systemd/systemd-user

25 lines
933 B
Plaintext
Raw Normal View History

# This file is part of systemd.
#
# Used by systemd --user instances.
# Override the default behavior of the "auth" PAM stack and don't throw a
# warning each time a user instance is started, which is the default behavior of
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
# the user instance is about to be started to allow some user services, such as
# gnome-terminal, to extend theirs credentials similar to the ones received by a
# user when he logs in (and the full PAM authentication stack is run). For some
# details, see:
Accepting request 925519 from Base:System - Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d - Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46 3b4a005095 meson: add missing include directory when using xkbcommon 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Ghost own directories /var/log/journal and /var/log/journal/remote again rpmlint no more complain about the setgid bit, see sr#923496. - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw OBS-URL: https://build.opensuse.org/request/show/925519 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=338
2021-10-20 20:22:38 +02:00
#
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
# https://github.com/systemd/systemd/issues/11198
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
Accepting request 925519 from Base:System - Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d - Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46 3b4a005095 meson: add missing include directory when using xkbcommon 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Ghost own directories /var/log/journal and /var/log/journal/remote again rpmlint no more complain about the setgid bit, see sr#923496. - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw OBS-URL: https://build.opensuse.org/request/show/925519 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=338
2021-10-20 20:22:38 +02:00
#
auth required pam_deny.so
Accepting request 925519 from Base:System - Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d - Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46 3b4a005095 meson: add missing include directory when using xkbcommon 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Ghost own directories /var/log/journal and /var/log/journal/remote again rpmlint no more complain about the setgid bit, see sr#923496. - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw OBS-URL: https://build.opensuse.org/request/show/925519 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=338
2021-10-20 20:22:38 +02:00
account include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
Accepting request 925519 from Base:System - Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d - Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46 3b4a005095 meson: add missing include directory when using xkbcommon 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Ghost own directories /var/log/journal and /var/log/journal/remote again rpmlint no more complain about the setgid bit, see sr#923496. - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw OBS-URL: https://build.opensuse.org/request/show/925519 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=338
2021-10-20 20:22:38 +02:00
session include common-session