* debian/login.pam: Ignore pam_selinux.so failures when the module do not
exist. A required pam_selinux.so makes login fail when the module does not
exist (e.g. on architecture without SE Linux support). Closes: #528673
This commit is contained in:
Vendored
+4
-1
@@ -6,8 +6,11 @@ shadow (1:4.1.4-2) unstable; urgency=low
|
||||
* debian/login.postinst: Install /var/log/faillog during initial installs
|
||||
only. This permits admins to disable failed logins recording.
|
||||
Closes: #488420
|
||||
* debian/login.pam: Ignore pam_selinux.so failures when the module do not
|
||||
exist. A required pam_selinux.so makes login fail when the module does not
|
||||
exist (e.g. on architecture without SE Linux support). Closes: #528673
|
||||
|
||||
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Mon, 11 May 2009 22:39:07 +0200
|
||||
-- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Thu, 14 May 2009 21:08:09 +0200
|
||||
|
||||
shadow (1:4.1.4-1) unstable; urgency=low
|
||||
|
||||
|
||||
Vendored
+6
-4
@@ -28,9 +28,10 @@ auth requisite pam_nologin.so
|
||||
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without out this it is possible
|
||||
# that a module could execute code in the wrong domain. (When SELinux
|
||||
# that a module could execute code in the wrong domain.
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
session required pam_selinux.so close
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
@@ -91,6 +92,7 @@ session optional pam_mail.so standard
|
||||
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this. (When
|
||||
# SELinux is disabled, this returns success.)
|
||||
# intended to run in the user's context should be run after this.
|
||||
session required pam_selinux.so open
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
|
||||
Reference in New Issue
Block a user