Re: [OE-core] [PATCH] shadow: remove selinux entry from pam.d/login

Wed, 01 Jun 2011 02:23:44 -0700 

This one is orthogonal to the other shadow patches by the looks of it.

Op 31 mei 2011, om 20:33 heeft Koen Kooi het volgende geschreven:

> SElinux has been disabled in the recipe, leading to messages like this:
> 
> [  167.643218] login[312]: PAM unable to 
> dlopen(/lib/security/pam_selinux.so): /lib/security/pam_selinux.so: cannot 
> open shared object file: No such file or directory
> [  167.670837] login[312]: PAM adding faulty module: 
> /lib/security/pam_selinux.so
> 
> Signed-off-by: Koen Kooi <k...@dominion.thruhere.net>
> ---
> meta/recipes-extended/shadow/files/pam.d/login |    7 -------
> meta/recipes-extended/shadow/shadow.inc        |    2 ++
> 2 files changed, 2 insertions(+), 7 deletions(-)
> 
> diff --git a/meta/recipes-extended/shadow/files/pam.d/login 
> b/meta/recipes-extended/shadow/files/pam.d/login
> index e41eb04..e4dacc2 100644
> --- a/meta/recipes-extended/shadow/files/pam.d/login
> +++ b/meta/recipes-extended/shadow/files/pam.d/login
> @@ -26,13 +26,6 @@ auth       [success=ok ignore=ignore user_unknown=ignore 
> default=die]  pam_secur
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> auth       requisite  pam_nologin.so
> 
> -# SELinux needs to be the first session rule. This ensures that any 
> -# lingering context has been cleared. Without out this it is possible 
> -# that a module could execute code in the wrong domain.
> -# When the module is present, "required" would be sufficient (When SELinux
> -# is disabled, this returns success.)
> -session [success=ok ignore=ignore module_unknown=ignore default=bad] 
> pam_selinux.so close
> -
> # This module parses environment configuration file(s)
> # and also allows you to use an extended config
> # file /etc/security/pam_env.conf.
> diff --git a/meta/recipes-extended/shadow/shadow.inc 
> b/meta/recipes-extended/shadow/shadow.inc
> index 42f92a7..35bd6a8 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -6,6 +6,8 @@ LICENSE = "BSD | Artistic"
> LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
>                     
> file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
> 
> +PR = "r1"
> +
> PAM_PLUGINS = "  libpam-runtime \
>                  pam-plugin-faildelay \
>                  pam-plugin-securetty \
> -- 
> 1.6.6.1
> 


_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to