diff options
author | Rahul Sandhu <rahul@sandhuservices.dev> | 2024-09-23 18:36:58 +0100 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2024-09-26 15:15:20 -0400 |
commit | 27e8a693ee6afa4ae673f1f4625fae81b86ad86f (patch) | |
tree | 95863eae2011a2c5380049dd2942ba16fd4b929e | |
parent | media-libs/openimageio: implement an important configure fix for all versions (diff) | |
download | gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.gz gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.bz2 gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.zip |
sys-apps/systemd: call pam_selinux.so in pam config for systemd-user
Currently, systemd --user sessions get launched with the wrong context,
init_t. Let's fix our pam config for systemd-user by calling
pam_selinux.so with close and nottys open like upstream does.
Closes: https://bugs.gentoo.org/908759
Signed-off-by: Rahul Sandhu <rahul@sandhuservices.dev>
Closes: https://github.com/gentoo/gentoo/pull/38747
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-rw-r--r-- | sys-apps/systemd/files/systemd-user-selinux.pam | 7 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-254.13.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-254.16.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-254.17.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-254.18.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-255.10.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-255.11.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-255.12.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-255.7-r1.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-256.1-r3.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-256.2.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-256.4.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-256.5.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-256.6.ebuild | 6 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 6 |
15 files changed, 77 insertions, 14 deletions
diff --git a/sys-apps/systemd/files/systemd-user-selinux.pam b/sys-apps/systemd/files/systemd-user-selinux.pam new file mode 100644 index 000000000000..0d5d6beb34da --- /dev/null +++ b/sys-apps/systemd/files/systemd-user-selinux.pam @@ -0,0 +1,7 @@ +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth +session optional pam_systemd.so diff --git a/sys-apps/systemd/systemd-254.13.ebuild b/sys-apps/systemd/systemd-254.13.ebuild index b03afeebbbe9..44b91c0ed762 100644 --- a/sys-apps/systemd/systemd-254.13.ebuild +++ b/sys-apps/systemd/systemd-254.13.ebuild @@ -397,7 +397,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-254.16.ebuild b/sys-apps/systemd/systemd-254.16.ebuild index 3c99d5286da8..2e0de48f21dc 100644 --- a/sys-apps/systemd/systemd-254.16.ebuild +++ b/sys-apps/systemd/systemd-254.16.ebuild @@ -397,7 +397,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-254.17.ebuild b/sys-apps/systemd/systemd-254.17.ebuild index 6948d7750c89..deb2c7187296 100644 --- a/sys-apps/systemd/systemd-254.17.ebuild +++ b/sys-apps/systemd/systemd-254.17.ebuild @@ -397,7 +397,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-254.18.ebuild b/sys-apps/systemd/systemd-254.18.ebuild index 3c99d5286da8..2e0de48f21dc 100644 --- a/sys-apps/systemd/systemd-254.18.ebuild +++ b/sys-apps/systemd/systemd-254.18.ebuild @@ -397,7 +397,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use split-usr; then diff --git a/sys-apps/systemd/systemd-255.10.ebuild b/sys-apps/systemd/systemd-255.10.ebuild index 6b6829770ddf..ddf10377645d 100644 --- a/sys-apps/systemd/systemd-255.10.ebuild +++ b/sys-apps/systemd/systemd-255.10.ebuild @@ -408,7 +408,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-255.11.ebuild b/sys-apps/systemd/systemd-255.11.ebuild index caca95ec35cf..b7f7c92ef5c2 100644 --- a/sys-apps/systemd/systemd-255.11.ebuild +++ b/sys-apps/systemd/systemd-255.11.ebuild @@ -408,7 +408,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-255.12.ebuild b/sys-apps/systemd/systemd-255.12.ebuild index 6b6829770ddf..ddf10377645d 100644 --- a/sys-apps/systemd/systemd-255.12.ebuild +++ b/sys-apps/systemd/systemd-255.12.ebuild @@ -408,7 +408,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-255.7-r1.ebuild b/sys-apps/systemd/systemd-255.7-r1.ebuild index 11a5556c2b86..91957bd6756a 100644 --- a/sys-apps/systemd/systemd-255.7-r1.ebuild +++ b/sys-apps/systemd/systemd-255.7-r1.ebuild @@ -408,7 +408,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-256.1-r3.ebuild b/sys-apps/systemd/systemd-256.1-r3.ebuild index d83d294dd3b1..6b97cce9a52e 100644 --- a/sys-apps/systemd/systemd-256.1-r3.ebuild +++ b/sys-apps/systemd/systemd-256.1-r3.ebuild @@ -432,7 +432,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-256.2.ebuild b/sys-apps/systemd/systemd-256.2.ebuild index d83d294dd3b1..6b97cce9a52e 100644 --- a/sys-apps/systemd/systemd-256.2.ebuild +++ b/sys-apps/systemd/systemd-256.2.ebuild @@ -432,7 +432,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-256.4.ebuild b/sys-apps/systemd/systemd-256.4.ebuild index d83d294dd3b1..6b97cce9a52e 100644 --- a/sys-apps/systemd/systemd-256.4.ebuild +++ b/sys-apps/systemd/systemd-256.4.ebuild @@ -432,7 +432,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-256.5.ebuild b/sys-apps/systemd/systemd-256.5.ebuild index 65993127c17e..37a10570fcd1 100644 --- a/sys-apps/systemd/systemd-256.5.ebuild +++ b/sys-apps/systemd/systemd-256.5.ebuild @@ -440,7 +440,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-256.6.ebuild b/sys-apps/systemd/systemd-256.6.ebuild index 65993127c17e..37a10570fcd1 100644 --- a/sys-apps/systemd/systemd-256.6.ebuild +++ b/sys-apps/systemd/systemd-256.6.ebuild @@ -440,7 +440,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index aa4c7f43e59a..0e8952909fb9 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -439,7 +439,11 @@ multilib_src_install_all() { keepdir /var/log/journal if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user + if use selinux; then + newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user + else + newpamd "${FILESDIR}"/systemd-user.pam systemd-user + fi fi if use kernel-install; then |