Package Details: pam-selinux 1.3.1-1

Git Clone URL: https://aur.archlinux.org/pam-selinux.git (read-only)
Package Base: pam-selinux
Description: SELinux aware PAM (Pluggable Authentication Modules) library
Upstream URL: http://linux-pam.org
Keywords: selinux
Licenses: GPL2
Groups: selinux
Conflicts: pam, selinux-pam
Provides: pam=1.3.1-1, selinux-pam=1.3.1-1
Submitter: Siosm
Maintainer: IooNag
Last Packager: IooNag
Votes: 21
Popularity: 0.031962
First Submitted: 2013-11-03 20:05
Last Updated: 2018-07-01 14:45

Required by (283)

Sources (2)

Latest Comments

1 2 3 4 5 Next › Last »

JoSSa commented on 2019-03-19 12:17

Yes, using 4.20.16.a-1-hardened. I have not been using linux-selinux anymore.

IooNag commented on 2019-03-17 14:19

JoSSa: which kernel are you using? On the virtual machine that I am using for tests, "passwd vagrant" works fine with linux-selinux (4.19.9.arch1-1) but not with linux-hardened (version 4.20.16.a-1-hardened). On this second kernel:

strace -e execve -f -s1024 passwd vagrant

execve("/usr/bin/passwd", ["passwd", "vagrant"], 0x7a1596282228 / 33 vars /) = 0 strace: Process 422 attached [pid 422] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "nullok"], 0x63ffd6b553e0 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 422] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGSEGV, si_utime=3, si_stime=14} --- strace: Process 423 attached [pid 423] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "chkexpiry"], 0x63ffd6b513a8 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 423] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGSEGV, si_utime=1, si_stime=15} --- passwd: Authentication failure passwd: password unchanged +++ exited with 10 +++

What could make execve() syscall return ENOMEM?

JoSSa commented on 2019-03-02 03:56

Successfully compiled. But when I use "passwd <someuser>" as root, I get:

passwd: Authentication failure passwd: password unchanged

even in selinux permissive mode. In the log file the error is (XXXX is my machine hostname):

Mar 01 22:46:23 XXXXX audit[1065]: ANOM_ABEND auid=1000 uid=0 gid=0 ses=3 subj=staff_u:staff_r:chkpwd_t:s0 pid=1065 comm="unix_chkpwd" exe="/usr/bin/unix_chkpwd" sig=11 res=1 Mar 01 22:46:23 XXXXX passwd[1063]: pam_unix(passwd:chauthtok): unix_chkpwd abnormal exit: 11

IooNag commented on 2019-02-23 08:42

@larrybowgensloth I successfully build the package today. What error have you got? Could you try building Arch Linux's official pam package?

larrybowgensloth commented on 2019-02-23 01:17

Sadly this doesn't compile anymore.

Siosm commented on 2014-01-02 21:49

Renamed to pam-selinux

skorgon commented on 2013-05-11 17:01

I can confirm, the updated release fixes the issue.

Nicky726 commented on 2013-05-11 15:16

I upgraded the package, so that it is now based on version 1.1.6-3 currently in [core]. I can log in without problems now. It seems to me, that a rebuild was needed due to libtirpc upgrade.

skorgon commented on 2013-05-11 05:42

This package and/or selinux-pam-base just prevented me from login to my system (gfx + tty).

journal with selinux-pam + selinux-pam-base
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: pam_unix(kde:session): session opened for user skorgon by (uid=0)
May 10 22:11:34 skorgonTP systemd-logind[329]: New session 1 of user skorgon.
May 10 22:11:34 skorgonTP systemd-logind[329]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: pam_open_session() for skorgon failed: Module is unknown
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: Client start failed

May 10 20:42:45 skorgonTP login[340]: PAM unable to dlopen(/usr/lib/security/pam_unix.so): /usr/lib/security/pam_unix.so: undefined symbol: log_debug
May 10 20:42:45 skorgonTP login[340]: PAM adding faulty module: /usr/lib/security/pam_unix.so
May 10 20:42:45 skorgonTP login[340]: FAILED LOGIN SESSION FROM tty1 FOR root, Module is unknown

journal with stock pam + selinux-pam-base:
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_unix(kde:session): session opened for user skorgon by (uid=0)
May 10 22:11:39 skorgonTP systemd-logind[329]: New session 2 of user skorgon.
May 10 22:11:39 skorgonTP systemd-logind[329]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_open_session() for skorgon failed: Module is unknown
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: Client start failed
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_unix(kde:session): session closed for user skorgon
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_close_session() failed: Module is unknown
May 10 22:11:39 skorgonTP systemd-logind[329]: Removed session 2.
May 10 22:11:41 skorgonTP dhclient[493]: XMT: Solicit on wlp3s0, interval 8110ms.
May 10 22:11:41 skorgonTP dhclient[493]: RCV: Advertise message on wlp3s0 from fe80::1e14:48ff:fe5f:1a20.
May 10 22:11:41 skorgonTP dhclient[493]: message status code NoAddrsAvail: "No addresses available for this interface."
May 10 22:11:44 skorgonTP login[336]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:44 skorgonTP login[336]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:47 skorgonTP login[336]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 10 22:11:47 skorgonTP systemd-logind[329]: New session 3 of user root.
May 10 22:11:47 skorgonTP login[336]: Module is unknown

xangelux commented on 2013-02-25 16:13

it seems that the file contains that functions and it complains about re-defining a functions as well as getting the function parameters wrong, so I assume the function was added to the selinux packages with the correct parameters so I deleted the function and it builded properly. As I read pam_unix2 is in charge of checking the password in shadow and passwd so if it doesn't work anybody could notice in a sudo, su or even a login (I assume). Not sure if I'm correct but so far I'm ussing that hack and nothing has gone wrong. I'm considering reporting it as a bug to arch devs.