Summary: | sys-apps/systemd, sys-auth/pambase: incomplete pam config for SELinux | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Kenton Groombridge <concord> |
Component: | Current packages | Assignee: | Gentoo systemd Team <systemd> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | base-system, gentoo, onun23, sam, selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=908759 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Kenton Groombridge
2023-02-14 20:49:26 UTC
Upstream's pam config for systemd --user supports this: https://github.com/systemd/systemd/blob/main/src/login/systemd-user.in Also to note, there are other rules in upstream's config related to systemd-homed that likely should be considered. Regarding this. I changed systemd-user so that I could get proper user context when logging in. It was the only way I could get context and roles working. You might be able to get a smaller file, I doubt you need all of this. But for now, this works. Just in case someone is also looking for some fix. account include system-auth session required pam_loginuid.so session include system-auth session optional pam_systemd.so # -------------------- auth include system-auth account include system-auth password include system-auth session required pam_loginuid.so session required pam_selinux.so close session include system-auth session required pam_selinux.so open # Include additional session modules as needed session optional pam_keyinit.so force revoke session optional pam_namespace.so session optional pam_systemd.so |