[SCM] KDE Base Workspace module packaging branch, kde4.11, updated. debian/4.11.2-3-2-gd9a4d12
Lisandro Damián Nicanor Pérez
lisandro at alioth.debian.org
Fri Nov 1 20:35:17 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde-workspace.git;a=commitdiff;h=d9a4d12
The following commit has been merged in the kde4.11 branch:
commit d9a4d1232a6083b75ba8a1bfdfe3d9f4f84d3a20
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Fri Nov 1 17:34:55 2013 -0300
Add calls to pam_selinux module in pam files
Closes: #677438, #664808
---
debian/changelog | 3 +++
debian/kdm.pam | 11 ++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 1fd98d5..d547faa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
kde-workspace (4:4.11.2-4) UNRELEASED; urgency=low
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Add calls to pam_selinux module in pam files (Closes: #677438, #664808).
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Fri, 01 Nov 2013 17:31:09 -0300
kde-workspace (4:4.11.2-3) experimental; urgency=low
diff --git a/debian/kdm.pam b/debian/kdm.pam
index ed7c45a..c3a52be 100644
--- a/debian/kdm.pam
+++ b/debian/kdm.pam
@@ -5,7 +5,16 @@ auth required pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
+session required pam_loginuid.so
+ at include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-account
@include common-password
- at include common-session
--
KDE Base Workspace module packaging
More information about the pkg-kde-commits
mailing list