SHA256
1
0
forked from pool/systemd
systemd/systemd-user
Dominique Leuenberger 3b90df4353 Accepting request 975732 from Base:System
- Import commit 0d950479e58dd3af007eb3780d600a5446aac519 (merge of v250.5)
  For a complete list of changes, visit:
  736db5a59f...0d950479e5

- Call pam_loginuid when creating user@.service (bsc#1198507)
  It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.

OBS-URL: https://build.opensuse.org/request/show/975732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=358
2022-05-10 13:11:21 +00:00

25 lines
933 B
Plaintext

# This file is part of systemd.
#
# Used by systemd --user instances.
# Override the default behavior of the "auth" PAM stack and don't throw a
# warning each time a user instance is started, which is the default behavior of
# the PAM stack when no auth is defined. Indeed PID1 calls pam_setcred() when
# the user instance is about to be started to allow some user services, such as
# gnome-terminal, to extend theirs credentials similar to the ones received by a
# user when he logs in (and the full PAM authentication stack is run). For some
# details, see:
#
# https://gitlab.gnome.org/GNOME/gdm/-/issues/393
# https://github.com/systemd/systemd/issues/11198
# https://bugzilla.suse.com/show_bug.cgi?id=1190515
#
auth required pam_deny.so
account include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session include common-session