diff options
author | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
---|---|---|
committer | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
commit | 53303e38c42fac949cf01c2b9e8c28e5da32124d (patch) | |
tree | 188c3c063776612e13bd9ff2d7bb5590bf05d130 | |
download | aur-53303e38c42fac949cf01c2b9e8c28e5da32124d.tar.gz |
General update: SELinux userspace & pkg renaming
-rw-r--r-- | .SRCINFO | 42 | ||||
-rw-r--r-- | PKGBUILD | 79 | ||||
-rw-r--r-- | other | 5 | ||||
-rw-r--r-- | pam_unix2-glibc216.patch | 20 | ||||
-rw-r--r-- | pam_unix2-rm_selinux_check_access.patch | 54 |
5 files changed, 200 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..cd4d3adb17ab --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,42 @@ +pkgbase = pam-selinux + pkgdesc = SELinux aware PAM (Pluggable Authentication Modules) library + pkgver = 1.1.8 + pkgrel = 2 + url = http://www.kernel.org/pub/linux/libs/pam/ + arch = i686 + arch = x86_64 + groups = selinux + license = GPL2 + makedepends = flex + makedepends = w3m + makedepends = docbook-xml>=4.4 + makedepends = docbook-xsl + depends = glibc + depends = db + depends = cracklib + depends = libtirpc + depends = pambase + depends = libselinux + provides = pam=1.1.8-2 + conflicts = pam + options = !emptydirs + backup = etc/security/access.conf + backup = etc/security/group.conf + backup = etc/security/limits.conf + backup = etc/security/namespace.conf + backup = etc/security/namespace.init + backup = etc/security/pam_env.conf + backup = etc/security/time.conf + backup = etc/default/passwd + backup = etc/environment + source = https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.8.tar.bz2 + source = ftp://ftp.archlinux.org/other/pam_unix2/pam_unix2-2.9.1.tar.bz2 + source = pam_unix2-glibc216.patch + source = pam_unix2-rm_selinux_check_access.patch + md5sums = 35b6091af95981b1b2cd60d813b5e4ee + md5sums = da6a46e5f8cd3eaa7cbc4fc3a7e2b555 + md5sums = dac109f68e04a4df37575fda6001ea17 + md5sums = 6a0a6bb6f6f249ef14f6b21ab9880916 + +pkgname = pam-selinux + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..263b7e28bcda --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,79 @@ +# $Id$ +# Maintainer: Tobias Powalowski <tpowa@archlinux.org> +# Contributor: judd <jvinet@zeroflux.org> +# SELinux Maintainer: Timothée Ravier <tim@siosm.fr> +# SELinux Contributor: Nicky726 <nicky726@gmail.com> + +pkgname=pam-selinux +pkgver=1.1.8 +pkgrel=2 +pkgdesc="SELinux aware PAM (Pluggable Authentication Modules) library" +arch=('i686' 'x86_64') +license=('GPL2') +url="http://www.kernel.org/pub/linux/libs/pam/" +depends=('glibc' 'db' 'cracklib' 'libtirpc' 'pambase' 'libselinux') +makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl') +conflicts=("${pkgname/-selinux}") +provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}") +backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf} + etc/default/passwd + etc/environment) +groups=('selinux') +source=(https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-$pkgver.tar.bz2 + #http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-$pkgver.tar.bz2 + ftp://ftp.archlinux.org/other/pam_unix2/pam_unix2-2.9.1.tar.bz2 + pam_unix2-glibc216.patch + pam_unix2-rm_selinux_check_access.patch) +options=('!emptydirs') +md5sums=('35b6091af95981b1b2cd60d813b5e4ee' + 'da6a46e5f8cd3eaa7cbc4fc3a7e2b555' + 'dac109f68e04a4df37575fda6001ea17' + '6a0a6bb6f6f249ef14f6b21ab9880916') + +build() { + cd $srcdir/Linux-PAM-$pkgver + ./configure --libdir=/usr/lib --sbindir=/usr/bin --enable-selinux + make + + cd $srcdir/pam_unix2-2.9.1 + patch -Np1 -i ../pam_unix2-glibc216.patch + patch -Np1 -i ../pam_unix2-rm_selinux_check_access.patch + + # modify flags to build against the pam compiled here, not a system lib. + ./configure \ + CFLAGS="$CFLAGS -I$srcdir/Linux-PAM-$pkgver/libpam/include/" \ + LDFLAGS="$LDFLAGS -L$srcdir/Linux-PAM-$pkgver/libpam/.libs/" \ + --libdir=/usr/lib \ + --sbindir=/usr/bin + make +} + +package() { + cd $srcdir/Linux-PAM-$pkgver + make DESTDIR=$pkgdir SCONFIGDIR=/etc/security install + + # build pam_unix2 module + # source ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2 + cd $srcdir/pam_unix2-2.9.1 + make DESTDIR=$pkgdir install + + # add the realtime permissions for audio users + sed -i 's|# End of file||' $pkgdir/etc/security/limits.conf + cat >>$pkgdir/etc/security/limits.conf <<_EOT +* - rtprio 0 +* - nice 0 +@audio - rtprio 65 +@audio - nice -10 +@audio - memlock 40000 +_EOT + + # fix some missing symlinks from old pam for compatibility + cd $pkgdir/usr/lib/security + ln -s pam_unix.so pam_unix_acct.so + ln -s pam_unix.so pam_unix_auth.so + ln -s pam_unix.so pam_unix_passwd.so + ln -s pam_unix.so pam_unix_session.so + + # set unix_chkpwd uid + chmod +s $pkgdir/usr/bin/unix_chkpwd +} diff --git a/other b/other new file mode 100644 index 000000000000..08498b423541 --- /dev/null +++ b/other @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so diff --git a/pam_unix2-glibc216.patch b/pam_unix2-glibc216.patch new file mode 100644 index 000000000000..faa6a235f6ac --- /dev/null +++ b/pam_unix2-glibc216.patch @@ -0,0 +1,20 @@ +Index: pam_unix2-2.9.1/src/read-files.c +=================================================================== +--- pam_unix2-2.9.1.orig/src/read-files.c ++++ pam_unix2-2.9.1/src/read-files.c +@@ -30,8 +30,14 @@ + #include <errno.h> + #include <fcntl.h> + #include <nss.h> +-#include <bits/libc-lock.h> ++#include <pthread.h> + #define __libc_lock_t pthread_mutex_t ++#define __libc_lock_define_initialized(CLASS,NAME) \ ++ CLASS __libc_lock_t NAME = PTHREAD_MUTEX_INITIALIZER; ++#define __libc_lock_lock(NAME) \ ++ pthread_mutex_lock, (&(NAME)) ++#define __libc_lock_unlock(NAME) \ ++ pthread_mutex_unlock, (&(NAME)) + + #include "read-files.h" + diff --git a/pam_unix2-rm_selinux_check_access.patch b/pam_unix2-rm_selinux_check_access.patch new file mode 100644 index 000000000000..054874610099 --- /dev/null +++ b/pam_unix2-rm_selinux_check_access.patch @@ -0,0 +1,54 @@ +diff -aur pam_unix2-2.9.1/src/public.h pam_unix2-2.9.1.new/src/public.h +--- pam_unix2-2.9.1/src/public.h 2008-09-26 16:29:54.000000000 +0200 ++++ pam_unix2-2.9.1.new/src/public.h 2013-02-25 11:10:12.269979021 +0100 +@@ -97,8 +97,6 @@ + #endif + + #ifdef WITH_SELINUX +-extern int selinux_check_access (const char *__chuser, +- unsigned int __access); + extern int set_default_context (pam_handle_t *pamh, + const char *filename, + char **prev_context); +diff -aur pam_unix2-2.9.1/src/selinux_utils.c pam_unix2-2.9.1.new/src/selinux_utils.c +--- pam_unix2-2.9.1/src/selinux_utils.c 2006-01-13 11:49:46.000000000 +0100 ++++ pam_unix2-2.9.1.new/src/selinux_utils.c 2013-02-25 11:10:41.056709132 +0100 +@@ -38,38 +38,6 @@ + #include "public.h" + + int +-selinux_check_access (const char *chuser, unsigned int access) +-{ +- int status = -1; +- security_context_t user_context; +- +- if (getprevcon (&user_context) == 0) +- { +- context_t c = context_new (user_context); +- const char *user = context_user_get (c); +- +- if (strcmp (chuser, user) == 0) +- status = 0; +- else +- { +- struct av_decision avd; +- int retval = security_compute_av (user_context, +- user_context, +- SECCLASS_PASSWD, +- access, +- &avd); +- +- if ((retval == 0) && +- ((access & avd.allowed) == access)) +- status = 0; +- } +- context_free (c); +- freecon (user_context); +- } +- return status; +-} +- +-int + set_default_context (pam_handle_t *pamh, const char *filename, + char **prev_context) + { |