r33497 - in /desktop/unstable/gdm3/debian: changelog gdm3-autologin.pam gdm3.pam
bigon at users.alioth.debian.org
bigon at users.alioth.debian.org
Fri Mar 23 10:38:09 UTC 2012
Author: bigon
Date: Fri Mar 23 10:38:09 2012
New Revision: 33497
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=33497
Log:
debian/gdm3.pam, debian/gdm3-autologin.pam: Call pam_selinux pam module
(Closes: #661289)
Modified:
desktop/unstable/gdm3/debian/changelog
desktop/unstable/gdm3/debian/gdm3-autologin.pam
desktop/unstable/gdm3/debian/gdm3.pam
Modified: desktop/unstable/gdm3/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdm3/debian/changelog?rev=33497&op=diff
==============================================================================
--- desktop/unstable/gdm3/debian/changelog [utf-8] (original)
+++ desktop/unstable/gdm3/debian/changelog [utf-8] Fri Mar 23 10:38:09 2012
@@ -67,7 +67,11 @@
* Require d-conf 0.10.0-4 to configure the dconf path and parse
defaults in order.
- -- Josselin Mouette <joss at debian.org> Thu, 24 Nov 2011 22:29:47 +0100
+ [ Laurent Bigonville ]
+ * debian/gdm3.pam, debian/gdm3-autologin.pam: Call pam_selinux pam module
+ (Closes: #661289)
+
+ -- Laurent Bigonville <bigon at debian.org> Fri, 23 Mar 2012 11:36:02 +0100
gdm3 (3.0.4-4) unstable; urgency=low
Modified: desktop/unstable/gdm3/debian/gdm3-autologin.pam
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdm3/debian/gdm3-autologin.pam?rev=33497&op=diff
==============================================================================
--- desktop/unstable/gdm3/debian/gdm3-autologin.pam [utf-8] (original)
+++ desktop/unstable/gdm3/debian/gdm3-autologin.pam [utf-8] Fri Mar 23 10:38:09 2012
@@ -3,8 +3,16 @@
auth required pam_succeed_if.so user != root quiet_success
auth required pam_permit.so
@include common-account
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
Modified: desktop/unstable/gdm3/debian/gdm3.pam
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/gdm3/debian/gdm3.pam?rev=33497&op=diff
==============================================================================
--- desktop/unstable/gdm3/debian/gdm3.pam [utf-8] (original)
+++ desktop/unstable/gdm3/debian/gdm3.pam [utf-8] Fri Mar 23 10:38:09 2012
@@ -4,9 +4,17 @@
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
@include common-password
More information about the pkg-gnome-commits
mailing list