diff options
author | Xin Ouyang <Xin.Ouyang@windriver.com> | 2013-04-23 13:20:56 +0800 |
---|---|---|
committer | Xin Ouyang <Xin.Ouyang@windriver.com> | 2013-04-25 16:06:20 +0800 |
commit | e6ed027e0301388be6a34f4822f0da55dd2d5a23 (patch) | |
tree | 89eab521be9214d4277206a8913b7a43834468a4 /recipes-extended/shadow | |
parent | dc917209fd0e6b6656650252eb45ccba465e2f63 (diff) | |
download | meta-selinux-e6ed027e0301388be6a34f4822f0da55dd2d5a23.tar.gz |
shadow: drop select_context for login pam_selinux
select_context param for pam_selinux module attempt to ask the user
for a custom security context role while login.
Admins and linux distros hardly use this param to the pam configs,
because this adds a new step in login process, and users could use
"newrole" command instead after login in.
Moreover, this is totally unnecessary for policy types without
multiple roles.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Diffstat (limited to 'recipes-extended/shadow')
-rw-r--r-- | recipes-extended/shadow/files/pam.d/login | 2 | ||||
-rw-r--r-- | recipes-extended/shadow/shadow_4.1.4.3.bbappend | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login index 43c3654..1ec26a3 100644 --- a/recipes-extended/shadow/files/pam.d/login +++ b/recipes-extended/shadow/files/pam.d/login | |||
@@ -93,6 +93,6 @@ session include common-session | |||
93 | # SELinux needs to intervene at login time to ensure that the process | 93 | # SELinux needs to intervene at login time to ensure that the process |
94 | # starts in the proper default security context. Only sessions which are | 94 | # starts in the proper default security context. Only sessions which are |
95 | # intended to run in the user's context should be run after this. | 95 | # intended to run in the user's context should be run after this. |
96 | session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open select_context | 96 | session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open |
97 | # When the module is present, "required" would be sufficient (When SELinux | 97 | # When the module is present, "required" would be sufficient (When SELinux |
98 | # is disabled, this returns success.) | 98 | # is disabled, this returns success.) |
diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend index f871e67..cacfb8b 100644 --- a/recipes-extended/shadow/shadow_4.1.4.3.bbappend +++ b/recipes-extended/shadow/shadow_4.1.4.3.bbappend | |||
@@ -1,4 +1,4 @@ | |||
1 | PR .= ".4" | 1 | PR .= ".5" |
2 | 2 | ||
3 | inherit with-selinux with-audit | 3 | inherit with-selinux with-audit |
4 | 4 | ||