aboutsummaryrefslogtreecommitdiff
path: root/package
diff options
context:
space:
mode:
authorGravatar Thomas Petazzoni <thomas.petazzoni@free-electrons.com>2016-12-06 21:27:03 +0100
committerGravatar Thomas Petazzoni <thomas.petazzoni@free-electrons.com>2017-01-25 23:05:20 +1300
commitbe9157e1c060ef2ed1c358ee445e610e892c972b (patch)
tree7849153da9ba7c9f55f45a58dce7781b3ed63c85 /package
parentcccaf5e046dedcda481e818752b07c6593cbeeb9 (diff)
downloadbuildroot-be9157e1c060ef2ed1c358ee445e610e892c972b.tar.gz
buildroot-be9157e1c060ef2ed1c358ee445e610e892c972b.tar.bz2
linux-pam: adjust login pam file for SELinux
When SELinux support is enabled, the login pam file installed by linux-pam should be adjusted to use the pam_selinux.so module. To achieve this in a reasonably simple manner, we introduce the SELinux related lines in login.pam as comments, and if SELinux support is enabled, turn those commented lines into real lines. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Tested-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package')
-rw-r--r--package/linux-pam/linux-pam.mk5
-rw-r--r--package/linux-pam/login.pam2
2 files changed, 7 insertions, 0 deletions
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 6ce3839edc..c8ba30f74d 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -29,6 +29,10 @@ endif
ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
LINUX_PAM_CONF_OPTS += --enable-selinux
LINUX_PAM_DEPENDENCIES += libselinux
+define LINUX_PAM_SELINUX_PAMFILE_TWEAK
+ $(SED) 's/^# \(.*pam_selinux.so.*\)$$/\1/' \
+ $(TARGET_DIR)/etc/pam.d/login
+endef
else
LINUX_PAM_CONF_OPTS += --disable-selinux
endif
@@ -46,6 +50,7 @@ define LINUX_PAM_INSTALL_CONFIG
$(TARGET_DIR)/etc/pam.d/login
$(INSTALL) -m 0644 -D package/linux-pam/other.pam \
$(TARGET_DIR)/etc/pam.d/other
+ $(LINUX_PAM_SELINUX_PAMFILE_TWEAK)
endef
LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
diff --git a/package/linux-pam/login.pam b/package/linux-pam/login.pam
index 01f56324da..5df7db628c 100644
--- a/package/linux-pam/login.pam
+++ b/package/linux-pam/login.pam
@@ -4,7 +4,9 @@ account required pam_unix.so
password required pam_unix.so nullok
+# session required pam_selinux.so close
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_lastlog.so
+# session required pam_selinux.so open