Accepting request 755047 from Linux-PAM
OBS-URL: https://build.opensuse.org/request/show/755047 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=67
This commit is contained in:
commit
21e713f7b7
34
bsc1153630-prevent-systemd-from-calling-pam_mount.patch
Normal file
34
bsc1153630-prevent-systemd-from-calling-pam_mount.patch
Normal file
@ -0,0 +1,34 @@
|
||||
Index: pam_mount-2.16/doc/pam_mount.8.in
|
||||
===================================================================
|
||||
--- pam_mount-2.16.orig/doc/pam_mount.8.in
|
||||
+++ pam_mount-2.16/doc/pam_mount.8.in
|
||||
@@ -51,7 +51,7 @@ volumes are not allowed by the example p
|
||||
pam_mount.
|
||||
.SH PAM configuration
|
||||
.PP
|
||||
-In addition, you must include two entries in the system's applicable
|
||||
+In addition, you must include three entries in the system's applicable
|
||||
/etc/pam.d/\fIservice\fP config files, as the following example shows:
|
||||
.IP
|
||||
.nf
|
||||
@@ -64,9 +64,12 @@ In addition, you must include two entrie
|
||||
password required pam_pwdb.so shadow nullok use_authtok
|
||||
session required pam_pwdb.so
|
||||
session optional pam_console.so
|
||||
++++ session [success=1 default=ignore] pam_succeed_if.so service = systemd-user
|
||||
+++ session optional pam_mount.so
|
||||
.fi
|
||||
.PP
|
||||
+The two lines marked "session" must be kept together!
|
||||
+.PP
|
||||
When "sufficient" is used in the second column, you must make sure that
|
||||
pam_mount is added before this entry. Otherwise pam_mount will not get executed
|
||||
should a previous PAM module succeed. Also be aware of the "include"
|
||||
@@ -84,6 +87,7 @@ account sufficient pam_ldap.so
|
||||
auth required pam_mount.so
|
||||
auth sufficient pam_ldap.so use_first_pass
|
||||
auth required pam_unix.so use_first_pass
|
||||
+session [success=1 default=ignore] pam_succeed_if.so service = systemd-user
|
||||
session optional pam_mount.so
|
||||
\(bu\(bu\(bu
|
||||
.fi
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 25 08:24:18 UTC 2019 - Josef Möllers <josef.moellers@suse.com>
|
||||
|
||||
- Systemd-user must be prevented from invoking pam_mount.so in the
|
||||
"session" management group eg by invoking pam_succeed_if.so to
|
||||
skip the pam_mount entry when systemd-user is calling
|
||||
pam_{open,close}_session.
|
||||
[bsc#1153630,
|
||||
bsc1153630-prevent-systemd-from-calling-pam_mount.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Nov 17 09:18:54 UTC 2018 - Matthias Fehring <buschmann23@opensuse.org>
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -34,6 +34,7 @@ Source5: baselibs.conf
|
||||
Source6: %{name}.keyring
|
||||
Patch1: pam_mount-0.47-enable-logout-kill.dif
|
||||
Patch2: pam_mount-2.16-fix-luks2-mount.patch
|
||||
Patch3: bsc1153630-prevent-systemd-from-calling-pam_mount.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: libtool
|
||||
@ -101,6 +102,7 @@ and transparent use of the OS's crypto layer.
|
||||
%setup -q
|
||||
%patch -P 1 -p1
|
||||
%patch -P 2 -p1
|
||||
%patch -P 3 -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static --with-slibdir="/%_lib" \
|
||||
|
Loading…
Reference in New Issue
Block a user