diff options
| author | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
|---|---|---|
| committer | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
| commit | 937dcd7aa1aa999d9691d962d1e04a18528f4a33 (patch) | |
| tree | 1f5c274b501daf734a635b0eb36171e004b8b515 | |
| download | aur-937dcd7aa1aa999d9691d962d1e04a18528f4a33.tar.gz | |
General update: SELinux userspace & pkg renaming
| -rw-r--r-- | .SRCINFO | 31 | ||||
| -rw-r--r-- | PKGBUILD | 40 | ||||
| -rw-r--r-- | other | 5 | ||||
| -rw-r--r-- | system-auth | 16 | ||||
| -rw-r--r-- | system-local-login | 6 | ||||
| -rw-r--r-- | system-login | 23 | ||||
| -rw-r--r-- | system-remote-login | 6 | ||||
| -rw-r--r-- | system-services | 11 |
8 files changed, 138 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..b11ba183dd0c --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,31 @@ +pkgbase = pambase-selinux + pkgdesc = SELinux aware base PAM configuration for services + pkgver = 20130928 + pkgrel = 1 + url = http://www.archlinux.org + arch = any + groups = selinux + license = GPL + provides = pambase=20130928-1 + conflicts = pambase + backup = etc/pam.d/system-auth + backup = etc/pam.d/system-local-login + backup = etc/pam.d/system-login + backup = etc/pam.d/system-remote-login + backup = etc/pam.d/system-services + backup = etc/pam.d/other + source = system-auth + source = system-local-login + source = system-login + source = system-remote-login + source = system-services + source = other + md5sums = 6116b8e199a3dfd26a085a67a718435d + md5sums = 477237985820117a0e6e1b13a86eb599 + md5sums = df1a7a80ad7084404286335a44e4b754 + md5sums = 477237985820117a0e6e1b13a86eb599 + md5sums = 6969307eef026979703a6eba33c2e3eb + md5sums = 6e6c8719e5989d976a14610f340bd33a + +pkgname = pambase-selinux + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..ba9ac09aea88 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,40 @@ +# $Id$ +# Maintainer: Dave Reisner <dreisner@archlinux.org> +# SELinux Maintainer: Timothée Ravier <tim@siosm.fr> +# SELinux Contributor: Nicky726 (Nicky726 <at> gmail <dot> com) + +pkgname=pambase-selinux +pkgver=20130928 +pkgrel=1 +pkgdesc="SELinux aware base PAM configuration for services" +arch=('any') +url="http://www.archlinux.org" +license=('GPL') +groups=('selinux') +conflicts=("${pkgname/-selinux}") +provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}") +source=('system-auth' + 'system-local-login' + 'system-login' + 'system-remote-login' + 'system-services' + 'other') +backup=('etc/pam.d/system-auth' + 'etc/pam.d/system-local-login' + 'etc/pam.d/system-login' + 'etc/pam.d/system-remote-login' + 'etc/pam.d/system-services' + 'etc/pam.d/other') +md5sums=('6116b8e199a3dfd26a085a67a718435d' + '477237985820117a0e6e1b13a86eb599' + 'df1a7a80ad7084404286335a44e4b754' + '477237985820117a0e6e1b13a86eb599' + '6969307eef026979703a6eba33c2e3eb' + '6e6c8719e5989d976a14610f340bd33a') + +package() { + install -dm755 "$pkgdir/etc/pam.d" + install -m644 -t "$pkgdir/etc/pam.d" "${source[@]}" +} + +# vim:set ts=2 sw=2 et: diff --git a/other b/other new file mode 100644 index 000000000000..08498b423541 --- /dev/null +++ b/other @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so diff --git a/system-auth b/system-auth new file mode 100644 index 000000000000..2645043603f6 --- /dev/null +++ b/system-auth @@ -0,0 +1,16 @@ +#%PAM-1.0 + +auth required pam_unix.so try_first_pass nullok +auth optional pam_permit.so +auth required pam_env.so + +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so + +password required pam_unix.so try_first_pass nullok sha512 shadow +password optional pam_permit.so + +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so diff --git a/system-local-login b/system-local-login new file mode 100644 index 000000000000..347b8155b861 --- /dev/null +++ b/system-local-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/system-login b/system-login new file mode 100644 index 000000000000..94c98802dcf3 --- /dev/null +++ b/system-login @@ -0,0 +1,23 @@ +#%PAM-1.0 + +auth required pam_tally.so onerr=succeed file=/var/log/faillog +auth required pam_shells.so +auth requisite pam_nologin.so +auth include system-auth + +account required pam_access.so +account required pam_nologin.so +account include system-auth + +password include system-auth + +# pam_selinux.so close should be the first session rule +session required pam_selinux.so close +session optional pam_loginuid.so +session include system-auth +# pam_selinux.so open should only be followed by sessions to be executed in the user context +session required pam_selinux.so open +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so dir=/var/spool/mail standard quiet +-session optional pam_systemd.so +session required pam_env.so diff --git a/system-remote-login b/system-remote-login new file mode 100644 index 000000000000..347b8155b861 --- /dev/null +++ b/system-remote-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/system-services b/system-services new file mode 100644 index 000000000000..6ed9bdc1d253 --- /dev/null +++ b/system-services @@ -0,0 +1,11 @@ +#%PAM-1.0 + +auth sufficient pam_permit.so + +account include system-auth + +session optional pam_loginuid.so +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so +session required pam_env.so |