From e6ed027e0301388be6a34f4822f0da55dd2d5a23 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Tue, 23 Apr 2013 13:20:56 +0800 Subject: shadow: drop select_context for login pam_selinux select_context param for pam_selinux module attempt to ask the user for a custom security context role while login. Admins and linux distros hardly use this param to the pam configs, because this adds a new step in login process, and users could use "newrole" command instead after login in. Moreover, this is totally unnecessary for policy types without multiple roles. Signed-off-by: Xin Ouyang --- recipes-extended/shadow/files/pam.d/login | 2 +- recipes-extended/shadow/shadow_4.1.4.3.bbappend | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login index 43c3654..1ec26a3 100644 --- a/recipes-extended/shadow/files/pam.d/login +++ b/recipes-extended/shadow/files/pam.d/login @@ -93,6 +93,6 @@ session include common-session # SELinux needs to intervene at login time to ensure that the process # starts in the proper default security context. Only sessions which are # intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open select_context +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open # When the module is present, "required" would be sufficient (When SELinux # is disabled, this returns success.) diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend index f871e67..cacfb8b 100644 --- a/recipes-extended/shadow/shadow_4.1.4.3.bbappend +++ b/recipes-extended/shadow/shadow_4.1.4.3.bbappend @@ -1,4 +1,4 @@ -PR .= ".4" +PR .= ".5" inherit with-selinux with-audit -- cgit v1.2.3-54-g00ecf