summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRahul Sandhu <rahul@sandhuservices.dev>2024-09-23 18:36:58 +0100
committerMike Gilbert <floppym@gentoo.org>2024-09-26 15:15:20 -0400
commit27e8a693ee6afa4ae673f1f4625fae81b86ad86f (patch)
tree95863eae2011a2c5380049dd2942ba16fd4b929e
parentmedia-libs/openimageio: implement an important configure fix for all versions (diff)
downloadgentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.gz
gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.bz2
gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.zip
sys-apps/systemd: call pam_selinux.so in pam config for systemd-user
Currently, systemd --user sessions get launched with the wrong context, init_t. Let's fix our pam config for systemd-user by calling pam_selinux.so with close and nottys open like upstream does. Closes: https://bugs.gentoo.org/908759 Signed-off-by: Rahul Sandhu <rahul@sandhuservices.dev> Closes: https://github.com/gentoo/gentoo/pull/38747 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r--sys-apps/systemd/files/systemd-user-selinux.pam7
-rw-r--r--sys-apps/systemd/systemd-254.13.ebuild6
-rw-r--r--sys-apps/systemd/systemd-254.16.ebuild6
-rw-r--r--sys-apps/systemd/systemd-254.17.ebuild6
-rw-r--r--sys-apps/systemd/systemd-254.18.ebuild6
-rw-r--r--sys-apps/systemd/systemd-255.10.ebuild6
-rw-r--r--sys-apps/systemd/systemd-255.11.ebuild6
-rw-r--r--sys-apps/systemd/systemd-255.12.ebuild6
-rw-r--r--sys-apps/systemd/systemd-255.7-r1.ebuild6
-rw-r--r--sys-apps/systemd/systemd-256.1-r3.ebuild6
-rw-r--r--sys-apps/systemd/systemd-256.2.ebuild6
-rw-r--r--sys-apps/systemd/systemd-256.4.ebuild6
-rw-r--r--sys-apps/systemd/systemd-256.5.ebuild6
-rw-r--r--sys-apps/systemd/systemd-256.6.ebuild6
-rw-r--r--sys-apps/systemd/systemd-9999.ebuild6
15 files changed, 77 insertions, 14 deletions
diff --git a/sys-apps/systemd/files/systemd-user-selinux.pam b/sys-apps/systemd/files/systemd-user-selinux.pam
new file mode 100644
index 000000000000..0d5d6beb34da
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user-selinux.pam
@@ -0,0 +1,7 @@
+account include system-auth
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so
diff --git a/sys-apps/systemd/systemd-254.13.ebuild b/sys-apps/systemd/systemd-254.13.ebuild
index b03afeebbbe9..44b91c0ed762 100644
--- a/sys-apps/systemd/systemd-254.13.ebuild
+++ b/sys-apps/systemd/systemd-254.13.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use split-usr; then
diff --git a/sys-apps/systemd/systemd-254.16.ebuild b/sys-apps/systemd/systemd-254.16.ebuild
index 3c99d5286da8..2e0de48f21dc 100644
--- a/sys-apps/systemd/systemd-254.16.ebuild
+++ b/sys-apps/systemd/systemd-254.16.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use split-usr; then
diff --git a/sys-apps/systemd/systemd-254.17.ebuild b/sys-apps/systemd/systemd-254.17.ebuild
index 6948d7750c89..deb2c7187296 100644
--- a/sys-apps/systemd/systemd-254.17.ebuild
+++ b/sys-apps/systemd/systemd-254.17.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use split-usr; then
diff --git a/sys-apps/systemd/systemd-254.18.ebuild b/sys-apps/systemd/systemd-254.18.ebuild
index 3c99d5286da8..2e0de48f21dc 100644
--- a/sys-apps/systemd/systemd-254.18.ebuild
+++ b/sys-apps/systemd/systemd-254.18.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use split-usr; then
diff --git a/sys-apps/systemd/systemd-255.10.ebuild b/sys-apps/systemd/systemd-255.10.ebuild
index 6b6829770ddf..ddf10377645d 100644
--- a/sys-apps/systemd/systemd-255.10.ebuild
+++ b/sys-apps/systemd/systemd-255.10.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-255.11.ebuild b/sys-apps/systemd/systemd-255.11.ebuild
index caca95ec35cf..b7f7c92ef5c2 100644
--- a/sys-apps/systemd/systemd-255.11.ebuild
+++ b/sys-apps/systemd/systemd-255.11.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-255.12.ebuild b/sys-apps/systemd/systemd-255.12.ebuild
index 6b6829770ddf..ddf10377645d 100644
--- a/sys-apps/systemd/systemd-255.12.ebuild
+++ b/sys-apps/systemd/systemd-255.12.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-255.7-r1.ebuild b/sys-apps/systemd/systemd-255.7-r1.ebuild
index 11a5556c2b86..91957bd6756a 100644
--- a/sys-apps/systemd/systemd-255.7-r1.ebuild
+++ b/sys-apps/systemd/systemd-255.7-r1.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-256.1-r3.ebuild b/sys-apps/systemd/systemd-256.1-r3.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.1-r3.ebuild
+++ b/sys-apps/systemd/systemd-256.1-r3.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-256.2.ebuild b/sys-apps/systemd/systemd-256.2.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.2.ebuild
+++ b/sys-apps/systemd/systemd-256.2.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-256.4.ebuild b/sys-apps/systemd/systemd-256.4.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.4.ebuild
+++ b/sys-apps/systemd/systemd-256.4.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-256.5.ebuild b/sys-apps/systemd/systemd-256.5.ebuild
index 65993127c17e..37a10570fcd1 100644
--- a/sys-apps/systemd/systemd-256.5.ebuild
+++ b/sys-apps/systemd/systemd-256.5.ebuild
@@ -440,7 +440,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-256.6.ebuild b/sys-apps/systemd/systemd-256.6.ebuild
index 65993127c17e..37a10570fcd1 100644
--- a/sys-apps/systemd/systemd-256.6.ebuild
+++ b/sys-apps/systemd/systemd-256.6.ebuild
@@ -440,7 +440,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index aa4c7f43e59a..0e8952909fb9 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -439,7 +439,11 @@ multilib_src_install_all() {
keepdir /var/log/journal
if use pam; then
- newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ if use selinux; then
+ newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+ else
+ newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+ fi
fi
if use kernel-install; then