Accepting request 750684 from home:jmoellers:branches:Linux-PAM

OBS-URL: https://build.opensuse.org/request/show/750684 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam-config?expand=0&rev=95
2019-11-28 05:56:11 +00:00 · 2019-11-28 05:56:11 +00:00 · c188927471
commit c188927471
parent f575dbd834
3 changed files with 28 additions and 0 deletions
--- a/bsc1153630-prevent-systemd-pam_mount.patch
+++ b/bsc1153630-prevent-systemd-pam_mount.patch
@ -0,0 +1,17 @@
+Index: pam-config-1.2/src/mod_pam_mount.c
+===================================================================
+--- pam-config-1.2.orig/src/mod_pam_mount.c
+++ pam-config-1.2/src/mod_pam_mount.c
+@@ -135,7 +135,12 @@ write_config_mount (  pam_module_t *this
+     }
+     /* pam_thinkfinger.so is not enabled so we can safely add
+      * pam_mount.so
+     * We'll also add a line preventing systemd-user from invoking pam_mount.so as it
+     * causes problems at least when (trying) to umount a user partition as it drops privileges between
+     * opening and closing a (PAM) session.
+     * Note that this doesn't break anything if systemd is not used.
+      */
+    fprintf(fp, "session  [success=1 default=ignore]\tpam_succeed_if.so\tservice = systemd-user\n");
+     fprintf (fp, "session  optional\tpam_mount.so\n");
+   }
+   return close_service_file (fp,gl_service);
--- a/pam-config.changes
+++ b/pam-config.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Nov 25 08:02:48 UTC 2019 - Josef Möllers <josef.moellers@suse.com>
+
+- Prevent systemd-user to call pam_mount when opening/closing a
+  (PAM) session as it drops privileges in between and so when closing
+  it may be unable to undo things set up during opening.
+  [bsc#1153630, bsc1153630-prevent-systemd-pam_mount.patch]
+
 -------------------------------------------------------------------
 Fri Aug 16 17:37:33 UTC 2019 - kukuk@suse.de

--- a/pam-config.spec
+++ b/pam-config.spec
@ -24,6 +24,7 @@ License:        GPL-2.0-only
 Group:          System/Management
 URL:            https://github.com/SUSE/pam-config
 Source:         %{name}-%{version}.tar.xz
+Patch1:         bsc1153630-prevent-systemd-pam_mount.patch
 PreReq:         pam >= 1.3.0

 %description
@ -36,6 +37,8 @@ add/adjust/remove other PAM modules and their options.
 %prep
 %setup -q

+%patch1 -p1
+
 %build
 %configure
 make %{?_smp_mflags}