All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit] linux-pam: adjust login pam file for SELinux
@ 2017-01-25 10:05 Thomas Petazzoni
  0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2017-01-25 10:05 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=be9157e1c060ef2ed1c358ee445e610e892c972b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

When SELinux support is enabled, the login pam file installed by
linux-pam should be adjusted to use the pam_selinux.so module.

To achieve this in a reasonably simple manner, we introduce the SELinux
related lines in login.pam as comments, and if SELinux support is
enabled, turn those commented lines into real lines.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/linux-pam/linux-pam.mk | 5 +++++
 package/linux-pam/login.pam    | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 6ce3839..c8ba30f 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -29,6 +29,10 @@ endif
 ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
 LINUX_PAM_CONF_OPTS += --enable-selinux
 LINUX_PAM_DEPENDENCIES += libselinux
+define LINUX_PAM_SELINUX_PAMFILE_TWEAK
+	$(SED) 's/^# \(.*pam_selinux.so.*\)$$/\1/' \
+		$(TARGET_DIR)/etc/pam.d/login
+endef
 else
 LINUX_PAM_CONF_OPTS += --disable-selinux
 endif
@@ -46,6 +50,7 @@ define LINUX_PAM_INSTALL_CONFIG
 		$(TARGET_DIR)/etc/pam.d/login
 	$(INSTALL) -m 0644 -D package/linux-pam/other.pam \
 		$(TARGET_DIR)/etc/pam.d/other
+	$(LINUX_PAM_SELINUX_PAMFILE_TWEAK)
 endef
 
 LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
diff --git a/package/linux-pam/login.pam b/package/linux-pam/login.pam
index 01f5632..5df7db6 100644
--- a/package/linux-pam/login.pam
+++ b/package/linux-pam/login.pam
@@ -4,7 +4,9 @@ account		required	pam_unix.so
 
 password	required	pam_unix.so nullok
 
+# session	required	pam_selinux.so close
 session		required	pam_limits.so
 session		required	pam_env.so
 session		required	pam_unix.so
 session		optional	pam_lastlog.so
+# session	required	pam_selinux.so open

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2017-01-25 10:05 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-25 10:05 [Buildroot] [git commit] linux-pam: adjust login pam file for SELinux Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.