资源(global system resource)通过抽象方法使得namespace 中的进程看起来拥有它们自己的隔离的全局系统资源实例(The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. )。Linux 内核中实现了六种 namespace,按照引入的先后顺序,列表如下:
namespace |
引入的相关内核版本 |
被隔离的全局系统资源 |
在容器语境下的隔离效果 |
Mount namespaces |
Linux 2.4.19 |
文件系统挂接点 |
每个容器能看到不同的文件系统层次结构 |
UTS namespaces |
Linux 2.6.19 |
nodename 和 domainname |
每个容器可以有自己的 hostname 和 domainame |
IPC namespaces |
Linux 2.6.19 |
特定的进程间通信资源,包括System V IPC 和 POSIX message queues |
每个容器有其自己的 System V IPC 和 POSIX 消息队列文件系统,因此,只有在同一个 IPC namespace 的进程之间才能互相通信 |
PID namespaces |
Linux 2.6.24 |
进程 ID 数字空间 (process ID number space) |
每个 PID namespace 中的进程可以有其独立的 PID; 每个容器可以有其 PID 为 1 的root 进程;也使得容器可以在不同的 host 之间迁移,因为 namespace 中的进程 ID 和 host 无关了。这也使得容器中的每个进程有两个PID:容器中的 PID 和 host 上的 PID。 |
Network namespaces |
始于Linux 2.6.24 完成于 Linux 2.6.29 |
网络相关的系统资源 |
每个容器用有其独立的网络设备,IP 地址,IP 路由表,/proc/net 目录,端口号等等。这也使得一个 host 上多个容器内的同一个应用都绑定到各自容器的 80 端口上。 |
User namespaces |
始于 Linux 2.6.23 完成于 Linux 3.8) |
用户和组 ID 空间 |
在 user namespace 中的进程的用户和组 ID 可以和在 host 上不同; 每个 container 可以有不同的 user 和 group id;一个 host 上的非特权用户可以成为 user namespace 中的特权用户; |
Linux namespace 的概念说简单也简单说复杂也复杂。简单来说,我们只要知道,处于某个 namespace 中的进程,能看到独立的它自己的隔离的某些特定系统资源;复杂来说,可以去看看 Linux 内核中实现 namespace 的原理,网络上也有大量的文档供参考,这里不再赘述。
2. Docker 容器使用 linux namespace 做运行环境隔离
当 Docker 创建一个容器时,它会创建新的以上六种 namespace 的实例,然后把容器中的所有进程放到这些 namespace 之中,使得Docker 容器中的进程只能看到隔离的系统资源。
2.1 PID namespace
我们能看到同一个进程,在容器内外的 PID 是不同的:
- 在容器内 PID 是 1,PPID 是 0。
- 在容器外 PID 是 2198, PPID 是 2179 即 docker-containerd-shim 进程.
root@devstack:/home/sammy# ps -ef | grep python
root 2198 2179 0 00:06 ? 00:00:00 python app.py
root@devstack:/home/sammy# ps -ef | grep 2179
root 2179 765 0 00:06 ? 00:00:00 docker-containerd-shim 8b7dd09fbcae00373207f01e2acde45740871c9e3b98286b5458b4ea09f41b3e /var/run/docker/libcontainerd/8b7dd09fbcae00373207f01e2acde45740871c9e3b98286b5458b4ea09f41b3e docker-runc
root 2198 2179 0 00:06 ? 00:00:00 python app.py
root 2249 1692 0 00:06 pts/0 00:00:00 grep --color=auto 2179
root@devstack:/home/sammy# docker exec -it web31 ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 16:06 ? 00:00:00 python app.py
关于 containerd,containerd-shim 和 container 的关系,文章 中的下图可以说明:
- Docker 引擎管理着镜像,然后移交给 containerd 运行,containerd 再使用 runC 运行容器。
- Containerd 是一个简单的守护进程,它可以使用 runC 管理容器,使用 gRPC 暴露容器的其他功能。它管理容器的开始,停止,暂停和销毁。由于容器运行时是孤立的引擎,引擎最终能够启动和升级而无需重新启动容器。
- runC是一个轻量级的工具,它是用来运行容器的,只用来做这一件事,并且这一件事要做好。runC基本上是一个小命令行工具且它可以不用通过Docker引擎,直接就可以使用容器。
因此,容器中的主应用在 host 上的父进程是 containerd-shim,是它通过工具 runC 来启动这些进程的。
这也能看出来,pid namespace 通过将 host 上 PID 映射为容器内的 PID, 使得容器内的进程看起来有个独立的 PID 空间。
2.2 UTS namespace
类似地,容器可以有自己的 hostname 和 domainname:
root@devstack:/home/sammy# hostname
devstack
root@devstack:/home/sammy# docker exec -it web31 hostname
8b7dd09fbcae
2.3 user namespace
2.3.1 Linux 内核中的 user namespace
老版本中,Linux 内核里面只有一个数据结构负责处理用户和组。内核从3.8 版本开始实现了 user namespace。通过在 clone() 系统调用中使用 CLONE_NEWUSER 标志,一个单独的 user namespace 就会被创建出来。在新的 user namespace 中,有一个虚拟的用户和用户组的集合。这些用户和用户组,从 uid/gid 0 开始,被映射到该 namespace 之外的 非 root 用户。
在现在的linux内核中,管理员可以创建成千上万的用户。这些用户可以被映射到每个 user namespace 中。通过使用 user namespace 功能,不同的容器可以有完全不同的 uid 和 gid 数字。容器 A 中的 User 500 可能被映射到容器外的 User 1500,而容器 B 中的 user 500 可能被映射到容器外的用户 2500.
为什么需要这么做呢?因为在容器中,提供 root 访问权限有其特殊用途。想象一下,容器 A 中的 root 用户 (uid 0) 被映射到宿主机上的 uid 1000,容器B 中的 root 被映射到 uid 2000.类似网络端口映射,这允许管理员在容器中创建 root 用户,而不需要在宿主机上创建。
从内核的提交日志上看,user namespace 是 linux 内核 3.8 版本中引入的,而 RedHat 企业版 7 的 linux 内核版本是 3.10,但 7.1版本并不支持 user namespace。这是为什么呢?实际上,在 Fedora 项目中,Redhat 已经在 user namespace 上已经投入了很长时间了,而且认为这是一个非常重要的功能。因此,我们并没有在 7.1 中启用 user namespace,直到我们认为它满足了生产要求为止。而新版本的 Fedora 已经启用了该功能了。在最新的 RedHat 企业版 Linux 7.4 版本中,已经正式启用了 user namespace:
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtwAAAB+CAYAAAAX4salAAAYJ2lDQ1BJQ0MgUHJvZmlsZQAAWIWVeQdUFE3Tbs/OBliWJeeck2SWKDnnnBFYcs4ZlSgSVAQBRUAFFQQVDCQRFRFEFBFUwIBIMJBUUEERkH8I+n7f+99z77l9zsw8W11d/XRXdffUDgAcjOSIiBAULQChYTFRNoY6vE7OLry4SQABFKAGtIBE9o6O0LayMgNI+fP877I8jGgj5Znkpq3/Xf9/LXQ+vtHeAEBWCPbyifYORXAjAGhW74ioGAAwfYhcID4mYhMvIJgxCiEIABa9if23Mesm9trGu7Z07Gx0EawFAAWBTI7yB4C4yZs3ztsfsUNEOGLpw3wCwxDVVARreAeQfQBg70B0doWGhm/ieQSLev2HHf//sun11yaZ7P8Xb49lq1DoBUZHhJAT/z+n4/9dQkNi//TBj1yEgCgjm80xI/N2ITjcdBMTENwe5mVhiWB6BD8I9NnS38SvAmKN7Hf0572jdZE5A8wAcbYPWc8UwZwIZo4NttfewXLkqK22iD7KIjDG2G4He0WF2+zYR8WFhViY7djJDvA1/oNP+Ubr2/7R8Qs0MEYwEmmoxqQAO8dtnqiuuEAHCwQTETwQHWxrutN2LClA1+KPTlSszSZnQQR/94sysNnWgVlDo/+MC5byJm/1hcQCrBUTYGe03RZ28o12MvvDwcdXT3+bA+zjG2a/ww1GokvHZqdtVkSI1Y4+fMo3xNBme57hK9Fxtn/aPo1BAmx7HuDJILKJ1U5fyxExVnbb3NAoYAZ0gR7gBbHI5QXCQRAI7J9vmUd+bdcYADKIAv7AF0juSP60cNyqCUPutiAJfEKQL4j+205nq9YXxCHy9b/S7bsk8NuqjdtqEQw+IDgUzY7WQKuhzZC7FnLJoZXRKn/a8dL86RWrj9XDGmENsGJ/eXgjrEOQKwoE/h9kpsjTFxndJpewP2P4xx7mA2YQM4kZwoxjXgIH8G7Lyo6WR2B61L+Y8wJzMI5YM9gZnRdic+aPDloYYU1C66DVEf4IdzQzmh1IohWQkWijNZGxkRDpfzKM/cvtn7n8d3+brP9zPDtyojiRtMPC669ndP9q/duK7n/MkQ/yNP23JpwNX4d74LtwL9wOtwBe+A7cCvfBtzbx30h4txUJf3qz2eIWjNgJ/KMjc1FmRmbtX32Td/rfnK/oGN+EmM3FoBsekRgV6B8Qw6uN7Ma+vMZh3lK7eOVkZJUB2Nzbt7eObzZbezbE/OQfme80ALuR+KYc+EcWdAyAum4AWHL/kQm7AsCG7LNXn3rHRsVtyza3Y4ABeECDrAo2wA0EgCgyHjmgCNSAFtAHJsAS2AFn4I7MeAAIRTjHg70gDWSBPHAUFIOT4DQ4Cy6Ay+AaaAHt4C64Dx6BATAEXiNx8R7MgQWwDFYhCMJB1BADxAbxQEKQBCQHKUMakD5kBtlAzpAn5A+FQbHQXigDyoMKoZNQJVQLXYVuQHehXmgQeglNQDPQV+gXCkYRUIwoLpQwShqljNJGmaLsUHtQ/qhIVBIqE3UEdQJVhbqEakbdRT1CDaHGUXOoJRjAVDAzzAdLwsqwLmwJu8B+cBS8H86FS+AquB5uQ/z8DB6H5+EVNBbNgOZFSyKxaYS2R3ujI9H70YfQJ9EX0M3oLvQz9AR6Af0bQ43hxEhgVDHGGCeMPyYek4UpwVRjmjDdyLp5j1nGYrHMWBGsErIunbFB2GTsIWwFtgHbgR3ETmGXcDgcG04Cp46zxJFxMbgsXCnuEu4O7inuPe4nBRUFD4UchQGFC0UYRTpFCUUdxW2KpxQfKVYpaSmFKFUpLSl9KBMp8ynPUbZRPqF8T7mKp8OL4NXxdvggfBr+BL4e340fxX+joqLip1KhsqYKpEqlOkF1heoB1QTVCoGeIE7QJbgRYglHCDWEDsJLwjdqamphai1qF+oY6iPUtdT3qMeofxIZiFJEY6IPMYVYRmwmPiV+pqGkEaLRpnGnSaIpoblO84RmnpaSVphWl5ZMu5+2jPYG7QjtEh0DnSydJV0o3SG6Orpeuml6HL0wvT69D30m/Vn6e/RTDDCDAIMugzdDBsM5hm6G94xYRhFGY8YgxjzGy4z9jAtM9EwKTA5MCUxlTLeYxplhZmFmY+YQ5nzma8zDzL9YuFi0WXxZcljqWZ6y/GDlYNVi9WXNZW1gHWL9xcbLps8WzFbA1sL2hh3NLs5uzR7Pfoq9m32eg5FDjcObI5fjGscrThSnOKcNZzLnWc4+ziUubi5DrgiuUq57XPPczNxa3EHcRdy3uWd4GHg0eAJ5inju8MzyMvFq84bwnuDt4l3g4+Qz4ovlq+Tr51vlF+G350/nb+B/I4AXUBbwEygS6BRYEOQRNBfcK3hR8JUQpZCyUIDQcaEeoR/CIsKOwgeFW4SnRVhFjEWSRC6KjIpSi2qKRopWiT4Xw4opiwWLVYgNiKPESeIB4mXiTyRQEooSgRIVEoO7MLtUdoXtqto1IkmQ1JaMk7woOSHFLGUmlS7VIvVZWlDaRbpAukf6twxJJkTmnMxrWXpZE9l02TbZr3Lict5yZXLP5anlDeRT5FvlFxUkFHwVTim8IDGQzEkHSZ2kdUUlxSjFesUZJUElT6VypRFlRmUr5UPKD1QwKjoqKSrtKiuqiqoxqtdUv6hJqgWr1alN7xbZ7bv73O4pdX51snql+rgGr4anxhmNcU0+TbJmleakloCWj1a11kdtMe0g7Uvan3VkdKJ0mnR+6Krq7tPt0IP1DPVy9fr16fXt9U/qjxnwG/gbXDRYMCQZJht2GGGMTI0KjEaMuYy9jWuNF0yUTPaZdJkSTG1NT5pOmombRZm1maPMTcyPmY9aCFmEWbRYAktjy2OWb6xErCKtblpjra2sy6w/2Mja7LXpsWWw9bCts12207HLt3ttL2ofa9/pQOPg5lDr8MNRz7HQcdxJ2mmf0yNndudA51YXnIuDS7XLkqu+a7HrezeSW5bb8B6RPQl7et3Z3UPcb3nQeJA9rntiPB096zzXyJbkKvKSl7FXudeCt673ce85Hy2fIp8ZX3XfQt+Pfup+hX7T/ur+x/xnAjQDSgLmA3UDTwYuBhkFnQ76EWwZXBO8EeIY0hBKEeoZeiOMPiw4rCucOzwhfDBCIiIrYjxSNbI4ciHKNKo6GoreE90aw4i85vTFisYeiJ2I04gri/sZ7xB/PYEuISyhL1E8MSfxY5JB0vlkdLJ3cudevr1peyf2ae+r3A/t99rfmSKQkpnyPtUw9UIaPi047XG6THph+vcMx4y2TK7M1MypA4YHLmYRs6KyRg6qHTydjc4OzO7Pkc8pzfmd65P7ME8mryRv7ZD3oYeHZQ+fOLxxxO9If75i/qmj2KNhR4cLNAsuFNIVJhVOHTM/1lzEW5Rb9L3Yo7i3RKHk9HH88djj4yfMTrSWCpYeLV07GXByqEynrKGcszyn/EeFT8XTU1qn6k9znc47/etM4JkXlYaVzVXCVSVnsWfjzn4453Cu57zy+dpq9uq86vWasJrxCzYXumqVamvrOOvyL6Iuxl6cueR2aeCy3uXWesn6ygbmhrwr4ErsldmrnleHr5le67yufL2+UaixvImhKbcZak5sXmgJaBlvdW4dvGFyo7NNra3pptTNmna+9rJbTLfyb+NvZ97euJN0Z6kjomP+rv/dqU6Pztf3nO4977Lu6u827X5w3+D+vR7tnjsP1B+096r23nio/LDlkeKj5j5SX9Nj0uOmfsX+5idKT1oHVAbaBncP3n6q+fTuM71n958bP380ZDE0OGw//GLEbWT8hc+L6ZchLxdfxb1afZ06ihnNfUP7pmSMc6zqrdjbhnHF8VsTehN9k7aTr6e8p+beRb9be5/5gfpDyUeej7XTctPtMwYzA7Ous+/nIuZW57M+0X0q/yz6ufGL1pe+BaeF94tRixtfD31j+1bzXeF755LV0thy6PLqj9yfbD8vrCiv9Pxy/PVxNX4Nt3ZiXWy97bfp79GN0I2NCHIUeetVAEYulJ8fAF9rAKB2BoBhAAA8cTv32ikwtJlyAOAA6aO0YWU0KwaPpcDJUDhTZuDvELDUZGILLZ4uhP4hI4mpnAWwBrP1cyhyHuWa49HizecbFMALqgg5CweLhIq6iemIc4kvStzfVSoZLKUuTS39VqZBNlXOWp5P/pPCDdIBRWslTqX3yvUqCaraani1Z7vL1X00dml81WzR2quto0PQeat7W69Ov8KgwHC/EdlY04TVZNG0z6zevMKi0rLdasoGY8tmx25P6wA7rDmuOgMXSleiG/Ue9J4l90mPAc8O8nWvau9Sn1zfRD9/f7sAnUCFIPFgvhC2UJowOOx7+GTEQOTNqHPRR2JSYrPimhLQib5JHXvBPuH9qinGqa5pselHMoozkw8oHJjKyj9olS2UQ5UL8lCH6A6LHtHItzjqWOBS6HLMqcih2K7E+rjFCdNSw5M6ZRrlKhXypyRPi5+RqTStyjg7ft64+lLNXC1dndBF2Utql/XqzRscr3hcDbgWcT2+cX9TevOBluzWvBv5bcU3y9urbzXe7r4z0jF+d7iz4Z5fF2vXg+6S+/E9fg/29Do+tH5k2mf42Kjf7knkwJnBl8+onksP6Q4bj+i/UH4p9Ir4auX19OiLN3fHzr7NGPefsJ+0mDJ/Z/ne8oPJR5VplunxmdxZhdnxuQvzSZ+MPlN8rv1i+GVq4exiwlf3b5bfzZeCljt/HvzVsq63sbHjf1kYDc+gxzFT2AUKmFIRH0BVThgnitPE096nZ2NIZHzOLMeSzvqGncSRxTnAzc7jxFvA184/KrAkuCw0K/xY5KxolJiGOIX4c4nTu4IkSZK/pe5LH5FxlOWR/ShXLx+noE6CSN2KuUqWygzKwyqlqq5qXGqjSBS4abBpjGge13LVFtZe1RnSvap3SN/XYLchneEHo3bjYpM4U18zL/MAi3DLUCsva0sbNVtxOw57ogPKYdnxo9Ow8z2Xetcyt9w9Se6BHk6eemRpL1ZvyHvWZ8i3y6/JvzqgJDAzKDzYOUQrVCSMGomEiYixyO/RfDEesaVxd+NfJEwlziet7KXax71fNIU3FZv6Nq0pPT8jKtP9gH2W08HA7IycitzLeU2Hmg83Hrmaf/lobcH5wjPHyoqKi/NLco6nn0gsDT/pXxZYnlpx57TYmQtVImcLzz07v1JDvMBeK1AnjsSB0mWNer0G8yvOV0OuZV0/23i7abB5rGW69VsbfJOlXeKW2m2tO0odfHdRdyc7e+41ddV0l90/2nPgQVJv1MOYRzl97f3MT/YNvHnK/kzzud2Q33DqyPkXT15+f00/KvnGbCzi7fHxmxNPJ8emJt/NfcAg3k+bGZyjm5f5RPos/IXmy8+FD4sjXx9+u/G9cill2eGHyI/ln+0rSb/UVglreuszO/6XguZQFbA7WgyDwyxiZ3CzFJOUi1R4ghC1NtGFJo32Et0g/QajEJM+cxDLAdbTbI3s3RwPOO9z3eSu5Eng1eH9xXeO35R/TiBbUESwU8hdaEW4SERG5KGovxhOrEbcSPyjRNYu0V3dkt5SQKpCerf0C5lY5O2mQc5Mblo+Q4FboZVkQ5pXPKDEo9SCvLVMq6SoMqteVNNWe7rbe/dn9WQNnEaZpoLmsFaSNrd2q46lzkvdAN0NvSp9KwNKg3uGe40UjGaNq0zcTFlNh82KzW0taCx6LTOs1Ky+WzfYBNuK2L6zq7Tf48Dm8Nwx38nIacO5ySXEVdD1jVvJHos9y+5FHkIejZ7anq/ICV78Xi+QfSTA19BPyV8lwDiQHBQaTA7RDKUNHQ07Hx4aQYpYi7wXlRttFcMU8zr2dJxPvHD8h4RTifqJo0khyYzJz/be3Hd7f1fKvdQbabXpJRkZmeEHXLP0D4pnY7Kf55TmuuQJ5q0eGj/8+MiN/DNH9xe4FqoeYz+2UjRcfK3k+PHDJwpLK09eL7tf/qJi9tTqGepK3ir5s0bn3M6HV++vyblwqDa1jnxR6RLx0tfLn+pXrhCucl+Tu27VmNzU2PyzVeVGRFvpzSvtrbdu3u69s3TXsPNGl233Uk9Jr/zD532H+z0HjJ9qP9cZDnlJHJ2b7J9d+r6y6f/t/+A2C1YRgGNpSIaaBYC9JgAFXUieOYTknXgArKgBsFMBKGE/gCL0AUh14u/5ASGnDRZQATrACniACJABqkhmbAlcgB+IRrLLfHAK1IPb4AmYAN+RzJETkoUMIQ8oHiqALkEPoA8oLEoUZYaKRlUged4GktfFwTfg32hD9DH0JEYek415i1XFlmJXkQzrIYUSRQ0lB2UBngqfQ4WnOkpgJ9RQK1C3E9WJbTTKNDdpjWhf08XQ09JfZtBjGGS0YxxksmR6yuzB/JOllFWddYxtHzsHexuHOyclZztXHLcC9zeea7xRfCS+Nf4egRLBAKHdwkThcZHrotliXuLaEsK7iLtWJT9LvZMekmmSTZaTlRuTz1YgKXwhtSoWKiUq+6iYqcqosewmqktplGlJaB/W6dX9ok9hwGTIZsRpLGiiYGphFml+wqLL8qu1gI2j7RG7Hge0o55TlnOfK7Ob154693eeWDKdF9Zryfu9z6jvrD9NgGlgcdDHkN2hRWGfI0wi66IJMZGxr+INElqTJJOr9/HuL0tlTivIwGemHVg6GJQ9l5t3KPRIUwHdMfaiTyW1JzxOMpcNVBw+bXhmqSr/HOP57OrlC8G1Xy8evazfQHdl8dqHxunmudaPbVPti3dY7urec+/27LHt1Xwk/VjsieJg2LOfI+hXlKOn3zJM3H5PnN47p/2p4cvqV8XvBsv4H4d/PlyZ/vV+9eVa4/rR314bMlv7x6b/cYAA6AEb4APiQB6oAyNgBzxBKEgGOaAU1IIb4BF4AxYgDMQOyWx5PxEqgq5A/dAnFA1KHuWCykBdQ72HeWAP+Bw8j1ZEZ6KHMGKYNMwo4vsyHMAF4IYo9ClaKaUp6/Bi+EtUClR3CFaEKeoEIiWxmIaP5gqSv76mi6dnpm9hcGD4xLiPCc90glmS+SFLOCsLawdbIDsjewdHOKcg5yhXKbcTDyvPS94KPh9+GQEg8FzwolCmsJuIApLLzYr1iV9HTrF8yQypvdIxMt6yWnIEuX75XAVTEgtpUfGlUo9ys0qV6iG1pN1x6jkarZo/tOV1fHTz9Kr1mw1uGt40umXcazJhhjIXt3CwPGDVYj1vK2jnYV/hMObE7xzk0uyG2+PoftKj23OQ3OlV653tE+hr42fk7xyQHtgRTB3iFdoezh6RFPkmWiemNo4mPiLhURJfctzegf2klHNpHOlFmfgDyVnz2eScybykwzL5qKNvCq8WxZUoHP9aerUstkL11K8z1VVyZyvOfawWqQm4cKWO5WL5ZfX6T1dKr6lc728iN6+2VrVZt4NbtXfMOhY7T3d53Vd9wPcQ/ejx47gn2IHcp4RnVUMeI+YvQ17XvPk4zjNp9S7tw+0Zlrmjn4UXHn8rWj60Yrwqt3Zq/d3vxR3/owEloEVWPx+QAIpAF1gBd8T3+5CVXwkawQMwhqx7AiQMaUF7oGSoDLoFTaAoEa+TUcWoAZgJ9oVvoTnRqehZjDPmMVYXewunjrtLYUbxhjIaT4O/QuVAgAkt1JFEWeJPmm7aUrpYemcGY0YTJmtmExYlVjE2ErsHRyJnDJcXtx2PBa85nzm/mYC5oI2Qh3C0yGHROrEH4jO7qCWVpPykT8oMy7HL+yg0kFaVrJQfq+bsdtbAaB7VWtMx1c1APNhi0G5426jfeNXU1KzZQsrykrWUTbOdrv2wY6gz3uWSm4M7nSeVl4ePq+87f7WAvMAPwTYhfWHm4U8jXaOmY5LjuOPHEu8nd+yrSLFP/ZVememQxXNwIedW3qHDfvmGBWyFj4r8ipePZ5TSnawqV6x4fNqvEqoqP6d8fqgmtpaj7sGllHrDK9LXDBpTmqta89uc21lujdwpu+t8D9d1/r5Cz81e/YcjfQn90gPw4MKz6aHBkYKXIq8qXv9+oz+W+/bRBM2k/dSZdzMfZD8GT5+ZeTA7O4/5xPlZ5oveguMi+avPN6vv/N+Xlg4vcy7X/VD5cfLHyk/Hn80rzCtRK80rq7+0fmX+6l0lrtquHl8dWKNY01pLWLu6NrPOt+68Xrj+cH39t+xvn9/Hfz/6/XtDdsN348RG36b/o/3k5baOD4igAwBmbGPjmzAAuEIA1gs2NlarNjbWzyLJxigAHSHb33W2zhpaAMo3vyWBR62/Uv/9feV/ANk7x4zgXpwkAAABnWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj43MzI8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTI2PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CuI/yjcAAEAASURBVHgB7F0HfBXF859HCwEJhC69iCBIkaqi/FBpIiIWOqJUQelSpIiUICgdlCpVmoB0pAgECQIBQi8J0kIPJYQESM/+Z/Zur7279y4BFP3ffT7J7W2Znf3uzOzs3t4+F8MLnMtBwEHAQcBBwEHAQcBBwEHAQcBB4IkgkO6JUHWIOgg4CDgIOAg4CDgIOAg4CDgIOAhwBByH2xEEBwEHAQcBBwEHAQcBBwEHAQeBJ4iA43A/QXAd0g4CDgIOAg4CDgIOAg4CDgIOAo7D7ciAg4CDgIOAg4CDgIOAg4CDgIPAE0TAcbifILgOaQcBBwEHAQcBBwEHAQcBBwEHAcfhdmTAQcBBwEHAQcBBwEHAQcBBwEHgCSLgONxPEFyHtIOAg4CDgIOAg4CDgIOAg4CDgONwOzLgIOAg4CDgIOAg4CDgIOAg4CDwBBFwHO4nCK5D2kHAQcBBwEHAQcBBwEHAQcBBwHG4HRlwEHAQcBBwEHAQcBBwEHAQcBB4ggg4DvcTBPf/PemkGIiKjPtHYUiIvAv3kv5RFv6RypNj09LoJIi6eRcS/xGO/95KSS7SBNHfy6aH2rCv/mHd8sDcfzgpDu7ejXkq2vfvl+GnAkaHCYiD6Li0jBePAt0/UacXfuNi4M4TxsGjw30z6Ef4pP1sOJvizmjY4n7QcfROeOie5MQ4CCACSbC1jx/kzfUybLwtAcJSzsK4Yi7ouO6KDqGooPGQxfUW7Hygi/b4QLQmt2gNU4JuWOZjKafgi1w5ofCrsyHKMtd/LSEJgifXh4LFZ6S6zUnHZ4B/vpzw6eK//hWgnFv3DbzfchyExqvsJp5fDV+8+zGM3XFZiWQQA1v7dYCRm6S4pLCfwAflosYPR5U8N4MmQHbX+/BnghKFgST4c3hBqDL6oDbSa5h46Nr6M+jdu7fub+R3C2DPuUeXRJZyEaa+mhHyzzphycvltUOhTf8NJjIQBzvGdIAWw83SLMmBOT7u+a3a3rvPZ9Bp2JOp052LJxdzZvq7kDOnH4w/kQpjlUp2CMNPWwbAIQ+iYibDqazmsWS36u8+vQZBn8/awNcrztiqh4X/Dn1bt/Foz20ReoRM7NJGqO5pHEo4BZM6dNbpNOl4r4FjYfn2sMeyUHF93edQMLf1eOVJNi6v/Zbbw2M6G+YZEBpHA1y+MOKYF0/Oou3U/rYdx8ITqdMz6481NQUuQoCvH5TzHQCnTfzdx1WZR4f7Vsg8WDPvN4gwTH5oANs/eRxsmHzCcbgfV0/8B+lkzVkdfKE45PSVGpd8cjP0Cwd4oYS/prVJcHhjX8ha6G0onVUT7S145SD0+mUJnH3g8pgzL6bGlM8NmTzm+u8kkjO2rtdWiOr1MuRIbbMy+fESRdGh+DdcufxTYM2yfnDgqjrCXNm5GKZtWAT9Fx1TBkBXwnmYM24urAiL5M1K75sLqmCoePaMSjNvh2zm4UTN8j6DWLgw9Rok+qr5lAIeAokPr8KMJbNg0o5jcPToUf535Nh2GPrVp1DzOX8Yvf+Oh9Lek1yxt2H3XoDXMlvzFXd+I2xbeBGnDPqLISpXV82F3zZed0vT59Q/meGjzyE9mbWdMDhydC/8cUXC36ycWZzdOs3KPqm4DH4FOekcGa2xf9S6CcMFy76G1WeiLUmZybBl5ieYkPTwDpf1HTt2gPjbcuwYTJw8GibOWgxnbVhecvpGFasH45cshp9CIp4gt55Jx90JBZrC+lhlS3wIe+fOhh8nBSp6TbI9eUx/aF6nDOQY8btic6xIeIuPPL/fYxZPshF7LRC2LNsEkRob5pEYJrpio2A33nNmZJ6zWrSd2r/oz/Pw4EnU6Zmjx5rqgiyQtyFAcqFnIb1Hr/jRqs1gVZyc6pObQ4BV+wzKGb2VlMsQcgCg4LcvQ24NgeS4OHiIwGfOlhlMzVFsHMTgCGCZLtOKw6V9QFctc2ZL9uScSRCDBD3RI55oLcIvc2a5jMktCfmK1fOVjDw8QB78LHmgumMhg2828LVgMz4mBlhGT+1IgnikkS5bNnO8iFXkLR4nn+mzZIYMFvUQrw8TM0I2xN3sIjwTsAYrDLzzaUbVW1wGqDksGO4NU/PdunAKEX0TqhRXPWsG0XB2J8DtJhW5LMVHx0E6Pwv5UUnB/Rvn+FPF4lrnXZMBg650ZWEUYzBKHy09oSxGo69uhYlZkccSx2Ut0VJuqC8Tbcg+9SnL4C57rthbEIKMdq6U34LdJIiLQ2E3qSND6bbAWFvTclb1qZm96wPPK+Pui/qo2AgvmKh16EN+pSrziONX7wOUyAlksw7v+ZXHPfPHXnwz9w68QMbzymlYjrdR/yvG01xF3oeDKBfaK4OP9Gz0o1gJgATZsbVvlyTK4xavgy9fVGU94fof0L9AbRjdbRV03d9JNyGyY6dEH2T2zQI0JTqtbYAhzHCSmz7JB8xMhk9OzIy+r1ka8YHS6WZ7rfAxVKs8GtuuJLgFJBuYYmJHvdVpBzN6S2E5RpjYfTf2DOVLtJ4PDP/cL2xHdJJH2yX6z2q8MNL09eAEmcmwtnxqZVVbNjVh3xc7os3oqCvCULh+ejkXDAhuCz3rFtOluT/EwYZedeBrOcHffAhzL5aEeMfGgpncaDN7x0HtN98spFUeLtlg1Zy2BHZ0LatmTL4J6wY3gY++6QcbOh2C95/VeGw2ZEwrx1myW49naoVovS1kA0d50wlDEvKBcLn7SooRVgLaatSwVdvVHG4hS+yVqpSAaVmz8U2bkfwWq/73lCZoaPO4IC903sigs0jU3C3bIefR9p+mmHmQWVwpySfZIMAxbMyf7jlubWW4QsQ6rL0spSVdYYt7vEojFv/LCBXZ14v2swdyyRR2h/02prmSjk4Xm7HvuoZuLNsxrAajcq0+Kafkm3UuXpNHDsYf4XxR3vqa+kauCdPkTWTHf/5WSSe+/KAJmxtyW80j06E0agvdfUr1YX/cCGebhjVQeIDXB7N9t5LUchi6uu1HHe1PJwUqbaWMCWc3sO5lJJock9pd2Ipjct0m/LvjwdidY6tZ38YvqHwgf8Z62N0jbGKr59U8ZduyxSEqrsm3DrChjTV8NApgIXfVpnjkU80mhe7uIbPKxh2/z5+pTxc0QNrNFzJBMmpbAO9D6reU5L/YiBLAak0/gvkTWWC/GiqfSMcf2rLd1L2IB9Gl/vzwRYlXCuv7U2JB+z9sWh3ep3skdrRJSjgxdAGv80eZ54fHZ/PnDn06K7y4ynRh264lK2WIn57IT6flF5S4FBbNljYHVqLbBt7PKeEbuMx8Gyz1aQq7wqa3AvZMicHslIaUQgADRGPX9G5KvSQXX87drWBn1pfLQ6M0JCQdoXIfN1F1pNpXS9k1OVf0oR909CnvqEMyDdTRFQNa6NIrNBzLjmpU7MS0jxjUF/3pvT7BnDd9ELi3G6LiXnvaSV789PKhOp7e6TGLHb+r1zdRj/FONor6qvxEkjG8ZFl65ZP3OM1l4VJn3N0lyeXvt6RsJJsjsZyQ5TBqNz6LP5JNkivqs4XVML7zWDa+s6pnZVpOZafjJFpm/x8cn8ppKdhrMv3ZH1i2arPUfo85qdfhWn3YpnBNp2DZlKt7WP9aKn8d+rTh9CXd0hDXBMOmV2YFcmnqkdOoTb/U1/OQhHZkWo+WSvsJh+dbjVVshRU+muqUoNp2Yf2VJCUgbMMHASNZMw3un0/fzRLkXB7r9IKZoF+vT2/VTstyHTb3E5yLvMlGzR6h2H0aG6YfUscGT+UTzi3ltku1O7Fsn0Gv241Zz2RR462JDFmoa+fbA1SdVUDRBFQMtfqvyYBBowwLG1u991g2qnNppS+Nskrtzw1duHwLikm3t3L+JH1IZH9+U1+f59oGjuPHc86IIh7v5xZ9wusfEnzHYz5KFHnb/7qb21hFly1KRoYsY13fK6u0j2SVxkUxBtnFgciH/zZeJwMjBjfyPKbEH+A4mfEYGzyE8zQ7VAxIerkwG9NoDF0z/G2lLaVaB3A7o7MPBhw8yYb7mJjIQhZ9w96qoNoOknXF94qX7Kewe3S3tCly298SttbAl/QojfMeZdBLnZ51RaJfqHOA4tdQewLJVqNNJ3+118L57KtSanv1PpOH8mgXVzXDchp/xshLyTaD2eazon+xxV7skBlEODu1uKICuZK10DgeIufDEGlAEQPW+TkfcqEZvGQL2xe0ho1pJDlUh/l4F8vW9ZAA+HjyrzydnFESwA1iAGQRbGZDGaSaAWz15hVs6oR1OqMl6mZo8ISD3HbyehYSvIY7t2RECXjpSmRbuhVhNXpNZRt3BbP9m+ZwRcmXb6pKU0On15JAtnvdRIUuCd7wdbvZzsXfSMrQf6cgzG5uD5Di2gSw34P3sUUDpYmGwCkF2zK1EDBy5JYGBXO6fGLQboNEQ1Nv7/nrWdDmuZw3ITiioru7hnAaP63dwQ4e2qYMyquEc3j/gOKojl0XpNDxryI7THI64TJlcxALXCm3pYE0CHvlUzAi7kiP2iGcCKH4oNC7w50TnxoyxrL8dN9Ek7JYdnTNNNa+LPYxOhRzlsxj834JliYpGjys+1MwIe6xbH17YNSfwtkUKdr7peVt+eAq5EIM4oTJzB3BvH+5LNUXTiaa61DJKR91SOMwyI5cKT55YCyZXWDjEQtotoxXd3hiPS4TE4Rzq2WCh2O5PJJcNRu+lO0N/o1NaC3J+/xL6FwZ+nL32mkca9IR0d/UX4qOvDOW7TyEsvdVQ16vmPjSJE1MXr6cuYTNm7sYnSbZeZXb8OXMlWxvSAjbMKM/LyscX+GICYfbTn3UNG/6QHkE7tSeH1dsZr9MnMQnOQnnpAnRyz1n8fb88l0HztPnO25QMa+XlmfqLeo7qmPh0R0cB4HLiYlVWAEYzMIERYMsRx5czYa0KcPLDp05n82fs46FI2wKfeprnHiTLVn9nTxp0dgEQVbchW6MPy7cRymFBthZNXBiL+uI0EHieeTKQG6nSMfIIRITIZI1mhxwmQ1EPV6h2inLwRGrS43DLSYqn09Zym3a1nmSbEDTVVxHrfAR7dXeRdv7BlEfJrKkh4mKE63kQ/yFo11nhKQPYmFg9D7JybSq0w5mpE+C/sfYppXzh7Ehy6XeF7JIujhqcaBiN3X210P5B8fH8b4QDvfDQ+O4zH4xaT3q9XY2p2dN3n/S2IcyFL6Kp5PdW4XjwcbJ7aXnAVvdcZEBEhgKW6vgpg0YZJhklS+AeJFVd6eMMdEGUR9NKgif6t/QYlsit7U0CT0Yo2XAIizbGei+wbJ9oqSYiEP7VZg3kS2vopk8i0yGe2RwAJ/wkB0hvKd3fI3zOmC7ZDPs4iBsD6At3Rq8i/08QtJrkgPRt4aqcUIvyZWwmdr0S8u7cj7E4k7oXGkS3+CrBWwn8insvZBvKivGDRr3yG9SJtXymKqlL8KqbGjGJznRvW8T2c4vCrEiuGCwensQC96xiNtF6sv9NKfHRRgaB2gMrD9wFlsydx7bHm7RyXLby006wPvVTK9tYe+hTm+6oqOPi4dr1i1mg75ZIvkAGp01Yt59k4lsGMoL2spkB+WY2xD089YHB7P18yWbODRIWtC0ZYdEp2nulg636FjhVGvKMHKwtQ4uGfeiMFZ1ZtHBunlHGuiFUmlXDJlxhVzuTJpdaFcGtHWKcDQqHBmDVovU2bYwGKYr4nLBMxP0Kz6CjpavwP6FOO2hu8TMPJavBpFjReItZlHaWRB1FK2CUUdx3u/vkTrqc82bgXt3WFSixAitthH/6kwY5V6ewAiDJ9qqu5+bpSt35Nuq/Pnn06Q50pUceYFdjpbClE59JCY1FKtzQL3wKVHR/JcNfD+OjWSEqR25C41lFymbbKSF4RPyM1We8Sezv/hqZMUJJzVE0deU8UhNf9KKMk1qvBl1wqAwBEj8oUySk06YrJFXPomRnd00fYfP19Z25Xm2aBaXhCEYEnxP4V1g+cPSybwfGs/Vt0vJiAGhA+9Pk1diMY7kJvyCtC5DfHJHUftGJ/xXTlc4jcLY0wRH6EhKwh5uLLWOF9HS66KWEzWczI5wp14MHu6rxbLT4qE+W/qgwf03w+xI6O2CcJWv+xGR6oONkHCmSQYvL/qQ5YM+6KJGs59zoXx024qxiWx1XQzLOsxJor3RTh4pjmwaDbbBKTwH/0d9RKvBRFM4UERvS3fQyJWaX4SE7H82L5CFhOxj+/btY8G7cJLVSXIO3px4gGeN2Sc5axNClJUCXHbT97uwUz+Fqnou3rB4Wm3SOpakp8Y/ZWARTBvuW9upEwNKMsPHUIQ/irZr69PqDc8k2/uC/al/5EuO064emtVpBzOhK7m4wygqkO7klJCu/aLRtaRj0iRbsUEyL2blqX1kQ4RTRo4W0Vulke3Yh6JOSVZIfk6IKLyTM0ayxt/waeJFUGDocTwwyLBdWXV3yhgzqy94dDXezgmzhnPZkRZOBIfW98s/t+X552tsrGluHE9ocYCwocmlGEe1/W9azhCZzE5yOuQI0mUPB3MdptV2Ow53oZ4L+KIF6TXp968zB/A2i7FG2NLsw9SFOuGgCTsk8rw0WvUTKM+8lvq3T4bmKn1F+lW+krtee+QfiSWFSDZnoSz/KSmSY2lcHDDWSzpF/aXV6/T1JL9I5LWHPfaRaZ3edUXQpzfJYaJScZd1tuVidRwmn4MWK9RFJMmem5UXtBW7KPs7YiGVqkmKjRW1MVt2SMmtBjIggKZXxP6dfL9ttULqHkQpYxJcPPMr7rcNALEVN2Om4hAO/SBPrSjYMqsX1CuTG/LQPkG8zu+m3ZMANV7IDNfDw/leYp+YSL7P9LkE2ksKkHjlFN9jOaDzO7o94TzR8O96yE7cpdQEOjUppaRkzODDw9G0gRw/0qC9nKGb1sKqXafglisLlK9SAs5OPwQxuB9TfEQk6LRrWEyhk9U3CdAAQOvXJebpAyO6sl2Ilj4OPbUZvsXn12u/AIm3rkE41pcha0Yo2KgQxOzBPdaYxrKWhjo1AJZPqwnN8y2Fkd2bwvP+OSE7EcLr5omd2MYuULWUimv60i/yj7ikHNL/yNA/YNXyzXAqEncXvVAeit/bwfujSP6sQKdvzBuEJyd03wDNy6gb7NP5F4NCWFykUx+VglsQHv4QXylkgWSfvLhvNprv8fLGp5YXCjPfHJzHjQdvwPcVQuDduQB9x/WCH/tugsusL9xb0JNj90ntfLzojaMHeT+9KMtPuuth/OOM96rq9xZfRTy89aeRF9eD6xB0BaD2C8XVfcCGTCQDx1YfhMvN+kIe4h/bfXErQGz7btCwiLrHLkfBvJDlknrMxc2TB8Af6kOJbCrB+zdO8YcX8z+jRBZ+rw/u96oE3VruAOiwDBa00+zpU3JJgfPb8PQPaAsDO1RUUlyQDYoUU/sqEfvy4xJqX0L+koAGDs5ejeZlhI5079lY0RFXAvDwtTiJrGhzePtB+AmI/kq5exZ+W7sS9h2OhuRcz0LlchnhNmYp7Sfto3NFXuX907CC1D926ou1ow8a3Os8q+cpcy5USLw6Fq0Et9bOhw6NK0GOvPb2MApKBau8D3dhB1xJjIfYNb9CRPtVUAyxvfdlVSg8aD9cnFIOTvyOsjKtvBsmggbdE+Pv4f9nIPkh3lTVpCSIqF8JiikikwGKvvQRYrcDLjwYDEUNeXkB+d/Mdm/ATG0Ehj+fHghju1TlseGHt/B7Np9ItI23uW3MmC437/fg83cwrRBc3vMH14+yhVTZcOUvBCUx9TQvbfUvituLHiNrQ1YaJsXlioUTX4+GTeJZvkcc3wZbdoRAaMQ9yPt8FfDLXhIypah7wD3hYyDFHz8aOQta4AARgzJa4Xl3kAjtz1vUVIqyTCWgUTV9m8zqtIOZINqxFqHkftGH3AW1eJavAzgww/Jb1PnqZVVezYE9VKMujhLToXmBStBj3iTo2bI2FJY/EqePbiP2SR9isTs4XtxP5HY4Q65iqBXj4OiZB1BTs8dfSzet4bTKqrG+6n1mQ+eBlaBPZ7RvDWbB0AY0sni+GFyF5R8vBFyQgqYaG2ssRXu8f/6oGiyAivBz+FiogKKtFVFjfu0zlT20dhPsO3oOrqBVLZPzKPyEGWr56PcDe8KhSFapXy53qw4FNMQLV62KfblaE+MepF3eVyZ/Aq9M1qfhKjKs/q4vFMXolIgLQMnvonG4fe0aflCYCOlRBfC7UMh2XPIlssh5RqFtERftI679eh3IhuOUt+udzoOgRqHM0PQDKacP7n0f0H8opEdrob1Sbp2GTRv+gCNnLkHSs6WhRJxkNS7fi8VsmcCFvJEuxuFHkaB4KVoK+jD5LpNWvAWuhPuQkKG4PlF+8oQ92UuzOu3oyqsvShXcL1UakXK/qB2vVSimJKSD5+D9iVXghzH3FL+PEq3KKwUxwLI+C3WwM/s1Kw4Xek2Fqb0+hWpF1fE/NXZIS9fS4X4YfREH8/ehqOGoAxL4k4sBHZnnuCNDxIq1nwfbb2aHtwaOgvovjIKa3ZfCiiktID86PSfX4GiHV8fyhtEW49LH8yR4ePEvdJwqwusVckoRlv/j4OTObRBfYypo7dSlY9LkgD7GI6X/4dVC0GMvQJG2n8GHmS9Bx4+kTzIqf/uS7KyodITfS+0K/e0GRLR7E82xfKVEwFEcE0vJ5WJx8KArqGs1yNtVCov/+fJJneqCnNBhwwGIbFcNvvqmJSzHv+GbwtBgPY9Z5XqrNdMM4EThGcWJoqcT89pB+fbzAV5sAr3q5oWdXVrBQIzH1+JQGB1BV+xDuI7PHepUNHU4Kf0Bpl+GIVA6zxAMqReuzgDB7plPNb8SSpcPKuG7p0D/RDgyfxDgdg5o/3YWmNM3EnyjjsPUETfh5TldpI/UsND1s7+jOeytnDwSeyOUT7J6FlSFVsHDQ38q9WsCSVeO8Ana6MoFNbH6IJ1MsesAQPlWZSRHK+ESd9Ibvfmighl3UFfdhIj/5ZEmS7KTfq1+D8itOFjYlpCd3GEukV+NTMmUXfHLlo5srvsATssJ1RGyJQSS8OPjUqrPpGTR9qUSqQnciU/kT0JH6lfNp6bG3udOs3CSRZtLtS+hcy7pKKlXSn7A8W+OxzjlPDQDmn1zitNpWVEacmIvhfH0rgX9U1GfxIpHfTDBXTSAPvyK2PUDtK3VDfq+9xKMQWO+7NqP8Jb2oyOR2eLuV6osujVDYN+xAxC7EqDF8pd4zhJvNYEbsAIOHHsFjmNM3ZetZcWCNI+Ox48Ly7eqoOtfV1wUypD5x0laWv12nIevq+aGB2eXw7OVcfrUbgP82KW2kiUjk6bhnV4sosSJQHk5QB8OZipUE4rhQKVekkyozyYhVyT45+oCQ4d00skCLTks340ON7ZLXOdWfgHPNZ3GHfRWfZ6DM+M/gl9PYGoDkSP191eafAofvqh3gtypaNvhLa9U2g5mlJMGXz9/zaxZKq78T0dVy/roglxQFJ198XEsZfJWXhAiGcZ9xdD34xYwHidY49sB4PcnMOQ9svd44gUOabcP9IPyufuJIsqdGb/QVVLSFngUWXWrMVNFeL8bwOQfcIGpaV3d+OSWV0RcCoIvMfwp4mCc8IssdD86qQt8shlPq5o0DermvAfXruHBB1nuQRR6I8fPX4Gbd4vAM/7+bjS4o/52Ll629HufQcN8Z+DTb9AZwSujvOhAYbs4lC5XUBkLqJz2hCJ6NruiKRIXR258WwsyxV2AOVUrwsjwJrBiRl+o7JJKxONYR9d69AHySFHK/3z5JKeHxkPp0uoAyiDqrZ3rze7DoI9Bv1rnOgplO3AOOYmESxuhcdFGgC4MtO7cG/xOfw/D1kp2304dxjxEufw0XJD8qJQxSXm2i71SQBPwrivxpn2rIQHpDJ2YFBWCH49/pnwgbsaftrwIu6Ag9D1xEnIO6QwdJnWH6viH30vB2tEt4FnMZNcOCXrirnoQIgbv5CQcWhICN2uoToVIdt05APOvALRqXFlRCFqte/OrOZB09xTgHjb4c2pL+JqftZwIcSiE5Cievh8DdyMi4eZNdHAipftPzaWOu3osGOdWr0Bh/eRMVKncGdyBC8vRPW1QWWMAkuAGHjkljpW7vnkid7bxIxgIXzADJsxcBCxKmjK+VC4/p2VGx5VwGdBPhtrV1FVTV8wVLqw1XyrMy904cpDfl+FZujFyG6g99Hfs9CcKT+lyV4UB6xlcP74acN8yjHm7Kz9jOgVdAOK/SOuXdAN43Ik/eD2+DC1OwlEYic52tW92QgKWnzhhJmxi0fAT+lnX6pcG7ovIY5NPNjmgICQHMJqU44vNYRAdLWFNPEZG3oTwmyuhpjx4W/FpJCee41BaHp7dAKN7HYSG85tCmVIvQHVYCNNGDUEHGCcHcn+SYTy/EVd02pdU5syXjuzjK3UlNCtLZv1ADoG2P0Xd2vut0FA0lBWhdBHrATXlzhU4jIXeryL1XdIFyUl/pWxBhZRwUMu/gkc6Yax4rtVEdbBIF46s3YYO82sahzkJ9g5rzt92ELE9R1EhHvEy9iW7cZ6v3FQvkYtTNtOR2MvHuJNcSnaSRZnmlZUpI9fl1Z9/gKtBfQD3YMKyCRNg2pqTgK9+dW+wbhyR3jSIlVQ79dnRBzPctVDlff0LLt8H8Vz/2zADmr672OTsaG0JfdiVtzT0xKjtP83kJx28WUWaQGQrXROnlkdh5c/zYD2GqpaQnFt96Sf7lCNHPjw5KBvkf+kTwC0aAPMawc/n5Vk7Pia6yK0D0NuTSK6nf3Qox9MSXS5If+U6RKXwx1T/U2uTitJKkvZicBM29Z7G39JcY9vhp/EzYeVxBocnVYUCaA/TekkrZmktbV3ODmZqab0zo8brQ6T3ZPsz0HFQusteef/KzWHOyUS4vO8X/nbi6yalYU6YhDyNf7hnHy7FRLuNf22LmszAdfX/PQ8+zORokOsbYTQ623Sd6TAVjtiQvyvBu7hdblxB0kGptP4/jQ27x6/gkad71YRc2XJCQXzLmMu/FB+3YWojyJczJwTRipHhSg5bxZ3tnmsuQ+gaeWy/vweaGfLZfbwYpe/vTDaX2WuVLQT5nskG/rkrQMefh+BYuwb6zTyqVOuTvwx/G9xs5UnD+Bup+AkZs0iuuE9GHPM1VyaWU/NkHTTTrwf8LZ1a5q9V38BeHJfxY3FYNFOy+7gVQs2QhtBtNx1JAxGLIo9DV1IMk9h43/yQnCFet8JtUb179DNlof2k3XD/6lGY16EmHBjTElpNP8Xzpc4OqaRNHW5yoKu0qgvpgldD8G01MzlDgT+M5IN8o7fk13VxN/G1tzRrS5/jBfh00o9cAQ6fvIGrqH7wXHlJ+dJlfYa/Ls6TJw/kxdkr3el4JHJoTmz+HeKrVYYiXuyP68El2Irs1C2nKjRtFTi56xrcric5d1GhxyRn7EXJUSHub+8J4o0Q5z+b0RFHh9XXrJo+vHyCt/X54s/w8vmqV+X3yAe+fAZObRB/eeXVlAfXzsKdZJ4N8uMK9ZxVU3GI2wF/RSRAOtwKEYxJob+dkzerSO1fM7Ev347xbqWs8PBMEF+9bdbyVWX27XoQBscjAMq9/YLOUf/lj3NSRfJ/PClJvmj9DeDA3ts44EtYE5/+/sSvP6friU9BRXt3oXtW4p0CcBSd6z/QeetRLx+4WBYgd3bu+HVQcnQ/qJ1VKkGTF1pdrlVNrLQmQfjhlXjEZEPdEZNm/WDsTy0PIhxx8Q8+QXvew0oorTKEYIHn5BX1qAuh3MGsWkJdexEOqnDKaYmDJip3NaslcGkbfI9LBC80LKdgf3vTCHht+H74OvAw4L5wWNppGX/jIPjT3l2IdjbsjGwHwtG1US/llyDRQFBfbdgkVjwoD/5o0LRenN9m/6PN6uY6IiYxwkmOu3OeV1DOMHOlWX3EsA+hiiTGmCcODh9YiKv2r0B+/gZL2ibmm+8tvpJqtz47+mCGO2cS23jp7DUelOzN93B0aF7IdEW8/ouDiyH74NS1+1J2q//pCsP/cMTdNGMR16FqxSQjwrKXhQ9r4DaB8YvAp+ibUMyLv50Uj54RXulV8bCqMRXxwmHLAHWGLeXl2o7aqPx2QcFy/+Nx59DvphU9yZb4o86irmaTBmK/XM9BBEyAHX8lqPVG46+n4lNeNSbNIVfCdaD5Yumq5RX5JvmLunaDb8EThFOLT+aMjw6kWZ12MBM8W93xdHW4GKPxIHFyTpb0zdJkzVJ3ka7cJaOBa2iFajSD2VGB3NmKeBiL45+k+zmCL8CdLNl0418OtMcWp7gqDDwODBVicsA3dwEcjy7AdY2NuxV6yJAtDlb3aoRvhgZD4IFFXP76TlEdSkNm5THy7AF8q90UKhvtcjK+Fd8XDOfvJ3Of4MOdp+Ho6dNwWvP317m9MBZf4ef5ahWcOnsRXvZRyCqBxIck9QD5Cmve8iXFc11QMtkM+KBfm2vgGjijyX/z6kXsMbLGni/t+JD99S6A3xPBka7DlB9uS5erELyEJP7cf1U//uLkW/gJGYqX5X7SkvWnlcq43T24Tad3SmIaAhl9/HGcrArlcquFk+9rOl6NBruylsuwdUdDItVBbZ2PqitUOZn4S6FXFT5oMWH/D7hroVZBZXFYSbQRiLoZw3NlLVABPv1pG1/03HlKop9WO2TqcFMtBarU4I5iqzzvw/hft8D+oE0w4bNy8CaerUyvVN7jr9fj4Le2+aBsoRoQ8OtOCA09DmunTOEO41uvlUAqGaD4a+/BNTwJuXSbcbDzRBgc2LwYOuGqzZhgSXlwwxOcQYcm4QP9qi9vqeHfwwshfCW46gvqixpandiGLNWuWpqDmjmPHzqzR2H9ij8h/FIo/IZbW/I0HIlq1EQ5/9mMTtTVc6hs+lXTywek/ZNV5H3IWQq/iLt7Ab6q0Bxmo7N1/PB2mNb7dSja/w/JgcbV6fYFS0HuN7+EVftPQNih7fBd3+58O0IlXNlNPn+SY5O8tQU0n7IBTp0/Dkt7NoCWvwC8s7Y7PIe9QXVUwTrmDJ8JB85fglM75kLVZ6rxPWGNn5cHhEyVoEN3gDvDa8InSOfYiWBY0qsklMg4CvfS45WpNDREJ2Q/pn88cyscDTsEGxYMgPyuL6WVCi98Egn3KwPkyfsqj35hWgeopJEcwq1nq5eVIsKRrSWvtJITHb4f+zgqFPYfCYa9odIszqwfjP2pEJUDZJSObT4It8s+hK0L5sPMmTOVvykoe5svSY7J5X2beZ+LFfWIUFrBrcS35AiaD65LDmpZeW8Wy1oCcB4BZ3v3gdk7TkLY/kXwdlFpK8ZzpSSZY5dWQwOUJ9KBr2tXgjc+DYDbV/rBEstfnssMb3QL4DrwbmvSgRPwx5JhkCFLRlhwGXnFvnqvPRqKsbWh6fer4FjYcVg5sBY0+O4SVJs+AeqRFTHVkTg+iSEnWWyLurwPN4zidTHsABzYdYhvN+ER+M9v2FhYuj8Mzh/fBZMb+ULjKfjGpLm0F4765+xOdMpxvxq3zTbr86oPWK8Z7sTTtS09oGipgvD2wIWwJwztwpbp0H+EtL2HXLWHJ36E4lVfgTcrz9e1g8pqL3LWS79Sl0dFtH8NnpflkvZDVmxSjcdHvVWWf9ugLWcM56nwMqKwBrau2glb1+ywnEBpy0nLDNoY67CryEeAH1vi7PQDWCqvfvq93prvHR5W+X/cxu7aHwSLB9WEvBk/UX65rXDDj7nN+bpMJ5izLhB2bJkHDfLU43bQujZ7KXx+jvJXF43a9a6DYebukzhghcDc3mXgje+vQIy6ZgGpxWfLkpmwYIaqm6SnUycthXOpAM2sTjuYeW59Dj4+dHi2Lkzdsh+OH1kLnQo0QrvZBdqT8qfy2tXdDwpmfwvGrd8NoWhnl08Zyyf60splZnh3xALusL5Uewj8figMDu9eAQOfd0Gm9huVRRerKt0wnDUFJi3erUzYrMqZxQvYC77ehLf/ww9wjNq9G3b+OgaebTZdV4R++feD5QAfbuqO42prwMMEYFfvT2D1dc0kRVdCWjiib2aiquXljo82+cys5vDiKy9DyZ7rMDoDPFuyDFQoUwbKaP6eK1EJiqLxKYBvrF4oWRSyS/NNLRnwxZVjuuaPn4xjyCW0z8uhU443UqULhAN/I9/rS26TG3T+AfacOQ4bZ3WAgm+Pd9sDzSsU/8T8WTxzWgWhzZIAbjsCZsuTEtyO8wW+Ibr6fT2oN0Ky6WTzXbi48tWOCKl0phehBY7RhwZVgy7z0Xc6sR0mtfHj30Zp9U5TldcgvQ2jS/R1Rp/sfFvpSPQBzl46B38sHQA56ui3mJIQ0hCzdMlSCNy0GRdYkzkNt39y23duXgLTF+j1esrkmbAjXBp33cppIgRf5nU+mq5QNTRVmt30eWg7ZRV+qxSMvtX70B0XE0YNfNOWw00LU3SRXYwKGoW/uuwH7b5fBgfDQuHguhkwHbuufElpmSPNdkj9ftI9dHbNKN1RecgHw49+NGde4ikT4TvZ0EZl6GWM8vfB5C2aPIns0LQvlDSeD8+lXnRcPvdUPs5FOY3BnQ0lhr7Yp69wxTFvPEE+8UT5ojvuLzbpHZUXeKMt/7pWOU0DC5nRoS/H6TguflyOXCN90a07ShDj7x1bphw5RW1BZxPPHD8sH4GUyP76TX9GN33RLs69FF+00xmwWrx6rdB+wx7Lgia1U9KJ/sfvS+0RJ35w9uIusBktS+nyDV5xWDpqjzIgDtp0qq9R9wX8uDM6acETn5y+yT86+YDwFyd4iC97xZfXogh99U58i3OQKf7wxKYKr+JLdLN+ECfYKP0piMp3OqEEV0IUWlocqU5xjB59ZS9OjiE++Rmb9dXj/4gcnYKgHJEk0793fCE/wULQFV+C02k9dKwbnUhDR8yJUyvESR2Vv5W+kpfJGG54LvycfjqeX+2xgJ0VZznjUUlL2qvn2FPdfRSZQlImOkJt4mdEa44Xo+O8cLLG66Ev5sXBCdF4DjD6VEr91bp+zMPihBJx9rjybLM+aqQnfbDCnYMTd4X9Nlo+Ik3wpjknXhzPKL4w52Us/kUGS1/ea78op6ziS/IP5DO/leLyF+1aGaOTaAR24hQKgbGQV1Ge2wXdySUiRboL3rX0KUXUUaTfTuXItJRrO9XjwBAHkuF+aGPFSTRUDve5K7yRbHQLGMiftScsUT7tRTwqX9xrEqhNdPIKHcX2QI5PCP9d/7sBHw9moz7Tn5YgeKf6BT4askpQtF3oj/au6JqMv/YELMGXFmurOr1iZkJfMChObxFntRN/ZNN+Oac5KcZDebJtlF+cUnLn2EbW9z1Vt4hel7n7lf6lesM36cdROjJ2wR+XBEtud08YKvpgkOHUyOrpFX0VW0D8inOa6eQsOimDjq7UnobE8IhX9A2Z7lQZA9dUP9lYM5kTR+aR3FtdVvwb858znNvf8rM2vC3ipCYrOu46G8u2j26m4ECyOfGHjrq+NdYtbL3xRCqBmdZ/oLFiXX/1jG3C+bWOU1nwVWH0kTqefz/sNVV2ineaymYPKmmKoeBFyIbRtlD61U1f8vFMnH5DY6X291FIbkcMasVtDD+OFstQHuW4WeRRdxyuqJTyyedcUzvM/ogfu9h7qtOTrljR52zK+oDf7enGus6LDyut8FhePn1K+DLJkX+xRYbfraD+0f7+glc7pNSsBlwURAA9XPRLXTGQHIuvW/3wdafJdi8qnBCJrzlxcpQZtzCY5sFfOrqLv6qIP7GHr0stiHjgIrVJ8TF34WFSBnxV6+FXHFNLVMmfBPfv0i8CWtFPgrt37/J0f3xVjFuq+XV0dDV4d1ATCGJ4ugH+UuCtmDjEy/zVYjKmR8fiL5chnmazfcGK1E4Jd7NfMKNfU3qIe03M6ZjzKWg/7vuT7ZPHya3cv49bVrFP72KfAv5CpNgyoOVa9HkGXwsd0ma2Cst1uPf3E2oT58ObPlgxi/HIbxTqActMmOjtAtmUWLQ5nuTfA+XUJyEvN7F/aBuWmS6lnqD9Evdle2Fpr2T7mR5/kdH612/t12eWU/Dgb/Wx4T+Bj4c6Bb+WmJk08sz0uvDy5wVgc8oCqI6nZd1NdvHtPMJGmxSxFeXNDtMvBv+d459XppPQFuGvND9JedLyQH3loxkLtWmpDj9GXUiJjkG/JYnz9uiboNxbImy6J5yFHFvqnTvZVMUIHsg3M7druIUMt09kQBv8jJ/Jq4VU1WY3s4c606IrCQehgU81qBOaAH1LJ6P/Rb8C/gjjqGgG2h8as+30nx07ZMPhFjU790dBgLZCLKruB21zLoS7mz/W7Jd8FKpOWQcBBwEHAQcBuwiQw13p8xT47f525ZsTu2WdfA4CDgJPKQKyw10NtyqPRD/rab3+runM09r+v4+vFPyy+sALMHFfQ8fZ/vtQd2pyEHAQcBBQEPDNXQpKNntZOa5USXACDgIOAv9eBPDAA394D2oXVk4GeCrb4qxwP5Xd4jDlIOAg4CDgIOAg4CDgIOAg8F9BQP6m/7/SHKcdDgIOAg4CDgIOAg4CDgIOAg4CTxcCjsP9dPWHw42DgIOAg4CDgIOAg4CDgIPAfwwBx+H+j3Wo0xwHAQcBBwEHAQcBBwEHAQeBpwsBx+F+uvrD4cZBwEHAQcBBwEHAQcBBwEHgP4aA43D/xzrUaY6DgIOAg4CDgIOAg4CDgIPA04WA43A/Xf3hcOMg4CDgIOAg4CDgIOAg4CDwH0PgkR1u/mtw9OPz/8IrPjrub+X634rV343T39op/9HK6NfF6NdO6YcttZdVvDaPE3YQ+KcQMLOR5vYnDqLjDML9WJjGX4TEXxF2rlQggLbmzhPpi1Tw8I9mdWTmH4X/X1S5pcOdeH41fNoyAA5FWbcmKewn8MmVE2r8cNQ60z+QQr/quHlMD2jbcSyE3DdjIAn+HF4Qsk87YZb4ROIeB1aX1w6FNv03gHuXxMGOMR2gxXCztEdpjnecSE66tv4Mevfurfvr02sQ9PmsDXy94owtBlj479C3dRuYEnTDVn4nkzUCl9b1xZ+19YOcOXOC/7iDSkareCWDE3AQ+AcRcLeR5vaHpZyFAJcvjDj2MFXcWttPlcyZ6e+i3vjB+BMP1Mj/B6GbQRMgu+t9+DMhdY1NgYsQgLamnO8AOJ2SurL/WO6EUzCmY2fdeKUdv8hvOMZxkOSvymjVhprx/P9VZsywEHHm8mQPT0HD092cvqcST0ea5S9NJj68CguWfQ2Fe/eAyhY/lZneNxdUwXYUzJ7x6WiNzIXrXghMGjgVtuBzttZtocob+XT8MYiFC1OvwfND/j6+HwdWcec3wraFeSHpe11zgEEiXF01F36DlyHpG33aozzZwSnp4R2YsWQWVKhQQakqMXduOL1jB39uUSdAibcK0AA6qlg9GI8ZylfrBz1ez2+V1Yn3ggBNNv8IQCRfHwyrh78JxUqX5yWs4r2Qc5IdBP42BIw20sr+uGKjYDdyVSsjSxVvVvZTSySDX0H+mCPj3zc2aOv/p8K3QzZj1VkBf7APIJN9LlyQBfI2BEg+9iykt1y+s0/v78jJMmUH/4c7YeGFwpCfMQgMDOTVvvHGG/y+83ocdEUcWCbJT0j04if8f5UZT31lJk9Cn73h6YmuSDOjL9Ke5rulwy2Y9vVg1FxF3oeDKLBWVxy+agLwhcyZvVZjRSJN8Te2LufONhWetmgPjH3jfTQLqbvi4mi7SQbPvCfFQUwsQOZsmUExz0lJEP8wCdL5aeKQkmessAwSSvHNBr4eoGK+AOmTfJAr98snJ8ZFEsful/e2YP3R7jy7U3KP8X2xIzDWUZfAkJGfXs4FA4LbQs+6xXRp7g9xsKFXHfhaTvDP7J7jicSY9Z2NiuzItHe8bVTkJYunOlznAUoHtIImb5TVUbGK55ls4hEfE+NVTnWVenjwhmUy6iCtM/pl9iQUSRATk6TXQas65TZmQ321upIwT6xRp42ZzbCy0HttUW/toXTydzJ7aK9EIwNiYqbpUm0SHc+2yxv2lM4yWNsjb+W17bYb9mwjNVRkY5s5I1l1e7aTSnuyn4J6idbzgeGf+WW/LvPyjxBrJnNact7S5bxW/ZbBRxrHPc0zzOTKBXmh80YGnbW8aMMyX550TpLptOm5xJNnndGyQ2EXFITPlpyBz+SEMzOqwBtDusCGHZ10fgIhwkoAJGSWBM4KO2uZSf24KmGh12+zOJl16Wan78k+oWHz5mNYtVHUZxdvK3myg6eoi+5Sfe62zIq+tuxTGWYW14PjU7m8jToUZZGDsZTkv9hIlMlxx+/LeRJZYL8arHrvsWxU59K8PDaalWk5lZ2OU8mEzf2E5YYubI8ohklJt7eyZgqtRPbnN/X1ea5tYPUx/eM5Z1RCJqEUdoctrIaLvi1nsS3z26ONfZNt0TUhlm1th+lIS/lrMIvdlWndC13FPq+tSWs8mG2/GK/URG0eUQJYvT69OT9Eg9qy6Xw4C5rUTqVZti1bc05toDtWRDKRHVs0lOFbAqVcywFL2VkNVkrFGAibXpkVyKXyKtJSWDT7pT6wbNX0ad7awlgs2ze9m1I3taXdmPXsFifsGSdRt9n93KJPOM0hwXfMknVxIm/7X3ezpc2BlZ94RJfu6SEl+QIbWxTYB9NOKtmEbO0XXXb/AE0HWKcVQm70bc4IFdnINWFKefeAPZmmcp7wThuv7tx4qoPFS21V5BrbzfXXKp6T94aH1P5CnQPY0MaSnPpBExaoirbKZPwRjrVqD9BGoGxSv9bW9FFkyEKu64LPkm0Gs81nNQRjTrKJrZ5X5bJWH7YpXHSoZHeMOgj1Fyo6rDKEOoO2hurp0KezQo/4X3RMaxQSWciib9hbFVQ9pDwz9l1XSKVV7zkBL+1hxvQXm7Cxm4RMSvjXGbGU/TKiodKGCg3HsmMxCnss6e4RNq1HSyWd2vx8q7EsRBg2OSvJT/cyajtfaNxHh72xb95Ge3RNrYYZ0936TpM3dO5HLN0rY9lFOS4lfBW3dd8G35ZjYtn69shLc6nv9DbSg/1Beaaxos7gkVzehBx9Pn03S9DUbwxa2U9tvoRzS5k/tFXGJtHvHwSM1Mmsvq5YtqVbEZ2ME01qvyqXaRzT4i6wOT3eUfqVxrOA5YfZA8G0SboqO5TJu/0Km4Z8Ip7iT9t+b3JF+r2qmdqHVKM9ncOMRrlPjZ4by+p0hriwfwm5kMY9tRy1jfsSncey8Z1Ve2T0Z4wy43lcVemLkMDrnbbvKX1Qs/tSdv76QTamkdovr/ZYwMKTRCm6e7PdDPV1Gev6XlmFLvXxp5MCNbbSu3zwGlOBt5U82cXTm8xZ0dci87SGcXXS/LLjcDN0ZsgJFk45AbqggSwgrw9mG3cFs9XftZA6u/9OpaKwaXUYDWhah/vhoXE8n6BFQkzCUf2bP7FcIjfMZAgOagYZhaA2gI45ObAtll9m7NqvnEaHtRhWrlh2dM001r4s8tkmgC1ePI/N+yVYMmByWapnwY5gFrhyNKdFz1oHjow98dZ5/hYWtHma4nhT3JDFgWz3uok8rjAEKIONESti5/LPbTmdvL2msm1B29mir6QBdeE51blQ2MaAMAyGMZQ7NW4Ot422CMy/mLSe7Q3ezub0rMknD4eTqVYPOGmZMoZlpwu6b/A4+FGxh8dn8/ZD+1WYN5Etr5JKhxvlTdtummwJ+ZsQIjlwoo2zZEz5IIj91OCrBWwntnlCa6kvR+/TOmBqo+zKNPOCN9FJLa8qF3LISx0s6Qrbsngid6hoEjhv0WZp8mYVj2S94aFrf6MAtmbdYjbomyU6J0zhEx0hrT2geCrPB61J8kQK5YPrD+re+uBgtn5+fy4DQ4Mk5zaFRbCphYDxidDKQLZ/0xxOk9pzVKgF2h2hgx9PWcpWzh/GhiwPU9jQBrTGeey6IK6bZB909FD2dn5RiBXBgXX19iAWvGMRd+Qeh957b4/kWJI9nL1Zqrsn8gfdtnL90eLvU6oPW7YjiG2c3F7Sm2bLVMdL1rvPEY/fg/exrfMkXKHpKjWPRn7mI50tS4ZxOjXnSpNRcojJhgE6PquCgtV6Bki8MC99p8WdwtfWduX9uEH2ZIS9yz5MGgtSkk8yaqsyydaNJx7sj2YCSRORvcG/KZNBKz0mfqzsJ6WJ68HxcXyRRhmbNLJmVZebjMvEjPWldkzT2rPe89ezXTuWs69KASsAgxlJu7K4hBh2mbGe7Qtaw/rXkuzZ0F3SYodWfnCbmemYHHlwNRvSpgzvq6Ez57P5c9apjp0XuRL0tYs9dnTOu15gAzXY6/Xcs86IvrR7N/aTKEdtI5vNdcICO8prlBkx5piPq4K6ehd4kQ0gvVw9RtZv7FeyU0t2B7HlwyU/qtykA0pBb7abMkYGB/AJ5I8rNvMxfnrH13h7Bmy/wemI/vPcxtThbSVPdvEkO0OLZFa2zIq+AsxTHHg0h9swwApA80EfJjlt1PJEtqU7MK3zaeZwmzn4waOrceM3YdZwLiTdN2kdZ3NUacWUButVuCyTwq7wFVB1lUGUkZy70tPVlVHBJwm9dkVcOIWNFskrpPLqSuVvVcG/9dvXnL/Gc1V6NLjQaoSyEmjESh5sjLzdjYgWTLrdhWJy5UCBNN5Voydh7q0tl5ZLAyJhJa7YhyJEdzOctOnuYTGozg/nXrt7BhGDxpSUimSFHCmSHXLMlMFX5PNyPz/nQz55203O2P09iiNWa7rk4J2YXpfXcQrZEQO8GPCJtDD8oHVeNHXak2l7eKeGVw0LctBeHdZ95t6XdvAQ7X+mhDTIu/OliTHIOKW49avsVLVYfkEpmBQbq4Rj9kkTbzFh4gnhhomzrIO5+GRcKWoaEDozQfOmLhoHIdIdMbk3K5gUIvGhTH7TqPfe2iOcptyFxmomMbHKZJXw45NIfGOnUVNGtpH0W3EMTRpBb/J8akyV31hJ8kM2STjAVCQ+8qbskEvppI8nNLRoUKd6JP2SJlRWfacpJgXRwSec+3HnT17NxuccReWFCHlRRXkj4iY/7jLLCct9UbD/VrVKOc6T/bByrFQi5DxN1TvcNupyk3GZoFl9qRnTHoZIb5k7aXSFJUazyHtSBSK95xp1XBRvCcS4IvTX25gsbFNwihYN87BWrgR9dezBiY28Yu5J57zpBa9Zxt6o5950xpxr61izfqLcom3esDPKjPdxVc+LwOuHUBrE6Irlbw3Ij1kmj6NCxoQ+27HdEi39/2R2ko+7wnG308a04G0mT3bq0nOrPmlljmLN6Ku5n97QE/nMIaJ+JSimUM4ARV/6CG7DDriQyg+/q/eZjXvDdkCfzt8ANJgFQxsUQvttfTG4CYFfLoDE5l9C/WelvVofjPoQMm4ZD3/eVsvR5v045C9THO2YlC6Ki9gHEN2/F9TLLmJxb9iLH8BP+M3l75fvKZEU+rCBuj82R6G8PK1WtaJKnvwVq/GwjxKjD7gir/IPf4YOfgdyaJJy5M2meTIGo3BH/JswYOQIGDFC8zdyIOCKn3LZbUuhGnVxz+hRaF6gEvSdvxMux2N7cZ+4uMxwEmlmdwZXYfnHCwFfEUPTIooAuGWlPd4LP6oGC6AiTA4fCxVS8ZGOkVih2o0hGtbAoSsMUk5sh83QBAb2qQVhw4LwNJc4OLnmd4ho9yY8h+ywiAswGQnUKpoVbl+7BuHh4XD1dizg95qQ7UI0PDQS1zx7kmnbeKeCV03VPGi3Dqs+M4tPDR73S5XG3ZqPfrGsz0IdVJNlzYrDy71/gAPh9yG9Zs9y+GH61Bn7wycSrmP/hIdfg2uu3ICTM9h//g5PE/861iopgh7uUYAOI1Qvpyq1b/bCbvlTbp2GjfNmwKiBg2D4lAWwZNtpnufyPdzQLV9p0Xtv7XFBTqjeFe3jlX5Q8IWusCDoDOqk4fsPbHYAm1ZZAABAAElEQVTpWjUBTZpyVXmnM5f7fWGqUY04vg0WTv4OBg0aBJPm/wqXs5eETCnSNx9CfmK7fQXv5FbIQCb/PHzfqkhPLvQssDuSbly8dgsy5CrG6zl65gF46zuVqhRiz1YC3HIIU/48DylwHn6eC9B2VC+ICh8CIdimO8d3Ab5FgFrPZzUW5c9mMisyUl983qKmeMQP3EpAI8nkKnGPK/A460rNmHZ+/zouu60aFlObgvvq/f2kR5HevI46LrrSPQfNptUBvy2r4LQqGuDJfhG1xHhqJe6ZNTGCnuSKF3L7513nvOmFlqRRz+3ojLb8o4a9YWek721cNeYHHKnIRlUqLgbCzFC2wUc41heHQvmlcdSFTyVrF1D12eZYRmNtyNrF8CP6CwNHTIWff5gAPyEDuXyUr844O57amBa8PcqTDf/Qm8x5ou+O79MTY+0VpZHHePxwr3yDCjon0hUXhR8V+oGV82lZVaaK8H43KfX1pnVBM06YF7n0J0yPAMix7xLs3b0DNuFJGUcjM3KnclHgRfMyhtjSxfMYYgDikWZ81F1DvOqsJ7ikpPhE9VxYEWcopDzGXj4GIfiUI2sqUHFFgn+uFjB0yNfw9deavyEj4EN8l2+8vLWFPlLCPV7wcdmjML7dG1AkswsC1to7xs9YF3++FARfYuBTpOXpI9Wjk7rAJ/hR/HOTpkHdnPfgGg7sd6MiICoDwPHzV+Amnh9tYvdNq8xQrCrga2nYffg0HNs3FaKbtoUuHzeH6IjVcODqKdiD/luHJhX5R63xN0I5jfXtqkGeggWhWLFiUDhPMXgXHYEsl3C2YXHZlWlveKeGVwtWwFsdVuXM4u3iYdZ+M3p24uiDpb4nTgJuX4LgSd2herFsUH3gMrguF87IJMe404tFoAD2T7FiBaFgkf/xQUJLn9wDP/9s2iiP4XSqukKG4hV1E9SESxuhYd6y0Kh9VzgdGQcRO76HtgPmWNBTCQkd96T3dtpTut3PsHduP2ChM+DTWqXBBx3vHeH689m0iwPEWMwtsh4AuXNIA+e5lV9A/gp1oUuvrXAz/g7sHv8RdJh0DmJy8WzKv9LlCiphY4A+vCbHv3xuSTeKF8wLz703jmdj+DWdt74z0qP8b/bHhY1Vh+HCqb18MtyhY3uurzsOnoGwPdMhul5DKCf8DCMBr89qX4D62brXUmnL8JjqSsWYlhEPJPCFEpBPswii5Z3Sn4FykMOQfufkNjxoJD9klX0qM/21OybblSstXyLsSefs6AXRsdJzOzoj+HiUe1qwS+u4qsXLFX8ensml1Y0MkLt4Wch2XmqNHdtNzvbPb+eCqk3awNRD1yD+ajB82l2yaxnpTAj5stPGx4W3nboeReZEm57W+2N3uNPaUB9mcnLA9Y0w+geJ4pkOU+FIimfqf21cwp1YWkGp8/pb0PCtt+CDHst4oY1jf8dVdu9X2IVbbpl8cIXbJ4e/W/yjRGTOVYIXj0xKTjUZ/VCMK7e4Om922WmLf+XmMOdkIlze9wtfRfy6SWmYE2aswYy6e9yV4F047FWExhUKuCfKMWQEdo9fwZ9O96oJubLlhII4sOfyLwU99mL01EaQD8+PDtKszlgSwwRXuuehTnuA5T/PgbkzbsK7jatB4YrVoRa+GVk6/WeYhvy8U03ixyd/GX6MZbOVJyE6OhJu3rzJ/yIjI+HY6U+8T+g8MYJp3vBODa9WVXmrw6qcWfyTw0O7eqJ1VGQunikL7SfthvtXj8K8DjXhwJiW0Gr6KZ6Y6JJW2padi4IY7BepjyIhMvIm/NGhnKEZJrQNOcwfE/lALtL+WvUN7MUVpt9vMVg0cwJMW3MS8JW3SH6ku732ZIaX230PLDZCcbxbFRuoO9dYnJQgmHmmIO5Ex+senuNGb/Y29Z6GM8tlcI1th5/Gz4SVxxkcnlQVChwQJaR72MWr+gjNUxwuHOAra7gUEw13IyTsI+Q+aFtU9oo99J2GlBIs22gIJB1YBnPmLOQORNW85aFeU4Afl8yEORsA3m5b2ePkXCH0LwgcP3eTnzKjsMro6CjDlYoxLSnehZb9PESZm3eg9Ptw0i09Z5WPIAFuwIO0qofMcmrkytBKk0e9ztnTC0HGrCHedUaU/ifuj3NcVfjHBTdx2bHdyWGr+MIWbjmC0DUzYMLMRYDbLnWLDYKe9/vfg/fjlTnvrfq7c3h1uKWjlx4vW765C6AhuQB43KVy3Qo9pISlQBys7tUIjsNgCDywCCJgAvSdctSQR32k7QzrvlvJt56E4/Fa0dHR/O9hUiwcmt4U4g78CL/f0Hvsx6+rPyHjQlfRvzyumn0/CXZqnL3ksA3QEVe4PyysvpJWa32EUKHS3MENGL9Jt5r7OH7lzG5b6Gzmu9HUhgxQqEYzmB0VyB3SiId6C6/FyVOLI88ewHWVplD5WYNYJUfCyX3BcP5+Mq6S+cGHO0/D0dOn4bTm769zewFPHIE8X62CU2cvwsvywv+Da2fhxLFzcMdyXpIBqjTGdfW1E2AqLmA3fRWda1dp+LQ5wLxRkyB7oTYKP+lyFYKXsAF/7r8K2bL5Q548efiff7ZskDcVq6VGDOziTTjb5TXtdRhLWj8/djxwXCQt2XjkolKp63YITEanL68Sgy9Qb8bwp6wFKsCnP23jW7Z2npIcwYLl/sfTzqHf/Yy/6CN/7K884J8NX4E8gSujjz/yXRXKaV6hJd/XGKdHqNNOe1Ji5Dc6mfNyx/sCbglIwOWB+/ILM4ar1GE7Q3QLBufw1Q1tx6hRPCu4Eq7D0Su47aRqec2bxSSIunYDYqR5PeqdbN++mwZbpTkNb5Wom9Kz4VaFHMEX4E6WbJAjr4R9XuyDHKgn4iRFT31nBlOOCm/Buzj5HT1hF9QYWZ071+WbdgVYOAHm4hyr2SvqNjyz8hRn1/5YlTfGp3lB3UhIeZYcwnwrwkAMHWRbD/2xTcFfypq6Ma1Alf/x7TxLg7BzxZUUA/gShl+FX5XS1+/CAUq+6Ido1g9fCdH1P4CKWUWs9zs573Sl17yatCNX3imb57CjF+YlpVght2ChMwm3zkLwoTCTH4nzRPXxpNkdVx+lNju2O/GhpOj5CudTq0qK1y02qAmeQ97wNpY2kydjHrNnuzKXVvpmdf6dcQbPyL3qLbgSsWDGTJg5U/6bNQUmLd6tcxLdS5nHiJf2BV9vwrd5fPjBl7Bq927Y+esYeLbZdF2hqKDx8MFydHQ3dYfaVVtDYP9CsKv3J7D6ut5pFoWSzm+HfuEALdrXhSI+PjhAZ+N/vukzQ6WGLXl9yzahRyZfNIjl/n4ZrAnErSe76D1NZqg/eAE3cG9W7Qqr9p+AI4FzoVEZWvnsAgOalhJF3e6uNCwIu9KVhV7T6+LSbAuoja/Uj4Udh7UjGvJfOZt9Pg0EZa6kMdpeW3Z198MfLXoLxq3fDaFhh2D5FPxlTqTjk1F1bNxxcms+jyAjc2z1QYiqlpc7XdpcZ2Y1hxdfeRlK9lyH0Rng2ZJloEKZMlBG8/dciUpQFB2eAnlLwwsli0J2mYVrvzSH8hWfg2VnrTHJV6Mmnyjgxy1QFT8ecEE2eKn+R5yFxI7VQBnS8XXuF7jqd/X7elBvxCqO+R9LhoELX5d/tUMdtLS8ewtLMm0Pb6Jlm1e3iu3X4VbUKuIx48GyFoHXCwEcbt8dRi1dD9sD18HAV+txmUqUX2BFBY0C/3x+0A5172BYKBxcN4NvAytfUnLJ/V5vzff9Dqv8Pxj/6xbYtT8IFg+qCXkzfiL/+ptVY8zjE12SI2GeKsVm9MkOl2EIjJy5Fc5eOgd/LB0AOeoM8VSEp9nRe2/toR996uOXE7K+NwQ2Bp+AsMObYMGSbZAeXdNnZB3IzLC6X9pCnndHwe/oROz5dRiUab8SsvVrD9XIe8xUGurWB7jedTDM3H0SLoWGwNzeZeCN769otpSo8tO42pewevd+CFw/Capj3XXnoeeL9u/dEQv4wsZLtYfweg7vXgEDn3dBpvYb+cqtt77joBj+sexloU4NKbLm68/xAO1xpUvSV8/ur137wwl6+4crzvfv/AazZ85XxzMc12ZNngI/b7/srbRlOu1xrYzjTkREd2j11TI4irb014H1oeUvuPUHxxlxpXZMy/76p3wRYsbbjbg+7dq9Foa/4QflfYfAWRwGn6n+Kf+xsNEN88PgX3dCyOHt+IKwOB8HRw9vbOvNgRiT81R4mY99W1fthK1rdkhbvGzJFW63lBdepbEH94Pb0DlveiEwM7t70xkai355pxS8XKUMjD3MV5TMyDxynMDOSMjOuKotYwcvbX4etmG7ffGNLl3zx0+GvaGXIGz/cuiU4w3lN0p4opd/1EZveJuRMJUns4yaOI6nTZlLC31NVf9c0Op7zsRQ+cg22rFg/BNn3spfEYuv/cWXtMYvxelUEv2XvoydXtFXR1ecgTs79D4/OWJWDawXz8e+JRiMCuQnUOi+TBdpeKev6ekLfO0JIyKZTqIgetovqcX5z7xtmiPsruz6kR9DprQZj8jadk18PYwU5TYrX9ZjlDhOS+BA9dKXy7pTBAxYUR7Ca/voZjocmg//lV3XnbVJOaWLcNS2QcSLr3/peD3lfFZM9NaWO8c2sr7v6fu3y9z9ygkJRN8KJ1G3uBMPdB6rGX/01TbhWaSfejSkKCfuZrIjaIpjsERe451OoxlPMiqOL8MMiaELeJ3ieCxRhr64Xtf/bR3mr3WcyoKvmh9+bsYX0TKTaW94U7nU8Er5jZe3OgS/peRTWkR563jPeIhyRp0WdI33hLMb+FfwQn9e/qw311txakxy5F9s0QD5qFDZrhTvpD+nP+XaTuV4M6JDX+v3mx6o2gITHTTyIZ7paDqdHlKCoTz1yeIeryoyQflHDGrF651/SdZ9QxkiY0vvKZ/H9sSyY8u/1dkcOo5QnBNO+PNTSj4erNPVkh1nsb80BwElhP+uO18bMP+oz9z10U1+8HcGtPYtfNMo3e8CuMp0YQv+uETNZXb6jmc0/Ds5sS4/3kwcrZrMLkj6qrG7vIiJjTS1P2Z9gTjREW6e5FScBiFkU3sXJ69Y2W2dvTepi2RobsfnFBkCPBf6kzdU/MUYlJoxjWNy84By5CHxS2Pcd9vPqwgb0klXtL8rYKW/RvslzkgXdYjTb7zLlXS6jfaUJzs6Rw3wrBeYwaSfpYZ71xl+Njjipe03qaz7f0/jqtnJWUbsjDJjZ1zVcmGGlxlPxjg7Y9m55UNVmUQ8Wn7Whj8Le2xPPjzjrW2LCJvJk726GPMuc5LtrYLtMcqrqP9pvbuIMWT6n7nw9dhd/JW49PgLi55+Oe1JMZcQeRceuDLgq+ts+EJVeyUBbe1woXnLkVNemtMmP+ZwclwMRMc+KRy8tyWeXmnj8kRm3GZh9kuX1jjZB+I+fgjpg6+n9Th7Lk8rFYuq+0HbGluBTZVWxTyXsJ/65DD3jrd9Lq1yPv46Hi8eSXAf9SfJk/6gzN/1IvMkM4n4RsRdP61webR4gYGVHjwadUBMPLVHwiwhQwb+Zk7oidCBUe1PQmiXshKNDL64vcbcLok6/D1ukZLkB6zo4C/X3aWf0LVKt9F3j4qVtvzjsD9aek8yLGwp2TrN7oxHrtIbXW/pthjAfr2JOknb7YzjgD25slWLWyZBO/V6bq4zvAKU4Shc3P47xm+3BskRok+elD0R9Qq7ZelHyfpsmS4Ieb17wNusrAd5MstujBNyYWnLHpG+sb6/4/mfdbj/jhY6dfyLEYiDrd3egG3NN8L3r+f8F7fDYd1BIG0ICIe70wcHIO6rqmkj4pRyEHAQcBBwEPjHEVA36/7jrDgMOAgYEcgM9X7YC/WM0c6zg8D/GwQS+W8G9Kyh+fDp/03bnYY6CDgIOAj8dxBwVrj/O33ptMRBwEHAQcBBwEHAQcBBwEHgKUTA6yklTyHPDksOAg4CDgIOAg4CDgIOAg4CDgL/GgQch/tf01UOow4CDgIOAg4CDgIOAg4CDgL/RgQch/vf2GsOzw4CDgIOAg4CDgIOAg4CDgL/GgQch/tf01UOow4CDgIOAg4CDgIOAg4CDgL/RgQch/vf2GsOzw4CDgIOAg4CDgIOAg4CDgL/GgQch/uxdxX+aAT+6MfjvezSTIKoyLjHW/VTRy0OouPEjwinhjm7GKaGZlryppX/tNSV+jLx0Wby85h4xh8quJOmvkt9O5wSDgIOAv8BBNJgM+iHkvD3e5zLQeCpQ8BxuB9zl5yZ/i7kzOkH4088eGyU7dBkKRdh6qsZIf+sE4+t3qeNEEs5CwEuXxhx7GGqWbODYaqJprLAo/CfyqrSkD0J/hxeELJP08vP4+I5BS5CgK8flPMdAKdT0sCeU+T/BQI3gyZAdtf78GeCtrmSbFYZfVAbmaawOf00kXqqCv0X25UWm5EU9hP45MoJNX44yvuHxsVxxVzw9X782cmn5GKXNkJ111uw8/G5CE9Jyxw2vCHgONzeEEplega/grxEjozix5lTScAkux2artjbsHsvwGuZH1+9Jqz8o1Gu2CjYjRzkzMhSzYcdDFNNNJUFHoX/VFaV6uwMYuHC1GvwvEF+HhfPLvyh67wNAZILPQvpHauT6v75/1Lgdshm3tTERLXFQjYTfR/dtpnRV2v694b+i+1Ki81I75sLqmA3Fs8uyQqNi9vCAXzTMGY8KWmIuxMKtKzh86QqcOg+tQjYG/qS4iAmJg40NtCkQUkWeZIgPibG6yueOHx1FOfhdTOle3pNlBwXh+XNXodLrHqjT+WjPZQHwHbg63bPGACUaD0fGGPQoXQmU4y8YWHGpyeaAhfmmwX8sMabJrWCrf4zFEyy12+6Ut7q8ZYuEzPDgCcp460S0FVPD5IcuL9P9IShwMeNmDbCFu9WOiATktnOnDELRtjANy19oOUZw97l2lDA+Jhqns1thQvyQueNDG5d7gvPG+vAZ296oRaxgZua2XbIUuY8UZBlwmMWG3Ij9ZFeZs3ijPUI3TfGi2dJF6xtIuXzWo8tGfTSJzYwEDxn8JEm08b1ClYCIEGeDNrpK6ntekypDiv6on6zuxlGZnG6srZw846/1A7PfUj1em1XKvpA1w47Dzb0gMjY0XFtHm82w4w1V5H34SCOv2vblZWSrYcKNMHmtkpLV+pn7/h700Wt/+CbhUZqm5cNbJNstMO0rSSjXnwab+23I58SDXdd1CIg0fGcx5vee+sDb+W1/DyxMDqHplfY3E+YL7zJRs0ewXDGSFaQ+UETNv3QbSV/SvJfbEQJYPX69Gb15TxQfyG7y3MksmOLhiplqXzz4b+ya0ppKXAvdBXrXkaiT3leaNyHbT57X8kVGbKQNRO08f72gKV6GjEn2cRWz3P+qDy82ISN3RRmWb5km8E6+sxYvlYftik8XinPWCzbN72bSh/raDdmPbulyaENJpxbyvyhLdsjN0Fg9EHASF07Pp++myVoChrbqeXTSJOKpVzdw/rXUnHr0KcN57HW9CMaqnreM0JFNnKNio0moxKMDFnGur5XVtfeTycFyn2qZNMH4i6wOT3eUcqQ3AQsP8weiFwm6do+YiyRBfarwar3HstGdS6t0CnTcio7HScTiT/JemrkgPpatDXp7hE2rUdLpRylPd9qLAuRBJETMGJI8k35OvTprJQj+V50LEpwLd89Yyj611wHDKTiD3AZqDN4JOuoaYu7LHjoA8RhEJZtM/ekjvjdXQGM+nfWOVl2vcq1tngs29pOlSWuRw1mSX1uk2ejnhhlLYVFs1XNsI7mqn2gPi/UOYANbSzVTfgHqqqvZRDDnu0J9S/VuVBufwqLYDMbAivYf6uiZze3B2h004bMGTigR3tyk8hCFn3D3qqgYkptm7HvukJR0Hmn7XuK/NXsvpSdv36QjWmklnu1xwIWnqQU4wGjrUidTZTaXWfEUvbLiIZK3RUajmXHYtR67NkB9z5pifb5rNBZg+00yoRamxQKm/aRwg/JoLCjJDsLqyEmncey8Z1VW6+zD0jCmx2wom/kg57T2j/ecbOHv9u4ZBjXtDx7bJdX26ulROFYtqVbEVZ7mt6+hM7FvlHGdhUfT/aTbCPZql4L57OvSqkyTeOJMjbItt/MDhhtRsy+H7hPsiw8WcN0LFvXvajCG9U5Euscd1w2JGi/yDcZdUhr1z3bdCKewu6wNcPfVuSxVOsANq73axr7JbHgVRcxW/hv4xU/iOzAiMGNuC8lfASJkvpfyJ4nbMkeerMxZmNTbujCNp0PZ0GT2iltg7Jt2ZpzBsPrbfwwpuvk056Me9NXgcij+ojGPtL6VqKOv+tOq7Gml1aJRy0OZEGb53JnQTco3pccCDKOH09ZylbOH8aGLA/j9M4tkhya4p2msq3Bu1Tj3k0dANm1DVwQybDO3xHEtiwZxoWg5twznEZK+CpJKNAJXhUUzDZObi89DxA0JEeBeJq9OYgF71gkOWWijvgjkpPbJoCtDw5m6+f35+WHBkkDHw3KUwsBH6hHrgxk+zfN4cpJQnlU9lseHhrHy3wxaT3bG7ydzelZk1H6Ya3OaxB8cHwcNwqKMmkwokFub/BvioMxep9sBLzwaaSZzC5wo0KO7czAIBa4YqKi0MIJJZa4kcS+afDVArYTeZ/QWjJ6Sr0avkUwMlhySn5csZm3d3pHNDJIY8D2GyKL7k6GaUEDiW7v+evZrh3LuXEtAIMZSQKl88ESaXSZsZ7tC1qjTBSG7rrDaZFhFTTg9cFs465gtvq7FlJf998p1Zd0hW2Y0Z+3s/7AWWzJ3Hlse7jsISB+5MB+jjL4e/A+tnWe1M/QdJVi2I0YauV77LogtnudhKG276lirxhq+teoAxLjmv9o/IWjbSkLmN1THwi8cxcaq5l4xrL17YEVhgB2EcvbkWsNVxiMZUfXTGPty2I/oq4sXjyPzfslWMLOJs/ecBJ9nK2a5MiLZ+7cNwpga9YtZoO+WaJpk55Dr/bk1lYuGy2WX5AK3pZsSz7ow07JuvpnvwIajGzInJ4F/mRPbhLZzi8KsSLoIK7eLtkl6neyc/tluyLokO0i27d6jGzbMB/J4JLdQWz5cEkHyk06oHDyqDZRi7tPqT5sGdat2NVmyxR98SSDgpnLP7flOpq311S2LWg7W/SV5MCLSY83mRB0xD3y4Go2pE0Zbo+HzpzP5s9ZxycbxPMv9SUbY2kfiIgXO2BFX9Svvae1f7zhZg9/L+OallEMW7XLju01kELbIU9uJmkXbtDBnl6ZFcglT8KxkMCH9NfSfmpso3EM6r5JGk+0eIDBDog0YTOYrOO6ycD9PXyMV3QE69Q52CYOtx25PDyxHpfttpOlMWvYa7L8iYUIxMC7LjKWcG6BNI69M5b7QT+PkHSa9F7xEQydYAtbdLi92Rimwb/z/C3ow01TF0ax34agX0fjHuElxg5ixfv44Vk+Rb+RbHiyMd70lcPyqD6iF9/KAP0Tf/TgcNfhhu8XsWKGrCQdm82Fp9UiySFmKMy0+pzrmz91jNLMiq9GogHXLDKy4NGSEEsz1ES2pTtw53SDZrk4PvKmbPSldBowT2iok7KQsO7GgUsYFKPzoawcy8qnDMLUhthYhVrMPsmZnhCimd2F/8rb2GHtZZ7v0vKuHIdVmqX52IcKCbfAg+NT9Q63jBGttCmXHFd+omzUvPBppBmNTjEJ80+h8uiNhFPCJQfjLZlmSrK0Ipx9mOywUh55ggGagVXhySKQzE5yJ1ExaIZ8D0Omcl46CUeH0hOjWeQ9KaNI77lGwpNixSqEWDEhBaUBlfpanchI/a8zBCnSBGr8caWHpUpM/tOKrU+NqcqbCCOGwqhN0Kx8CFzFaogtDC10wIQldAgkffEoCyYFjX1wbW1Xjrmy0iMbVjEQ2ZFr92oS2fIqwEpP169s2eHZDk6ij8XgKZ6fKSFNzNz5UWPs2BOyBT/lw0Gx3Qa+on3rt685RqQns84lo+xfYeM1tkrU703mVC6kkB25MZah56QQydYIZ1TQ+UHR4Vj+BoBWgUW/Eo80WVXl+NFtItHkk9uWs3STm+DR1TyuuhllUPS50GHR5rsR0Two0lNrf87P+ZDzEZwiKJLdsmcf1BJqyGgHzOirudVQ2vpHLS9CbrjZwN/ruCaIa+5m7bJjezUkeFDInDI2yRmsHG5P9lPYjpaLVZuSzKQVaCE3om/N7IBIM9oM7XgftX0I1/P5YtUbbawnh9uOXIo8L41W/RoaO+e1BCZ4oRVm8l88+Scij3YMIzhp8cCOw+0RW7lftDejjRH4V/5WnbALu9h4rtonNHGmxTvxdtHb+OFNPqnf0mJjqC16fZUwJt7S6iPSpIPkwcoH1OL3d4Q97uH2heJQsJC6F9lVvg7g6xo4fkt/SkTHWiUxVr1cEWEwGR+HfPk25FCjoVqrLvzp3J0YHBljIWIfQGy3r/6vveuAr6rI+v8HCUmEBEIXglQNC4uoFFkLNprIWhEVG03EwroiFsoqIiyrCKKwFKUqXUCKSpHQgkpAQJokICWUYAIkIQHSM9/MvW9ue/e+Oy/Fj7Bzf7/kzp05c+bMf86cOXfuzDw8UF0nqhBZg26vogh509kmK3I+CYmJiTiedBZB1RogA8ux59AleFAVbV/qjnOn3kTdv7yEObGH6BrrUPBlW6TitehQH1jYoyHavT4JOxIvonxoqFZY4u61Sjg8JBVnKP/ExCQkeaqDzkZh+9HzSlrUrR0pzz14os5NGDx7E07mAKFhGguhwAVK9fKTt2u0pEIjdGujPcJNTp1SDZ38aTNdr/0wmhnbpnYUWCvwNdwk+ZjSBu3rV8S5JBW/0+ey0KATEH4sA+YW1EsgSMXOFfPw35EjMWTkRHw1aTym0+RqIRxVnZaFjm5fqcjSs2sDPSEoHJHeZWo8/YkOUVq6p1wT9JjcARFrl+GgYad2cueb0EDTyCDUv5m2LTbgmJfGQ3dSMSyz83ylT963Hl9++iGGDh2KCbOX4mTlxqhQGIIgrVRrIF2Ru23zylpCWOV6WpgFAsHQ2gdMjAwPbrqglOvSBtfe9yyoEcH8mHiF84W4FVhMQ/0faao8i+i1Qmj4x/pbNsW+QrbvLgU3mQPByVCkErx4fTRd3e3/ErEnzBa0e6cVas3agCTK7sD31FI9O0zpy99vOgHPpcOYT+P73KdixEt00zlOp9/d9YbRFp49iO9mTcXoIUPx/mdzMH/9QYXFyQtZXlYqn5saVvA+h6JZl+5gNjeqttoJPPSp8d11ND0uCZvICvNQ0xbd/nZc6y2Z3Vo90F+xq9sS1M7mZgc8qaeVDczvDnvAZOOr1AxXuBZVJ/JymLbRtc2+XRwibeVmB/zxVwrW/gXePiyrG26Mxg1/t3GN8bBedvUKxPZa+bk/i/UD1prNbmygsSuHJnjkE9pPf71Ad7Hol5AdQDju/ecbyni/5QQ76igfsfNGoVatiXjgOm3g0JnahET00uMdO7vT8YhfbD353Xd2QPhRNUakL3Kak6+2RR3OiN7rtW5NfQp/p6aIYetuY6CMl4918a5np2VXiVKtbfs21DHyXrVbqs5IiPfZbfwQ0U83Hedl++uvHL/i+IiB+lZcrtK6u2ppOcP460E11KdtwzevMKFYh4qIVI0sFzLrD9URqBpUnkcpd0/teoqjAM0lpoa/eV0TjfEhpCqUztWiel00aNAADevWRJOHPlZIiHdXTXTvr/DzzDdB4qeiV/tohFDHe0OieqaUB3UxeP8B0GUgiJswEG0bhKPtkIU44y0kmKjO1gt/vQ51KP8GDeqi7nV3KQ4ml4NtwqDr8vBssz0Y1/seXBfqwagVh3hyAHcDkIb6MwZucloLYRtkKkTdjgYVjSlG/nSDircNVvVugxp1Vfzq1WiAv88ErjlB3xpsLjZYfHV/NbR++BlM3JWEnNNx6DVwhkIZ7LBvJJhuUAlDI9RyeAlh6ZXQHFUs6ecPrEcF1EZFrx+fkwq06HKjafD2ZKdTpCJcd3MfWfIKat/YEQP+uQ4pOeexdVx39J1wBJnVbCppiTLqd1DDluhhSBfF0K4PGNjYBI1tZX6REWqDijfj1T5A3JANSKfct88dBToLio5eR01Er22EcolyllkUJ2sBdm1upWHPovak0V1PUQ2Owa7j+xE7CXipdz/0HwEsXxuHI7/vwm+4Fx1upEbFe9mVL6pz/vQmlx771bVmM3Tr8xIO0nPxkzd8hOfeVvsRL5vfjXw8OUdRqVpXNOc+OH1drN6wmTbIszzFtYm8XOuLVebZnUpS9SrBitPoZgeyTu4Fy1GlIh+mOWf1XlSdMHPRn0Taqjh2QC/JHAqkfYT6rpe9P/wZib9xzSyh85Oo7XXm4J5ixMdqP3nucsYjZ2hkfvpOlM/XJ0Ps2pbntd6r3/mkYqPnxZ5AIQ7gKzqetRnXGYY5O2sW07OIXnJ7A8sRCbkeOkgZLpG+yMiZj2O08hY4DBzNQX/YBmJjjPXI9ahl5OTprzs8jpcuMn6I6Kebjov21+L4iIH6VhyD0rq7OtzGgj25R/HtDrojOsc6/WAcjOkMcLVGSrbU/AJjduD8Cahzyjp9wvHTZhrDUzZVDuZInMjMQFpyKlJSUpCcqt6fq89HpVC06/0RSFay5nj3bDBEP+u3UjP0mbAVF0/vway+t2PHf55Czym/KaXkedTZlIVH0pHp5ZuSkorU1BRs7ttckyTylicw40AeTm5bpMyY/evhaMxIUJ16jai4AT9yWlnneTwof+oM0tlLvsMVUrupcjxSjyUHkJGhYsbwS6X13HvweVsDVZCwDM+vAejyD8Qvn4rx0+aCXPzJ5IRai8vP8dC50aNI5xN3FgKWfpEaRmt61VbdkYs/cElXBUtOsUdC5/RXvz4Z6LsQSSQG08dNw5J9BLsntEYdqquBXeoMOs8TGIbFrIi3ULE2CMU9vUYhNXk6fj4cR2dSgUfe6Ka1qahe83oW9x4YToGXJmpPwm64C4/Qr1HzZ8zESLTEvbc0QLM7ByFi8ULM+HIFImo9glv0DxqBC+KYw6w3h5e9h5/pF6gfzhLMnTYek5cfAP1M65jbb4JlkC8Rm0gLNE6asPIr1WWHqdEJFOoNiOigY5soXKjdLoL98WYt0q1k7UAAIhjaRwQ3ztkf/iqNy7jGGfm5F8f27juSYnY3if6i6lykuR9wukLLkTM5YbVREJRjmuHmtK73ijeh70Bg1VexOLxjA76h/XxA5+tds3ECEb0MvqaGQh4SbP4+WsGCgVhfBI6nm/2lCmwRTMCXGdsStTEWWcTGD3f99KfjgfTXYvuIAfhWFihK/NGvw01P5sXxTINXd/4UjlAR7o2u51+QqGi8RilGTYsxLV34ddE0+qbXEn+pHU5ndYMR2YLOjn84GetUv1fhWZiZpuRh6eF0WUKVuGM4f004qtSMRI0aNVAzMhJV6D3cuzKE0yO0puJ4H6NLFXLpQoSL3he49JRMhW/FOjei1/T1oOs8sek31cmv2/wuJe0ILb8S5cv416gRifDwGogMVzsbQSbSlK8/QYi6tQe+SN+oOLLJlx08TIVj4P/8yWnlFlGtCZIxHhsOG5z+jDTla0NNL3G5alG4mYZ/3H6a1ofXjdUrnGIYbmWpPOddVhuiVj0KEr/ycxS+/NF6r9PqLvpxbDkWxJ7Sk/IzwX/wst5tavqqLclaOvtBg1XvL0FG50fR0jRLr5H4DajH6qkkntwz2EOLjm7dwjA7Tn9xM+kPZKrvfX55+UssCob++ImkibZBxVu74WXqXHa9oR0+pzO3vTs10NiL6LVGbAnsO8PmzAO7Sh0nAXvCJCYVo/FkD2DJqE9QOeoZtKHOdcUbu+BvVD/HjN+C6BF3ai8lgdUwMOrgkEhURms0N0y7FVx0+EQUAOuSsomEfvlJ2LSTWkn9OvLTWtBNnbi1YUUI6SBtk340+6hxq002nv/KblF1gjmJ7CrP1hUGcInagaLyFxFFCDfKyA1/VpbbuGaVx65eRbO96sRBra8ToC4uYstkMrFr8/oi2VP2fnsiXp9UY47W9kl/ILl9XWXpqLUe7s9BuO1p+vK69jk0bTsIeU+8gdsN/cwtv4heBtGvStSMYP6qgxo7hsH+X3QMRPsimwWvNmQ5jN/EU04fp96Nd82lVkJggdKyMUwKkfHDTT/ddFykv5aUjxiIbxVYKwRO7cfhrqKsXe57bUdMXLsd+35dgRfqdEMiBqBPJ4NDZlOmp1wz9P+kIzDzUTw25EtsiYvD95/1xc2vr0Pe22PxyLWs2FB0HjZHcdYebPMGvtm6HRtXTUDbiKroOOs3Jf3vI+cojuXNdw/HD7sSsHvr1xhygwcV+nynvH0T+suDgyh9xYeG47u4/UjYvRpz5q9HedqVK1F/OT12NCJrRaD3RwvxS0I8flk5FVOo39eiseqWRtz5tLImfcQtd2Hc0rXYsj0W84bejprBz2Ov15fdMjACdSvfh49XbUV8wi4s/mys8inV+vZrA4NwlJucVkb1uqpreP/V9AXMWLkRG9bOQpcanbxfD7zUFVriFTrLe/qjTug0chn2JuzD5vkj4KGzDe9s0J1fI+8wOivFrtnjPsXP8SeQsH0xXqhyj5mvMQMNV76zF8bS5WBT7++G0QtWYcvWFXj/ngi0CBuO3+m7WqW2vTCO0o3pWhvDlm7Czt0xmNitId5MpHHvPyhkdLUFMHQsYAZ8wfwF2Lh6DeLO0S8oFaLRsTNw5qVhmLb1ADXuOzHz9aa456NTfpeUsK8ErlcRMHTl6UIg3AZUtsdH1FG4ZT3+Ku5gwHgvEb3mtMY7M5LVaV9ZvnEDVm85akzyHxbEiX06Zpf+MVN9dvsvZk/Y0qxw3NT5MYVdo763gaolPfKjJbpFqSU83LaJW1FauqZzWowaENGb4JDKOInh+GDaOvx+4gg2L3gbVToMN3ES4WPKoDyEorg2kbEJZTNsi55Djb+PVuzqT0tHoGmfJQh/sw/a0A+HIjrI2uSfU6iNX/wk7qbL9Jh9WTGyq/Iru18cpcZTUCeUahn+1bixnTImrFu2CeuWb9CW/xlIfIJKWwnaAVH+RWkfEdyY8G74u41rPgDQCLt6FcX2svW5t/TpiOTkgej5zkLsoWPe0iGd8dQimOypKD7Mrfzi8Rvw3GfLsG13HBa89ggG0gmS0UPuFbP9NjajYpv7MdQLwsBenQwTLXbIWOJE9LLCX5UX911D22DA7E2I3x+DCc9EKMsx9WWK7n2R2SO25jwJo9Gl/yT8dGgfvvu8L+reP476KM4Otwi2IjbGUnPl0eP1a+zSeJzb+CGin246LjZuF99HDNS34hiU2t1pZybfpf235/VzYtnO2kXG8xq9py5oZ14amLGdqjFjejDTrv11fdv3HO5TW/5LqL+k0eDBYWR9kn76RuLq0dqRd4yXp+kAMmfzCW9JWWTv4n+b8rOjt/hZygWph8nct73Hy3nLYMcUamc7Uy6FSZu0Y+oYf3ZKwJtTNmqnW5zf+x0Z/JBBPkozYOZ27WxfQ5WVIDsNw7QD2QYjvvua7wR3k9OHJy0pecskEy6vjhqiPBtPC2G7iVe+pZ8lyup3R7+JJO60dlCuVXxyZPG7eltQ+qdefEZ5Nh436JMpZYd21CErg+0q/jDmqE5mSbeex8vwYKcxcDx4xoTJHUwnl7CTJtjZyqwM9jd61yWFNDfxB9NZ7nSzHBn9onFHOSFWDNlJH6Z2Ypxs28oFQ5s8XH6fuw2tVRdYHtE2uLxPPTXo7Rj1eEVjeW56baTlYX70noLvQPW0D3tM1FMjjO3lrmvqjnN+Qo5Tm3NZrHdGL2JP8uLVY7iGx3mPyaGMDnzSUTmSj51sxC+n8q06x+n5XURvmJ7O+8dtmp4yPRs5tKdiW2afUIWw48PK1k9BUEu0iyuOTWT1Vk4QoH3EaNca9/ucHDYcdSqig3Ztwn5r4Yz33HB3neCo6nd21Forb/9mdoQdnSbaViJ2wI6/XroeKmr7uOEmhr//cU2XUg851svF9uoc9BDT35n9mmj6y37b4vl7zPbUDh8fW+G1d9c996JpjO4/b7dWmFPbqgRmm6FlogF2qg4b632O1vOWyU+a4jJpzzSvkF6m/Uq0owCpPtZ5cZhybCrrn4ZD1Yj/vsgkzjLZLSbzJ5P6+Y49jNR7iWArYmN43Y3+GT/K0IiHdWxkYvgfP/zrp5iO0yMTBcZtJktxfEQ334rx/zMvDyuMDrA+1yE6e9Hu5TpYUzgHbTNTkVbgUZZdBPtQukRk0yUZ9Cciy4eFIyKUTjvbXvlQPkUGhdElD961IkY6+ktKaZl0CYdTOp0zu5iWidygILp8Ipx+rrFcAjJcTEujs+ZBtI42+Sm7HLbUhU7NhdLlGWFO1bAUG/CjgJwmnl5c/GPLfs0sExmubWDgLMjXkEMJcoxC6PIcuy/CbulWfvbPdLkIXSYUFBqOShHmhuBtGOmwZMaen1hswBiKsXWmKmIbWBlyTJz02kqfm5qGSx7nfmCltz6XOk6B9hGrgH/iM8eiVGxGEW0i+zQ+t20ERvc5gPgBzajdpHbPya4K6iCvp5Mdckv3aRLaxinUXrGlcEWxtVznHe1AMfn7yGuN8INbQPi7jWvWcv3Uqyi2tyh5TCLl/oIuIW3QIT4Xg6ML6BifRYdwumTTZog35fuTHkT0kv3yZW4wHWtCT+MTTxTeeHwZLi1+xDy+ufZFukQoIxMXCvLhNDYWtcq8DqViY6hQvC/Zjx/2fldgOq6X4dhfFXCK6SNeIeOG2WOxtHo2TuHyZRpJl21EWtKEH6ljFOnawYIQSZ00xysolKb7Y8IcBD/5BWTwm58KFkKNf4ijgCWUICCnqSRXXFTq8qXE1yQLfXDDyC3dys/+OUhZz2+X5taGdnlE4wLGUJSxE51g2zpl5/GBYlKhaiQ9PaboV6njFKguF70qxc5Zqli46od/m8g3cvnVD9cyVIjc6umW7gM0beOa/sy9TwZzhN86MdJi8jeXZvMkgJsQ/soEkJ9xzVq0n3oVxfYWJY9VJPZ8QTkKM8JlDLfLWbpx7nqZjZRTp3HmzD4sfb8HPqLijLdbCiPQ3uUiqB9UCtVxr0PxCvXfl0rAxlDx/JfB5S+mj3iFjBuODndY9evRuEc7RBdhUxuHSN4lAhIBiYBE4EpCIE85b/21W/3vw7mSJL66ZPkfwp+eeBOJh3B3vUplsglJ4VEMbtZc+Y2DFu1fxKxtI9DrZsNmmTJZqz9D6P8hHQ8QTsclJQHykeQSAYmAREAiIBGQCEgErhoECrKz6VLV0CItbbpqQJAVKTEEpMNdYlBKRhIBiYBEQCIgEZAISAQkAhIBXwT8HAvoSyxjJAISAYmAREAiIBGQCEgEJAISgcAQkA53YHhJaomAREAiIBGQCEgEJAISAYlAQAhIhzsguCSxREAiIBGQCEgEJAISAYmARCAwBKTDHRhekloiIBGQCEgEJAISAYmAREAiEBAC0uEOCC5JLBGQCEgEJAISAYmAREAiIBEIDIE/zeHOycgOTDLQX5ekvx7pftFfHkwNlLc716uJInDs1dqzXx2kP/gmL4lA0RCgv+51PrskFCgbGSXCp2jVKN1cRa2bqH0sXen/d7gXtZ3+/xEqqv23k9yeV9nFxq6O/6tx9m3rDw1RGyR9NI7in+Bw5+PH9+ui8uT9vEyh+6Epf0fVqhEYt/+SIz0pPI6JtwWj9ueB8bYyTIkdj8qeR/BjrjFFlbvVmF+MkWUsXDTsWSXzE6YjpFpV3DppzxVU53wcWT0TLz90N1p7PLipxX14YchEbDySfgXJWLKi2OtmyZZRGtwKcRyjwiLQPOxtHCwsegmk8HeM8oRh5F72k7f6VVZx0WsAONXNSOMUFrGPTnlLM56c+A5tPfdhk7PZLs3iS4V3cdqpVAQSZlp0++9bhD2vsouNWsOrwY74tlWgMfZt68ZFxAaVlI/mJktZSS91h5sgC8cmJuGG0OCAMAmKqKvQVwl2zufJOoetPwN3BMjbKsi5nWuUKPrDWNrF5c4Lcy5fI75CA7wOgWLPqlM+rBpa0XvDyldO/RPm90OTrn0xe2V5/O2DD3DfTQWY/p9/4N4mkZiUcBWN8AZ9stNNQ/IVG/TgGtTsChREXYvyxbAynqx0bKW1rBpMTHUtq7gYK+FUNyONU1jEPjrlLc347PPxYNMfIaVZyJ/Muzjt9CeLaiquOPbfxIg+OPEqq9jw+l0NdoTXpah3p7Z14ydig0rKR3OTpaykCwyF+cjJzCzVpQXZ9NNztuWTcaOnZ4MQgr7RFXywZPRsqQMJuwYRNDXFh4JG5GcjMzMbBh/ajkqJCwpRB3Orb08aAbleZ95ORitDLpc13t+zf76C2Hvr6q8cp7R8B5w81z2CXyj+K3o3s83qX241iwge7Je8RJYLEKRi+4Q5wO2jsLcgBhOHD8e4rzbh0u8/4KPxa/BMdEVfOR3q5ktoiMkXxNyQhQWd+kg2rZ9Vty1Z/eqqk2768AgggmHO5PJ3ibSdU50ZXw9qov93BGdPDsYNNgWJ6I+STXvf0wJKNMflmmvoo4D+q3rmv84+Yrrpj1u6l6FjXbUqaQEfEdS28l2W488+lhwe+YI2lPYZumSQ2dqwa5hFdrhE8BKgccTToViqII79U8/ih0ZrHi2gZ3MK2dWD2RYvTk7ZnNrbRG/H20Qg/iBkn/yx80ISGqx0RHeciyi7o60R4ufcttyOWMd+f1V2T3NvZxH7qtos377vW75z/XxpixZj1+f82SBev5Ly0Yom9RWYizq1Dlce2Tv3XUJnOZk3qvw98f5SkmSgTpj5PKmOAeSni3pk/rl1pAel/3gfi8wi63rr+RU+XT4naV7y1J1fKrScf+NnhpE1v6vMco8sIJF4zsS78PRP5K32Or++g55R5Go/5VddAFrmtimvajIHoyX5YHmCId0cTJjcXaNlcvAyC0kG+bINLav/WDKu/w0aTdOnJpKD2WYe1nrc//YCE05mavXpQvwyMrCpXpe/PDhIqzshYtgzefsO6q/JFoGHydy96d7i/GGfR3bOfY/cd6NePss7ddsZTdTCgsPkA60dWXQe2fjmraTt62PJ6P7RWplFwYPpDZO9y0sPaXxG7+JyayKYAlp79P6W5JpSbB6yj5EZ/3hA4x2Ge8nY1c46wDik7lxIXnqomZaHyddrwkZNV31LUfGI6j+KvPugiiPDcKO3L7D2ffluHV88OIzEHM8xs3GR00k3zUzYUxZZ++p15O7JB0xJ8TOpbnf+Uq9D5gHySU9dl/HXh31w8a/L/utsLJy117IetP5P8PLF9Ufjk3OAvEbbgbUF/+N9nWPzhKP+e7lY69x+EFmdaGkHrUBvwKZdRi3eTS5xOpt0s34J1NVP3fLTfiWT//GUVmdW9xt6jiU7ueGkcljtI+9TzvbAK7wLHqzfj2wE0mnQ66Qzx92oQxwD7z3x+3HaGMH0f+SwboTdjWMCccWLMXO321bdNI4XFrEIr8ejoz4wjTEvT9lqsR8uttZPOzmVacSOjY+rjyaS2Am99fZs9hxZfkQfNEXam7Uvs2OjvxhpwnvKrnNWMbzP/uw/IUL2SePsh1fODgXfDsM+IP24vtC7L87u7asVpwRcbI2QTvlvW25DuG3hY79ZDvXJ3ddhdOY6Mr69/7OKnDUwtOqw1Vfg/VhsbPRfP1asu9x+2pbmt8pr7HNWG8TKKw0fjfG9Wi42i2x7HZmrOkUNX5hI1sVtIYtGdlUNxqvrNIOVMLmDj3G9vOtjhU51oLLInuWTSZ9mdMB8ZhSZN28WmbUoTh24cn5VDSGNXxUXR1bNfkvJ926s6vRd2vexYmC44S4gxxQHkBmdaRtjycavP9EMDx+EWUUUJ4Mqepd35pBNcTFk/NPqYD1mm71Dl/rLN2T4M00Jc8zfnTabzJ6xkiTmU8WhDsOizt6B/s5h5LstceSbD59UMXhrk4ZZYeIyNY4O5Mti48h3n/ZRn9/WcdKIeSDpW0V21sFnb4gla+ePUPLcPvOQQiGGvf6iMHZlLNm6UsWDGfg9OYyNH+yp87zplShyHX2Z+CYmlsRtmKsYSybPdiUvzX5xhzLgckeY4TGnS8ngwQ0da8tJS1aSL95/h3zj5gTR+qzqo5bfkb74JaRZ3noU5Fi7nVdflKgODJi6imyLXa69pL275byXyveWGjdKedn679dryM9Ub6b0u0Npk7dj/vAlpjEmPLqNIstXziND35uvvmgZ2nfOhjiycckYrb05viJyOummVSAmi/JyOMH44kmN7ZRbSJ1q/AVXNazMGfpijdrmijNr6M9uuuy3zhahOG14G7V8/qwMbn76k4lN/iny7dS3FOw6D/mczJ85i8QkZiokXIcYP3v9Z22UTCZGQenbHyzZSLavnqHotN5HTKUpD6xduJ6/PnsV2bJhMXnnepA6GEYSKIVIuwnV1U/dCLWNzHl5+bMF5Ie4bWTdLNU24vFlmtNvtY8lhgft92zChOH6LC1/yewRZPhiVnPfK/fIHNXWPTBWGSO+GqnaR6PDLYIX4+xqt13GCx/pDPXoMHIB7dPfay/GxrHA1db6aydroYYy+89eS2LXTNZfWiiew+dtVOw0e5Gph1HkOM8v0N7G9h1N+cSumam0E8Oav+Rzdurdj/0XsE/CvKjDzR1tfzi7tq+5QL/2VVSn3NpW1L4y0dx9HUK47/PKhFXKGDLjtduVCcndBWrl3OyrWo46rouMjW71E5Pbj5649DmrDSotH01F7+r4b+tws9kBZTDusVCfHaP1jRvTSTGwCxNVDbJTwkv7Jio03FFjM6OLW4FETzHPvnGH7snFxzQk87OytDDjw5SOO9wZ1CFig8D0eO4R0sEvUXVc7/tEdTQKC9QZscojDA6xd9AFrYs2Q6WVogaOznhMeXGIK9QT2KDJHO5aGER4h2F1WTvQaCzVZ0azX8+qDB7MEG7VRTWkqnlY3b41vPrmpKYo8oljr3bM8YaZYY6RK/YGaXgwf6f6ovTlEa/Q1JCygYHzKkk8+ODxX+UrCJdA4J62Q5l9U5w2KtttdHb5252JpoyXd6r699ryk1o8w5TN1ptme7VU+0ABOaAMJM0n7LAl4HhUaqQ6YjqR2r6s/dca3vEu7/tC0d9uc9WXKlE57XRTL0sNMVmYw93C2w94utHh5oNU9aixhq8vWdrLM9dtf7rsXGdeon7ntEaH270/6fl5qLBQfTEft8/8XYPrkD/9z9ym6vT4nfpsIklcqrRD3xW6fvCy2J23ywsGu0TyMkjqBZWKp/vTL153/7aD2i+Huhnl4WH2pTDk1onabJnVPpYYHt4Zy2rv/ciLdrhbbaFKxpwAo8MthJeI3fZOADiNFz5CeutR9611epI3jvcTUVsr3E5e/rf8W7cZZ7//l6JvD87Ux7+TXz2njG32jrIqrrW92VjLJoUWcftMyfL3qjalp9em6BXlIbuxV8w+cQ763Y4XTRXCOfBxmfchX/uq91G/fVDQhxGxrwwDEV/nxOKXlDZaZlgGkHWZI6ji7s++quWo47rb2CiquyJylwUfjaNY1u+2a7g9yQn4lHo1w9+4H1XonV9teg5QgkfOixzXp+ZiC/KzaSkVss2rqUnFa9GhPrCwR0O0e30SdiReRPnQUF6Uz/3kT5vpeu2H0SxKX9PtqR2FxpSSr+EmyccUudvXr4hzSUlITEzE6XNZaNAJCD+WAfM5B3oReTkXlIcCG4LkzjehgYZSEOrf3B3nsAHH6B49VrfkberGMHJeLe940lkEVWuADCzHnkO+G/l4nqxX38ED1XUZKkTWoNvM6NpXYezTFTzaNq+sMQmrXE8Ls4AT9iyt8OxBfDdrKkYPGYr3P5uD+esPsmicvJCl3J3+lQwequwtb7BZqp8FgwAAGTdJREFUd+1UMIuv0hr/OpKF45sXYdiL7fHT58PRrVV91H9tIW0T9Tq6faWCyxMdorwxFNNyTdBjcgdErF2Gg75NotCxNeI7V8zDf0eOxJCRE/HVpPGYTlOqhfhft3nx+mi6Wlm/ePtmvPVPdNKbBqF/fRTTawE/nFR1TVROf7qpl+oe8qAq2r5EdffUm6j7l5cwJ/YQXXMbCl47Ljfb5Oimy9Y6u5euU/jTH51KD3noTmaGWHaetXO663/i7rUKo/CQVJyhtiAxMQlJnuqgM3LYfvS8XoghxNulZ9cGemxQOCK9S5N5uoh+udXVuW5A8r71+PLTDzF06FBMmL0UJys3RoXCEATpUllCJYtHv/bMsjpfXF9OvtoWdQxk9Vq3pnqVocWI4CVitwMdL5gATG9efvJ2TRZSoRG6tdEehW2tv3bSuakhVuZjXZpp0VWiVOvQvg0d7LxX7ZaqEMaNpSLtHYaGqGsc/1p0AJ1IwL6z1r6hFmRn/3m7udknLiu/2/HiaW44i7Qv52W929kaEZ0SHUdLyr4yuaNu7Uh1fw+eqHMTBs/ehJM5QGiYWiOOu7t9FRsbRetnxdPu2altA+1zpemj2cldFuNs7XfWH/FKXaoGlTfVyVO7HuisJ734MG1KDujBg7oYvP8Aqg7vj74TBqIt/WvzzgKsGPMkrrXhxDY3VIi6HQ1MPprZic/xyr2qdxvUsPCoVYtqf4BXTirQoueNppcOT3Y6rX2Etgs/pCpwbsebaFH9TR/uxM9OjOjmdX3oWUSg2JdjEHjfQYIatkQPW67myFx6dNeD9buBuSNP938dEQc/wogVv5mJbJ5KGg+j7DbFOUSFon77HhhF/9599xd82qMN3vrsKbxz3x2Y/mAUgulGz0pojipeQ8eZnD+wnsI0ABVtVJc521/dXw3P08Nqoh96EV1rHUKv9+YpWYP97LOzw4OXF93QqoF0Y2Uy/UtPU/kWQU7Ou6j36N5f4Wc6aP+tz1j0aj8VvZsOwPo1n+Le+qoCuetyDvzV2U0uu7zW/uTGw5pu1CGr/gcT9Y3nhb9eZ82GFj4xagTTnzA0Qi2L/nByUf0qTl2PLHkFTR6fTOW4Fz0HNcGhcd2xlB390YVL4XwvCTyYAxURGe5ciCGF2TFjlzKe9MTIRPASsduBjhe6iMYxwihp4LZW5+kW0svM9ai0OXn65jcex7kE0t7G9vWgGupT351v7Of8RO5u9kmEh5lGr7PVPxBpXzMv9cmuD7EUEZ0KdBy1Kz/QOHbQAN0LhMHPPolxve+hfwDdP4bhD92gsHK3r3qJxnbWY/XQn1G/QPvc/4ePpiNSNkLa3K1R3NBqjZTH1PwCYzRw/oTipEHZj25O4k8hxHmWmtNo90rN0GfCVlw8vQez+t6OHf95Cj2n2Dt+efTc5fKnziDdz5m+IbWbKkfZ9VhyABkZqUhJSVH+UlNTsffg8zBMKGsiFDeQTQ0q/dSLE5kZSEtWy0ym5bGyn/M6MnZlJBw/bReN4mDP2oUNlm7X4WXvUcfrYfxwlmDutPGYvPwA6Od3t2xC6UXFQ4i5hahCndZ4c+1Pykvg2fPqrFp+jgcXcQDplon6qq26Ixd/4JJxXPDyK0hYpjjb9BMl4pdPxfhpc0Eu/iT08mIRSXtMOHZWC/NACJ3hDqkSqTwWRU7Ox+m+70iKuWcS+jZoukLRrvdHIFnJ+HnmmyDxU9GzwRDtnOw/s+1MYpXYg1n/8zxqb1hIz2nP9PbJlJRUpKamYHPf5ralsnbJwlEf/eHEpdFunDe7E/q9bvXrk4G+C5FEYjB93DQs2Uewe0Jr1NlhpBQJFwcPm45iU+Tx9Mum2ApsAYXhEsFL2G4HMF4YRHAMFs/WOrINKKE47e3JPYpvqU4E5ZjbQEQAN/skwkOURrh9BRmK6NSf0bZ2vk7kLU9gxoE8nNy2SPmS9q+HozEjQf2Bj5K0r8Wpn53cjtAH0OeuVB/NsW7/Dwm2DjeiovEaFWbUtBjTMoxfF02jsxkt8Zfa6uxHWPU6dHA6hjOGWcCz8btsq7HvjO+Pk6SnqEtTKta5Eb2mr1c+uW/6zd4RjajWBMkYjw2HDb9Ok5GmOJg1vSWWqxaFm2n4x+2nER4eiRo1aih/keHhqOlnxoZ1YHaVZ2s6Arg8FI1w+qm5StwxnL8mHFVqqmXWjIxEFVp2uM27B8sTSafXIj6cjHUG77gwM03FWhD7AMSEFfvgkEhURms0N7yBFFw0NGIgzA20RcHDkB1/xO/ELw4/YkOQiY1j3sa8/eeNWYCMM8pykvQc1UGod9td9IP2cqzaQqeTvRf7EZZV7y9BRudH0bIij9XveZfVhqhVj3rE/MrPEXp54eT8rrXvRxNMP/5RkPAt+lGRHqunzrqKyimmm2rda32dgEteQRheuzavR6b67qzEajoWWlNxvI/RZTa5FL2LdPKtuG3H619ad/XYscC4121+l5LhCG3eSrRPqvYgktqGGogMt/24hzqtVP1ZEHtKLyw/E/zHbEXbTc/sHjLWzZN7Bnto0dGtWxi+rNFfakv6w9SW7lx9KYqChy8XPYbN2FUbshyH9CiknD5OLZx3/Q2NF8FL1G4HMl4YRHIOBmhrje3kzDSwlEDam421xzMNM07nT+EILe7eaPNSQqsERvsvap+sPPizkRePc7uLtq8bH54uolOiPoyYfaXHXQr4OszmpinzPkF0eUkPfJG+UZkATL6cVfL2VVB3ReTmuNq1bSB9rjR9NC5jmb87LUI/8ElHNlehnPaxeds20+kbPE/BGf2EjqWx9OQQehoDy8P+jJvt2K5/djLANxtiyPebjyjZ07aomyB7fbiA7Ig/SHasUE/Z4BtarJuC6IwjYZv42Eka01dsIDF0lzZ7ZmXxTZOMMZ0JUuLYSRZ74veSTfPeU56dTptgeVJi1I0t7CSDtd/EKJvK2KYN241o3pNZ+IaXvHjvTn168sK6nfFkV6x6qgH8HF/Hd/eHXK+ebLLBe8LIbd6NNSLY75/S0bQ5idWDbWBhmLhhzzaKMNxemrqWHE78nWya7z0FwZDXjldJ4WEne2HiAkUmp82mPJ3J3WnIRPJ9zBaydt4Ypb5sM9GyJHUjbyE5RcZRGkY3lLbnL7vWkwkPqM/G0wkUvPg/umuf0bOj1346mEji4xZpO++NusXJ2d1JP1gab19P0wFkadw+snuD7+kYonLa6SYrw3oxTFkd2DFTv8bvJF+/8zflGd5jOLVNNvR4wm+37SPxu74nI+5Q++Vv3l30brrsr85WeTgt2zTJ9gbzZ96/OT3f1MP7E4/X7t6TH1oPmUM2fL+abDtLjxCil50OWXWW75pn+vHxkjVkMz1tae6Q2xQbop7ko5WiBVi7jK2vnmwyav5KspmecsNwYqeUHKY4ibSbcF1t65albNZm/WBq7H6SePAXMuOfjU1tyYS12scSw8NiQzRgbAJnV7+hyMVOsvoxYS/5dpp6QpPxeDURvBhrN7vtNl74iGdTD7t2EbG1bIN/D9q3rDooUibfNMptMstjbjux9uabYtlm+8/WxJG9u5crNoqNq/qmfrNErL52Y6+IfTJzUvuvHS9rn2P57HB2a1+78uzGG5W/mI0XaVtR+yri62x6lf40CG0fdmrSQWqD+clu6hHJdGuigK9g24+t4HifReonIreTnrj1ObMeU6FK0UdzgKDMRdueUsJqwRohZkwP1dBTY8MG865vm8/hZnQHvx5souFnO38Rr58MwI+vYTwwUD1HuSD1MJn7tveYPS9/Zrj5GdesMY273VlZyVsmaUcBMl6vjhqiPBtPFGCnMax8636TTHf0m0jiTtsfI8f4suN6+HnjrMOwk1HsjAajZQ6C+fQBQhJXj9byM7mYozVn8wlG7nid2vJf7YVBwYU6QuuT1BNCRLBPWvGSDz7M+LGBgXdwVrgd9mwQnPeP2zSMGM4jh/ZUdljPPqGfUsJ48YGiJPGwlf3sOgUPf0e25R7fRM8Av1OTW8GNnmk7f6flLNqUHdoRYIyGOVz+zmJXcFr8ronvUy/anfGuN6cTHpzCp33psZG8fTkNEZDTTje1/IYAa9OZ/ZrodaBnbD9/Dwg/JYQdE7l38b9NOsccI/3cdpWZP112q7NBHBpUd+Xz04Gc8tr1JyMfVq9pXVX7w9py9C71rCFbHbLR/8KkTdqxkFwX3pyyUTvtw1iWFra0C7MJH8Yc1ZLd2k20rk51y038wXRGP54dRka/aGxL1Wkz2scSw8MGQ73i1lCWaYxg+vTJpH6+dsmCp11/dLPbbuOFVTI7W8jahZ2UY3zpY3Fu45xTOwmV6T02lttRlsc6tom0N3e4//a8/tsFrP0XGc7z9pGHRtjZf0YnZJ8sDG152eiLPc6BjctOfUgTSUinBNrWZuzXyrAE3Hyd83u/I4Mf0m0VszcDZm43nATl7ivY9mOLHPxRRHcZrZvcjMaubd36nFWPGZ/S8tEY76vh8rBKUMVwvuivOqbRn3UsHxaOiFD7z7Cgn1zTMv3T5Kam4ZIniH7aDaefHA2XCH8DOfsVtbTMLP/yUPoCyjfDTW4jX0qfQunZUpQwh2oayX3CXrkQFEY/V9usJfHJwCLykZZGl9U45QkUG9sy6KYaB+w5RqFFrbNDeUp0EfBgSx4uBdNP/i7wcbkdcfPKlcOW6dDlEiF0OYHQaiFB3fJXbXOa2r4eOu9RpapzpVzlDEA3XXlRnbtIdS43KIjquqUvcuGL0HY8a+nc6ZIKuvwsKDQclSKK0jlB65xG17fb2B8/Arth6Zbuh7UhybluXOZIP8vhDIwCCnLePvY4IC4qcWFGJi4U5Lv2MxG8eN92HG9KyCb6VNOVr3M7+fAqYgRvE7v2PjSlI9q9XAdrCuegbWYq0go8yjIp01jqUK6T/efjj5t9MrJ15mWkcg67tq9zVtsUEZ2CW9sGYF9FfB0uk+O4WtL21a1+DLmrwUez1YCyFenucJet+khpJQISAYmAREAicFUhwBzum14uxPcXY3C3zT6Uq6qysjISgasUgaJNF12lYMhqSQQkAhIBiYBE4EpDIKz69Wjcox2ipbN9pTWNlEciIIyAnOEWhkoSSgQkAhIBiYBEQCIgEZAISAQCR8D+WMDA+cgcEgGJgERAIiARkAhIBCQCEgGJgA0C0uG2AUVGSQQkAhIBiYBEQCIgEZAISARKCgHpcJcUkpKPREAiIBGQCEgEJAISAYmARMAGAelw24AioyQCEgGJgERAIiARkAhIBCQCJYWAdLhLCknJRyIgEZAISAQkAhIBiYBEQCJgg4B0uG1AkVESAYmAREAiIBGQCEgEJAISgZJCwMXhzkZGNv2pvqvyKmrd6C9dsl+HlJdEQCIgEZAISAQkAhIBiYBEQAABR4ebFP6OUZ4wjNx72cQmJXY8KnsewY+5pugy9eBUN5FKHJryd1StGoFx+y+JkEsaiYBEQCIgEZAISAQkAhKB/3EEHB1uT1Y6tlJwqgYTE0Tndq5RnvPyTNFl6sGpbiKVCIqoq5BVCQ4WIZc0EgGJgERAIiARkAhIBCQC/+MIODrc0PxJLaBAFRSiOuDXXEMf87ORmZntF8KCbLZ0wz+NDwMvX0ef3i3dyzA7OxPZdktitCppAR8RmNx2eRs9PRuEEPSNruCTRwQPTuNYN4VrvoKrfxrf4mWMREAiIBGQCEgEJAISAYnAlYeAvcOd+xv+GdIGa6m8w26pCI/Hg7um7vFKXwUZWI7xg1+EJzgMERFhyhKTefsumGt38TdMeDoaQWE0nf557noDa064rEPJOY6Zr3Uz8L0Po7/+FdqiFpv0j9ccMpSbj01vtcOtgz7Gv19sirCwCPoXjL/0nIT4HC+Zn7oVpO/BlNd6KvVlcrO80U9/jF3pehF5Rxeiqud5/OxdUXJoVi+Fvt8bLnggG3FTB2p1q+i5CaNW6LKzZS4fNPag8xuD0MUTrOBaoctXMBStCyFDEgGJgERAIiARkAhIBCQCZQcBOlvre+WfIt9OfYu0AkjnIZ+T+TNnkZjETIUuYXJ3NsWt/I1dGUu2rvxEoauOAWRPjsqqkCSTiVEgwWhJPliykWxfPYN0pnmMNNZCC8l5MqeLyvf12avIlg2LyTvXg9TBMJJAiVn6l23U9AFTV5FtscvJW+3V53e3nFfYFZIMjQfuHEa+2xJHvvnwSVXetzapRfqpG8n5lfSjcr782QLyQ9w2sm7WW2rex5eRS16BL+37mIThXvLTRTVCBA9GGT9Txa3LO3PIprgYMv5pVfYx29JVRhd3kB5eXJ+l5S+ZPYIMX8xqLi+JgERAIiARkAhIBCQCEoGyjABbHmF7FRb+qjiA4/blmtK5gzl+l9dRpKkZcaMUx3S0Ny5z28fK8/idXq+UcUhcqsT1XXHSxI8/XN45UUl/YfExHkVIXgZJvaA+8vTXluv5CwsOkw+Yk9r5S5JGyZjDvagzSC0MIrsLOJs8snYgSD2MIse9UU514zmM93W9QUJunUjOeiMv7Zto63D7w6Ow4AB5jcpZeYTX6ae8+EsJeixUnfkc1eGu9t6PxuJlWCIgEZAISAQkAhIBiYBEoIwjEOQ0F++huyLZIpHsPLago7KBLB0ReBhtm+txYZXrGdKBxN1sMQoQHpKKM4nnkEsXhAeXqw46e4y4o+fp/yiWbLqObl+p8O3ZtYEeHxSOyAj1kac/0UHP6ynXBD0md8DYl5fh4KVn0a6iSpvc+SY00BbLBKH+zd1xDhtw7NIw1Kc0znUDkvetx9oNOxGffAE1b2iFiMqNUaEwBI5A0UUfbniQ5GP4lIr2d1r4uaQkXKLYlqdyNOhEMdqXoSyZYUvi2dWvfWM1IP9LBCQCEgGJgERAIiARkAhcFQg4+5Eu1SvHdvR59w0GNWwJuhxCu4KJ6oy/8NfrtDgeaMEDlnsw3YgYhkaoFWZJ8D6y9EpojiqW9PMH1lMxBqCid/9jTirQoueNqGJg48lOpy5/BEIMcXbBI0teQZPHJ1M57kXPQU1waFx3LN1PKbvYUZvj/OGR80e8QryqdxvUMGdDrVp8cTmUF5yIyHALhXyUCEgEJAISAYmAREAiIBEoywgU2eE2V1qdDedxeR51A+XCI+l4ILIQWfnsx3OCEBRE70GRnMx0z8/xIAtHkZ5Fo70z1UYCln4RB3zSq7bqTmfQ/6CzxpTa5uAQIw9/YYIUrH59MtB3IZKmP+F12Kfh10/b4AG6biWwy4xHSO2moOvh0XjJAUzvdK12+klQUBDyKC7VTczl2SQmOOSDREAiIBGQCEgEJAISgTKOgLbwwqkeocF8sYMThW983eZ3KZFHqN9dKTISNWrUoH+RCA+vgchwex+/Tqu7lNNPFsSe0hnmZyLVe6JgvdvU9FVbkrX0QhzHqveXIKPzo2hp46RrhA4BY908uWewhxYd3bqFYXY8H+lJfyCzkQMDwehy1aJwM6X9cftpigHHg2ERjpouM9q5Z39H3K4EeVqJINaSTCIgEZAISAQkAhIBicCVhoCzw00nWtnCkAXzF2Dj6jWIO1egyJ5Hjwh0uyLufBpsUnjELXdh3NK12LI9FvOG3o6awc9jr8PJgJXv7IWx9YGp93fD6AWrsGXrCrx/TwRahA3H74XUcW/bC+MozzFda2PY0k3YuTsGE7s1xJuJNO79ByHyWqAt3rCrW4VodKRHqZx5aRimbT2AE/E7MfP1prjno1PIrOZcYxE8UKElXpnQGqc/6oROI5dhb8I+bJ4/gh4RGIx3NugvENZSCDKx6IHr0a5VU4zdnWFNls8SAYmAREAiIBGQCEgEJAJlAAH76WYqOKl4Le7rCiwe8zzuHQOM3nUJt1a/BlXrNKGpZ3yqxpzzkGCVXTk0wLCkTch88m4M7q4ugKZHBOKfU3qjjsOyDw/qYvCOHcjs1wbDez6o8GdrqUfE9EUT5bWgLgal7MAFmj6y+z34N6VgPD9Yvhjv3Kpv4FQy2vxj68P5+m+nuj3y+Q/Y2rkjBty5XOXw7DCMfnE0/rPLzJCtB+eXCB6MtuVra7Ey6Rk8+N5jaPmemvuOfhPxaFN9tbkRQ86/UkMa2sF+8bM8j5J3iYBEQCIgEZAISAQkAhKBMoSAh52y4iwvXVKRkomg0HBUinD0zZ2z05SLaWnKOuVKdOmE8+86mlnkZKbhMl3uHUKXo9jNXLulm7k5PTnXjcsc6bLcw4mzv/gC+uuXGVn5KB8WjohQAUzpr2qm08ntKlVD/bGVaRIBiYBEQCIgEZAISAQkAlcoAi4O9xUqtRRLIiARkAhIBCQCEgGJgERAIlBGEHBew11GKiDFlAhIBCQCEgGJgERAIiARkAhcyQhIh/tKbh0pm0RAIiARkAhIBCQCEgGJQJlHQDrcZb4JZQUkAhIBiYBEQCIgEZAISASuZASkw30lt46UTSIgEZAISAQkAhIBiYBEoMwjIB3uMt+EsgISAYmAREAiIBGQCEgEJAJXMgLS4b6SW0fKJhGQCEgEJAISAYmAREAiUOYRkA53mW9CWQGJgERAIiARkAhIBCQCEoErGQHpcF/JrSNlkwhIBCQCEgGJgERAIiARKPMISIe7zDehrIBEQCIgEZAISAQkAhIBicCVjMD/AWP/TK16xm7XAAAAAElFTkSuQmCC" alt="" name="en-media:image/png:ec3f94db0fdf23a1ab6538aa673f8844:none:none" />
(引用自 https://www.redhat.com/cms/managed-files/li-new-in-rhel74-technology-overview-f10498kc-201801-en.pdf)
2.3.2 Docker 对 user namespace 的支持
在 Docker 1.10 版本之前,Docker 是不支持 user namespace。也就是说,默认地,容器内的进程的运行用户就是 host 上的 root 用户,这样的话,当 host 上的文件或者目录作为 volume 被映射到容器以后,容器内的进程其实是有 root 的几乎所有权限去修改这些 host 上的目录的,这会有很大的安全问题。
举例:
- 启动一个容器: docker run -d -v /bin:/host/bin --name web34 training/webapp python app.py
- 此时进程的用户在容器内和外都是root,它在容器内可以对 host 上的 /bin 目录做任意修改:
root@devstack:/home/sammy# docker exec -ti web34 id
uid=(root) gid=(root) groups=(root)
root@devstack:/home/sammy# id
uid=(root) gid=(root) groups=(root)
而 Docker 1.10 中引入的 user namespace 就可以让容器有一个 “假”的 root 用户,它在容器内是 root,它被映射到容器外一个非 root 用户。也就是说,user namespace 实现了 host users 和 container users 之间的映射。
启用步骤:
- 修改 /etc/default/docker 文件,添加行 DOCKER_OPTS="--userns-remap=default"
- 重启 docker 服务,此时 dockerd 进程为 /usr/bin/dockerd --userns-remap=default --raw-logs
- 然后创建一个容器:docker run -d -v /bin:/host/bin --name web35 training/webapp python app.py
- 查看进程在容器内外的用户:
root@devstack:/home/sammy# ps -ef | grep python
: ? :: python app.py
root@devstack:/home/sammy# docker exec web35 ps -ef
UID PID PPID C STIME TTY TIME CMD
root : ? :: python app.py
- 查看文件/etc/subuid 和 /etc/subgid,可以看到 dockermap 用户在host 上的 uid 和 gid 都是 231072:
root@devstack:/home/sammy# cat /etc/subuid
sammy::
stack::
dockremap::65536
root@devstack:/home/sammy# cat /etc/subgid
sammy:100000:65536
stack:165536:65536
dockremap:231072:65536
- 再看文件/proc/1726/uid_map,它表示了容器内外用户的映射关系,即将host 上的 231072 用户映射为容器内的 0 (即root)用户。
root@devstack:/home/sammy# cat /proc//uid_map
- 现在,我们试图在容器内修改 host 上的 /bin 文件夹,就会提示权限不足了:
root@80993d821f7b:/host/bin# touch test2
touch: cannot touch 'test2': Permission denied
这说明通过使用 user namespace,使得容器内的进程运行在非 root 用户,我们就成功地限制了容器内进程的权限。
2.3.3 检查 linux 操作系统是否启用了 user namespace
运行下面的命令即可检查是否启用了:
[root@node1 ]# uname -a
Linux node1.exampleos.com 3.10.-514.2..el7.x86_64 # SMP Tue Dec :: UTC x86_64 x86_64 x86_64 GNU/Linux
[root@node1 ]# cat /boot/config-3.10.-514.2..el7.x86_64 | grep CONFIG_USER_NS
CONFIG_USER_NS=y
如果是 「y」,则启用了,否则未启用。同样地,可以查看其它 namespace:
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
2.3.4 在 Centos/RedHat Linux 7 中启用 user namespace
资料来源:https://github.com/procszoo/procszoo/wiki/How-to-enable-%22user%22-namespace-in-RHEL7-and-CentOS7%3F
这两个版本中,默认 user namespace 是未被启用的。
运行下面的命令,然后运行 reboot,就可以启用了:
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
运行下面的命令,然后运行 reboot,就关闭了:
grubby --remove-args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
2.3.5 OpenShift 对 user namespace 的支持
在 OpenShift 3.11 版本中,应该还不支持 user namespace,下面是 dockerd 进程:
/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc
--exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current
--init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json
--signature-verification=False --storage-driver overlay2 --mtu=
[root@node1 ]# ls
attr cgroup comm cwd fd io map_files mountinfo net oom_adj pagemap root sessionid stack status timers
autogroup clear_refs coredump_filter environ fdinfo limits maps mounts ns oom_score personality sched setgroups stat syscall uid_map
auxv cmdline cpuset exe gid_map loginuid mem mountstats numa_maps oom_score_adj projid_map schedstat smaps statm task wchan
[root@node1 ]# cat uid_map
[root@node1 ]# cat gid_map
正是/proc/<pid>/uid_map 和 /proc/<pid>/gid_map 这两个文件, 把容器中的uid和真实系统的uid给映射在一起。这两个文件的格式为:
ID-inside-ns ID-outside-ns length
其中:
- 第一个字段ID-inside-ns表示在容器显示的UID或GID,
- 第二个字段ID-outside-ns表示容器外映射的真实的UID或GID。
- 第三个字段表示映射的范围,一般填1,表示一一对应。
举个例子, 0 1000 256这条配置就表示父user namespace中的1000~1256映射到新user namespace中的0~256。
比如,把真实的uid=1000映射成容器内的uid=0:
把namespace内部从0开始的uid映射到外部从0开始的uid,其最大范围是无符号32位整形:
上面的截图中正是后面这种情形,也就是容器中的 uid 和宿主机上的 uid 是从0开始一一对应着映射的。
备注:linux user namespace 非常复杂,应该是所有 namespace 中最复杂的一个。这里只是一个简单介绍,还进一步理解,还需要阅读更多材料,比如 https://lwn.net/Articles/532593/系列文章。
2.4 network namespace
默认情况下,当 docker 实例被创建出来后,使用 ip netns 命令无法看到容器实例对应的 network namespace。这是因为 ip netns 命令是从 /var/run/netns 文件夹中读取内容的。
步骤:
- 找到容器的主进程 ID
root@devstack:/home/sammy# docker inspect --format '{{.State.Pid}}' web5
- 创建 /var/run/netns 目录以及符号连接
root@devstack:/home/sammy# mkdir /var/run/netns
root@devstack:/home/sammy# ln -s /proc//ns/net /var/run/netns/web5
- 此时可以使用 ip netns 命令了
root@devstack:/home/sammy# ip netns
web5
root@devstack:/home/sammy# ip netns exec web5 ip addr
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN group default
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP group default
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/ scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80:::acff:fe11:/ scope link
valid_lft forever preferred_lft forever
其他的几个 namespace,比如 network,mnt 等,比较简单,这里就不多说了。总之,Docker 守护进程为每个容器都创建了六种namespace 的实例,使得容器中的进程都处于一种隔离的运行环境之中:
root@devstack:/proc/1726/ns# ls -l
total 0
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 ipc -> ipc:[4026532210]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 mnt -> mnt:[4026532208]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:44 net -> net:[4026532213]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 pid -> pid:[4026532211]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 user -> user:[4026532207]
lrwxrwxrwx 1 231072 231072 0 Sep 18 01:45 uts -> uts:[4026532209]
3. Docker run 命令中 namespace 中相关参数
Docker run 命令有几个参数和 namespace 相关:
- --ipc string IPC namespace to use
- --pid string PID namespace to use
- --userns string User namespace to use
- --uts string UTS namespace to use
3.1 --userns
--userns:指定容器使用的 user namespace
- 'host': 使用 Docker host user namespace
- '': 使用由 `--userns-remap‘ 指定的 Docker deamon user namespace
你可以在启用了 user namespace 的情况下,强制某个容器运行在 host user namespace 之中:
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web37 --userns host training/webapp python app.py
9c61e9a233abef7badefa364b683123742420c58d7a06520f14b26a547a9476c
root@devstack:/proc/# ps -ef | grep python
root : ? :: python app.py
否则默认的话,就会运行在特定的 user namespace 之中了。
3.2 --pid
同样的,可以指定容器使用 Docker host pid namespace,这样,在容器中的进程,可以看到 host 上的所有进程。注意此时不能启用 user namespace。
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web38 --pid host --userns host training/webapp python app.py
f40f6702b61e3028a6708cdd7b167474ddf2a98e95b6793a1326811fc4aa161d
root@devstack:/proc/#
root@devstack:/proc/# docker exec -it web38 bash
root@f40f6702b61e:/opt/webapp# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 0.0 0.1 ? Ss : : /sbin/init
root 0.0 0.0 ? S : : [kthreadd]
root 0.0 0.0 ? S : : [ksoftirqd/]
root 0.0 0.0 ? S< : : [kworker/:0H]
root 0.0 0.0 ? S : : [kworker/u2:]
root 0.0 0.0 ? S : : [rcu_sched]
......
3.3 --uts
同样地,可以使容器使用 Docker host uts namespace。此时,最明显的是,容器的 hostname 和 Docker hostname 是相同的。
root@devstack:/proc/# docker run -d -v /bin:/host/bin --name web39 --uts host training/webapp python app.py
38e8b812e7020106bf8d3952b88085028fc87f4427af0c3b0a29b6a69c979221
root@devstack:/proc/# docker exec -it web39 bash
root@devstack:/opt/webapp# hostname
devstack
参考链接
- Docker基础技术:Linux Namespace(下)
在 Docker基础技术:Linux Namespace(上篇)中我们了解了,UTD.IPC.PID.Mount 四个namespace,我们模仿Docker做了一个相当相当山寨的镜像.在这一篇中,主 ...
- Docker 基础技术:Linux Namespace(下)
导读 在Docker基础技术:Linux Namespace(上篇)中我们了解了,UTD.IPC.PID.Mount 四个namespace,我们模仿Docker做了一个相当相当山寨的镜像.在这一篇中 ...
- Docker学习笔记之一,搭建一个JAVA Tomcat运行环境
Docker学习笔记之一,搭建一个JAVA Tomcat运行环境 前言 Docker旨在提供一种应用程序的自动化部署解决方案,在 Linux 系统上迅速创建一个容器(轻量级虚拟机)并部署和运行应用程序 ...
- Python学习笔记(四十三)virtualenv (创建一套“隔离”的Python运行环境)
摘抄自:https://www.liaoxuefeng.com/wiki/0014316089557264a6b348958f449949df42a6d3a2e542c000/001432712108 ...
- 使用virtualenv为应用提供了隔离的Python运行环境
在开发Python应用程序的时候,系统安装的Python3只有一个版本:3.4.所有第三方的包都会被pip安装到Python3的site-packages目录下. 如果我们要同时开发多个应用程序,那这 ...
- Docker基础技术:Linux Namespace(上)
时下最热的技术莫过于Docker了,很多人都觉得Docker是个新技术,其实不然,Docker除了其编程语言用go比较新外,其实它还真不是个新东西,也就是个新瓶装旧酒的东西,所谓的The New “O ...
- Docker 基础技术之 Linux namespace 详解
Docker 是"新瓶装旧酒"的产物,依赖于 Linux 内核技术 chroot .namespace 和 cgroup.本篇先来看 namespace 技术. Docker 和虚 ...
- Docker 基础技术之 Linux namespace 源码分析
上篇我们从进程 clone 的角度,结合代码简单分析了 Linux 提供的 6 种 namespace,本篇从源码上进一步分析 Linux namespace,让你对 Docker namespace ...
- Docker学习笔记之一,搭建一个JAVA Tomcat运行环境(转)
前言 Docker旨在提供一种应用程序的自动化部署解决方案,在 Linux 系统上迅速创建一个容器(轻量级虚拟机)并部署和运行应用程序,并通过配置文件可以轻松实现应用程序的自动化安装.部署和升级,非常 ...
随机推荐
- 【Win 10 应用开发】Web授权示例:获取新浪微博的授权码
在使用类似微博的开放API的时候,会涉及到授权的问题,就拿微博来说,当用户在你的应用中需要调用微博API来处理一些事情时,你首先要让用户登录微博,得到用户授权后,才能调用微博API. 授权通常通过一个 ...
- jQuery的DOM操作实例(1)——选项卡&&Tab切换
一.原生JavaScript编写tab切换 二.jQuery编写tab切换 在用jQuery编写选项卡过程中,重要的事搞清楚 .eq() 和 .index() 的使用方法. .eq()是jQuery遍 ...
- Java内存模型深度解析:总结--转
原文地址:http://www.codeceo.com/article/java-memory-7.html 处理器内存模型 顺序一致性内存模型是一个理论参考模型,JMM和处理器内存模型在设计时通常会 ...
- spring 多数据源一致性事务方案
spring 多数据源配置 spring 多数据源配置一般有两种方案: 1.在spring项目启动的时候直接配置两个不同的数据源,不同的sessionFactory.在dao 层根据不同业务自行选择使 ...
- 【分布式】Zookeeper使用--Java API
一.前言 上一篇博客我们通过命令行来操作Zookeper的客户端和服务端并进行相应的操作,这篇主要介绍如何通过API(JAVA)来操作Zookeeper. 二.开发环境配置 首先打开Zookeeper ...
- [JavaEE笔记]Cookie
引言 由于 Http 是一种无状态的协议,服务器单从网络连接上无从知道客户身份. 会话跟踪是 Web 程序中常用的技术,用来跟踪用户的整个会话.常用会话跟踪技术是 Cookie 与 Session. ...
- 灵活可扩展的工作流管理平台Airflow
1. 引言 Airflow是Airbnb开源的一个用Python写就的工作流管理平台(workflow management platform).在前一篇文章中,介绍了如何用Crontab管理数据流, ...
- LinqToDB 源码分析——设计原理
我们知道实现了IQueryable<T>接口和IQueryProvider接口就可以使用Linq To SQL的功能.关于如何去实现的话,上一章也为我们引导了一个方向.LinqToDB框架 ...
- ManualResetEvent知识总结
一. 用法概述 Manual发音:英[ˈmænjuəl] 直译,手动重置事件 开发者的可以手动对线程间的交互进行手动控制. 二.构造函数 构造函数,如果为 true,则将初始状态设置为终止:如果为 f ...
- Rafy 框架 - 大批量导入实体
某些场景下,开发者希望能够大批量地把实体的数据导入到数据库中.虽然使用实体仓库保存实体列表非常方便,但是其内部实现机制是一条一条的保存到数据库,当实体的个数较多时,效率就会很低.所以 Rafy 设计了 ...