Sync from SUSE:ALP:Source:Standard:1.0 cockpit revision 57cd5108d81260cbd768c1222ac425f6

2024-03-05 18:01:43 +01:00 · 2024-03-05 18:01:43 +01:00 · 74aac16263
commit 74aac16263
parent f6e420f736
2 changed files with 11 additions and 1 deletions
--- a/cockpit.changes
+++ b/cockpit.changes
@ -1,8 +1,16 @@
 -------------------------------------------------------------------
-Wed Feb 28 16:00:00 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+Mon Mar  4 13:24:23 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- cockpit.pam: respect /etc/cockpit/disallowed-users
+  This means by default root cannot login with password to cockpit
+  (bsc#1216080)
+
+-------------------------------------------------------------------
+Thu Feb 29 16:40:06 UTC 2024 - Cathy Hu <cathy.hu@suse.com>

 - Remove SELinux file context for /usr/bin/cockpit-bridge, this
  is already defined in the main selinux-policy package (bsc#1220385).
+  Modified selinux_libdir.patch

 -------------------------------------------------------------------
 Thu Feb 15 12:21:55 UTC 2024 - Adam Majer <adam.majer@suse.de>
--- a/cockpit.pam
+++ b/cockpit.pam
@ -1,5 +1,7 @@
 #%PAM-1.0
 auth substack common-auth
+# List of users to deny access to Cockpit, by default root is included.
+auth    required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
 account required pam_nologin.so
 account include common-account
 password include common-password