shadow: drop select_context for login pam_selinux

select_context param for pam_selinux module attempt to ask the user for a custom security context role while login. Admins and linux distros hardly use this param to the pam configs, because this adds a new step in login process, and users could use "newrole" command instead after login in. Moreover, this is totally unnecessary for policy types without multiple roles. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
author: Xin Ouyang <Xin.Ouyang@windriver.com> 2013-04-23 13:20:56 +0800
committer: Xin Ouyang <Xin.Ouyang@windriver.com> 2013-04-25 16:06:20 +0800
commit: e6ed027e0301388be6a34f4822f0da55dd2d5a23 (patch)
tree: 89eab521be9214d4277206a8913b7a43834468a4 /recipes-extended/shadow
parent: dc917209fd0e6b6656650252eb45ccba465e2f63 (diff)
download: meta-selinux-e6ed027e0301388be6a34f4822f0da55dd2d5a23.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login
index 43c3654..1ec26a3 100644
--- a/recipes-extended/shadow/files/pam.d/login
+++ b/recipes-extended/shadow/files/pam.d/login
@@ -93,6 +93,6 @@ session    include      common-session
 # SELinux needs to intervene at login time to ensure that the process
 # starts in the proper default security context. Only sessions which are
 # intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open select_context
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
 # When the module is present, "required" would be sufficient (When SELinux
 # is disabled, this returns success.)
diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
index f871e67..cacfb8b 100644
--- a/recipes-extended/shadow/shadow_4.1.4.3.bbappend
+++ b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
@@ -1,4 +1,4 @@
-PR .= ".4"
+PR .= ".5"
 inherit with-selinux with-audit
author	Xin Ouyang <Xin.Ouyang@windriver.com>	2013-04-23 13:20:56 +0800
committer	Xin Ouyang <Xin.Ouyang@windriver.com>	2013-04-25 16:06:20 +0800
commit	e6ed027e0301388be6a34f4822f0da55dd2d5a23 (patch)
tree	89eab521be9214d4277206a8913b7a43834468a4 /recipes-extended/shadow
parent	dc917209fd0e6b6656650252eb45ccba465e2f63 (diff)
download	meta-selinux-e6ed027e0301388be6a34f4822f0da55dd2d5a23.tar.gz

diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login index 43c3654..1ec26a3 100644 --- a/recipes-extended/shadow/files/pam.d/login +++ b/recipes-extended/shadow/files/pam.d/login
@@ -93,6 +93,6 @@ session include common-session
93	# SELinux needs to intervene at login time to ensure that the process	93	# SELinux needs to intervene at login time to ensure that the process
94	# starts in the proper default security context. Only sessions which are	94	# starts in the proper default security context. Only sessions which are
95	# intended to run in the user's context should be run after this.	95	# intended to run in the user's context should be run after this.
96	session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open select_context	96	session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
97	# When the module is present, "required" would be sufficient (When SELinux	97	# When the module is present, "required" would be sufficient (When SELinux
98	# is disabled, this returns success.)	98	# is disabled, this returns success.)


diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend index f871e67..cacfb8b 100644 --- a/recipes-extended/shadow/shadow_4.1.4.3.bbappend +++ b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
@@ -1,4 +1,4 @@
1	PR .= ".4"	1	PR .= ".5"
2		2
3	inherit with-selinux with-audit	3	inherit with-selinux with-audit
4		4