- cockpit.pam: respect /etc/cockpit/disallowed-users

This means by default root cannot login with password to cockpit (bsc#1216080) - Remove SELinux file context for /usr/bin/cockpit-bridge, this is already defined in the main selinux-policy package (bsc#1220385). Modified selinux_libdir.patch OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=165
2024-03-04 13:33:34 +00:00 · 2024-03-04 13:33:34 +00:00 · 30d7523ce5
commit 30d7523ce5
parent 7212aea48d
2 changed files with 10 additions and 0 deletions
--- a/cockpit.changes
+++ b/cockpit.changes
@ -1,8 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar  4 13:24:23 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- cockpit.pam: respect /etc/cockpit/disallowed-users
+  This means by default root cannot login with password to cockpit
+  (bsc#1216080)
+
 -------------------------------------------------------------------
 Thu Feb 29 16:40:06 UTC 2024 - Cathy Hu <cathy.hu@suse.com>

 - Remove SELinux file context for /usr/bin/cockpit-bridge, this
  is already defined in the main selinux-policy package (bsc#1220385).
+  Modified selinux_libdir.patch

 -------------------------------------------------------------------
 Thu Feb 15 12:21:55 UTC 2024 - Adam Majer <adam.majer@suse.de>
--- a/cockpit.pam
+++ b/cockpit.pam
@ -1,5 +1,7 @@
 #%PAM-1.0
 auth substack common-auth
+# List of users to deny access to Cockpit, by default root is included.
+auth    required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
 account required pam_nologin.so
 account include common-account
 password include common-password