[Pkg-shadow-devel] Bug#747313: login: Please move pam_selinux open call higher in the session PAM stack

Laurent Bigonville bigon at debian.org
Wed May 7 12:14:34 UTC 2014

Package: login
Version: 1:4.2-2
Severity: normal
Tags: patch


After looking at Fedora/CentOS ssh pam config file and talking with
people upstream[0] I think that the call to pam_selinux open should be
moved higher in the session stack (just after pam_loginuid and before
pam_keyinit to follow what Fedora is doing).

Note that any new pam modules should be added after this pam_selinux
open call.


Laurent Bigonville

[0] http://marc.info/?l=selinux&m=139940365925225&w=2

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages login depends on:
ii  libaudit1       1:2.3.6-1
ii  libc6           2.18-5
ii  libpam-modules  1.1.8-3
ii  libpam-runtime  1.1.8-3
ii  libpam0g        1.1.8-3

login recommends no packages.

login suggests no packages.

-- Configuration Files:
/etc/pam.d/login changed [not included]

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Move-pam_selinux-open-call-higher-in-the-session-sta.patch
Type: text/x-diff
Size: 2600 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20140507/9e19cad1/attachment.patch>

More information about the Pkg-shadow-devel mailing list