Files
systemd/pam.systemd-user
Franck Bui 0f889b7e09 Build the experimental package for the mini flavor too
Some tools in the experimental sub-package cannot be disabled at compile
time. Previously, these tools were manually deleted after installation to
prevent rpmbuild from reporting unpackaged files. However, as the number of such
tools continues to grow, it's simpler to include them in the mini-experimental
sub-package.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1650
2025-08-02 12:40:37 +00:00

26 lines
979 B
Plaintext

# This file is part of systemd.
#
# Used by systemd --user instances.
# Override the default behavior of the "auth" PAM stack and don't throw a
# warning each time a user instance is started, which is the default behavior of
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
# the user instance is about to be started to allow some user services, such as
# gnome-terminal, to extend theirs credentials similar to the ones received by a
# user when he logs in (and the full PAM authentication stack is run). For some
# details, see:
#
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
# https://github.com/systemd/systemd/issues/11198
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
#
auth required pam_deny.so
account include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session