[SCM] KDE Base Workspace module packaging branch, kde4.11, updated. debian/4.11.2-3-2-gd9a4d12

Lisandro Damián Nicanor Pérez lisandro at alioth.debian.org
Fri Nov 1 20:35:17 UTC 2013 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde-workspace.git;a=commitdiff;h=d9a4d12

The following commit has been merged in the kde4.11 branch:
commit d9a4d1232a6083b75ba8a1bfdfe3d9f4f84d3a20
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date:   Fri Nov 1 17:34:55 2013 -0300

    Add calls to pam_selinux module in pam files
    
    Closes: #677438, #664808
---
 debian/changelog |    3 +++
 debian/kdm.pam   |   11 ++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 1fd98d5..d547faa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
 kde-workspace (4:4.11.2-4) UNRELEASED; urgency=low
 
+  [ Lisandro Damián Nicanor Pérez Meyer ]
+  * Add calls to pam_selinux module in pam files (Closes: #677438, #664808).
+
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Fri, 01 Nov 2013 17:31:09 -0300
 
 kde-workspace (4:4.11.2-3) experimental; urgency=low
diff --git a/debian/kdm.pam b/debian/kdm.pam
index ed7c45a..c3a52be 100644
--- a/debian/kdm.pam
+++ b/debian/kdm.pam
@@ -5,7 +5,16 @@ auth       required     pam_nologin.so
 auth       required     pam_env.so readenv=1
 auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
 @include common-auth
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session    [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
 session    required     pam_limits.so
+session    required     pam_loginuid.so
+ at include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session    [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
 @include common-account
 @include common-password
- at include common-session

-- 
KDE Base Workspace module packaging

More information about the pkg-kde-commits mailing list