Accepting request 37315 from home:thomasbiege:branches:security:SELinux

Copy from home:thomasbiege:branches:security:SELinux/libselinux via accept of submit request 37315 revision 2. Request was accepted with message: ok OBS-URL: https://build.opensuse.org/request/show/37315 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=30
2010-04-08 08:06:15 +00:00 · 2010-04-08 08:06:15 +00:00 · 84260a568e
commit 84260a568e
parent 56b6dc1745
2 changed files with 42 additions and 1 deletions
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Apr  8 06:37:34 UTC 2010 - thomas@novell.com
+
+- selinux-ready: added functions for checking PAM config and
+                 policy boolean init_upstart 
+
 -------------------------------------------------------------------
 Wed Apr  7 13:26:59 UTC 2010 - thomas@novell.com

--- a/37
+++ b/37
@ -97,6 +97,41 @@ check_mkinitrd()
 	fi
 }

+check_pam()
+{
+	AA_PAM=0
+	SE_PAM=0
+
+	# test for AA pam module
+	grep apparmor /etc/pam.d/* 2>&1 >/dev/null
+	FLG=$?
+	if [ $FLG == 0 ]; then
+		AA_PAM=1
+	fi
+
+	# test for SELinux pam module
+	grep selinux /etc/pam.d/* 2>&1 >/dev/null
+	FLG=$?
+	if [ $FLG == 0 ]; then
+		SE_PAM=1
+	fi
+
+	# suggest config
+	if [ $SE_PAM == 1 ] && [ $AA_PAM == 0 ]; then
+		printf "\tcheck_pam: OK. Your PAM configuration seems to be correct.\n"
+		return 0
+	fi
+		printf "\tcheck_pam: ERR. Your PAM configuration seems to be incorrect.\n"
+	if [ $AA_PAM == 1 ]; then
+		printf "             execute 'pam-config -d --apparmor' as root\n"
+	fi
+	if [ $SE_PAM == 0 ]; then
+		printf "             execute 'pam-config -a --selinux' as root\n"
+	fi
+
+	return 1
+}
+
 check_initupstart()
 {
 	CFGFILE="/etc/selinux/config"
@ -175,6 +210,6 @@ check_mkinitrd
 check_packages
 check_config
 check_initupstart
+check_pam

 rm -rf $TD
-#echo $TD