Search Criteria
Package Details: pam-selinux 1.3.1-1
| Git Clone URL: | https://aur.archlinux.org/pam-selinux.git (read-only) |
|---|---|
| Package Base: | pam-selinux |
| Description: | SELinux aware PAM (Pluggable Authentication Modules) library |
| Upstream URL: | http://linux-pam.org |
| Keywords: | selinux |
| Licenses: | |
| Groups: | |
| Conflicts: | |
| Provides: | |
| Submitter: | Siosm |
| Maintainer: | IooNag |
| Last Packager: | IooNag |
| Votes: | 21 |
| Popularity: | 0.410963 |
| First Submitted: | 2013-11-03 20:05 |
| Last Updated: | 2018-07-01 14:45 |
Dependencies (9)
- cracklib
- glibc (glibc-git)
- libselinux
- libtirpc
- pambase-selinux
- docbook-xsl (make)
- flex (flex-android, flex-git) (make)
- w3m (make)
- docbook-xml>=4.4 (make)
Required by (278)
- 389-ds-base (requires pam)
- advcp (requires pam)
- alock-git (requires pam)
- alock-git (requires pam) (optional)
- alpine-git (requires pam)
- apparmor-git (requires pam)
- away (requires pam)
- cado-git (requires pam)
- cfengine (requires pam)
- cherokee (requires pam) (make)
- cherokee-git (requires pam) (make)
- cherokee-git (requires pam) (optional)
- collabora-online-server-nodocker (requires pam)
- conserver (requires pam)
- courier-authlib (requires pam) (make)
- courier-authlib (requires pam) (optional)
- courier-mta (requires pam) (make)
- cronie-selinux
- csxlock-git (requires pam)
- cups-git (requires pam)
- cups-git (requires pam) (make)
- cups-ipp14 (requires pam)
- cups-ipp14 (requires pam) (make)
- cups-nosystemd (requires pam)
- delegate (requires pam)
- dico (requires pam)
- dropbear-hg (requires pam)
- duo_unix (requires pam)
- ejabberd-current (requires pam)
- ejabberd-git (requires pam)
- elogind (requires pam)
- exim-gnutls (requires pam)
- exim-heavy (requires pam)
- exim-heavy (requires pam) (make)
- exim-lookup-mysql (requires pam) (make)
- exim-lookup-passwd (requires pam) (make)
- exim-lookup-pgsql (requires pam) (make)
- exim-mysql (requires pam)
- frr (requires pam)
- fscrypt-git (requires pam)
- gdm-old (requires pam)
- ghidra (requires pam) (optional)
- gitea-git (requires pam) (optional)
- glitchlock (requires pam)
- globus-connect-personal (requires pam) (x86_64)
- gogs (requires pam)
- google-authenticator-libpam-git (requires pam)
- google-compute-engine (requires pam) (make)
- google-compute-engine-oslogin (requires pam)
- google-compute-engine-oslogin (requires pam) (make)
- google-compute-engine-oslogin-git (requires pam)
- hermes (requires pam)
- hermes (requires pam) (make)
- hpsmh (requires pam)
- hylafaxplus (requires pam)
- i3lock-background (requires pam)
- i3lock-blur (requires pam)
- i3lock-color (requires pam)
- i3lock-color-git (requires pam)
- i3lock-fancier-git (requires pam)
- i3lock-lixxia-git (requires pam)
- i3lock-media-keys (requires pam)
- i3lock-s3lph-git (requires pam)
- i3lock-spy (requires pam)
- inetutils-git (requires pam)
- inetutils-syslogd (requires pam)
- kwallet-pam-git (requires pam)
- lean-display-manager (requires pam)
- lib32-nss-pam-ldapd (requires pam)
- libcups-git (requires pam) (make)
- libcups-ipp14 (requires pam) (make)
- liblightdm-qt4-devel (requires pam) (make)
- liblightdm-qt4-ubuntu (requires pam) (make)
- liblightdm-qt5-devel (requires pam) (make)
- liblightdm-qt5-guest (requires pam) (make)
- liblightdm-qt5-ubuntu (requires pam) (make)
- libpam_pwdfile (requires pam)
- libpwquality-py3 (requires pam)
- libsystemd-cdown-git (requires pam) (make)
- libsystemd-eudev-standalone (requires pam) (make)
- libx32-pam (requires pam)
- lightdm-devel (requires pam)
- lightdm-devel (requires pam) (make)
- lightdm-guest (requires pam)
- lightdm-guest (requires pam) (make)
- lightdm-ubuntu (requires pam)
- lightdm-ubuntu (requires pam) (make)
- liri-shell (requires pam)
- liri-shell-git (requires pam)
- lua51-pam (requires pam)
- ly (requires pam)
- ly-git (requires pam)
- mailsync (requires pam)
- mod_authnz_pam (requires pam)
- mod_intercept_form_submit (requires pam)
- ncpfs (requires pam)
- netatalk (requires pam)
- nginx-custom (requires pam)
- nginx-custom-dev (requires pam)
- nginx-libressl (requires pam)
- nginx-mainline-libressl (requires pam)
- nginx-mainline-mod-auth_pam (requires pam)
- nodm-dgw (requires pam)
- oath-toolkit-git (requires pam)
- oddjob (requires pam)
- opendoas (requires pam)
- opendoas-git (requires pam)
- openrc (requires pam)
- openrc-git (requires pam)
- opensmtpd-git (requires pam)
- opensmtpd-libressl (requires pam)
- opensmtpd-snapshot (requires pam)
- openssh-hpn (requires pam)
- openssh-hpn-git (requires pam)
- openvpn-git (requires pam) (optional)
- openvpn-openssl-1.0 (requires pam) (optional)
- openvpn-rrf (requires pam) (optional)
- openvpn-xor-git (requires pam) (optional)
- openvpn-xor-patched (requires pam)
- otpw (requires pam)
- pacemaker (requires pam)
- pacemaker-git (requires pam)
- pacemaker1.1 (requires pam)
- pacemaker1.1-git (requires pam)
- pam-afs-session (requires pam)
- pam-cryptsetup-git (requires pam)
- pam-face-authentication (requires pam)
- pam-gnupg-git (requires pam)
- pam-pgsql-git (requires pam)
- pam-shield (requires pam)
- pam-ssh-git (requires pam)
- pam-wrapper (requires pam)
- pamtester (requires pam)
- pam_abl (requires pam)
- pam_beacon-git (requires pam)
- pam_beacon-git (requires pam) (make)
- pam_captcha (requires pam)
- pam_chroot (requires pam)
- pam_e4crypt (requires pam)
- pam_encfs (requires pam)
- pam_kwallet-git (requires pam)
- pam_mysql-git (requires pam)
- pam_p11 (requires pam)
- pam_panic (requires pam) (make)
- pam_panic-git (requires pam) (make)
- pam_rundir (requires pam)
- pam_sasl (requires pam)
- pam_ssh (requires pam)
- pam_u2f-git (requires pam)
- pam_usb (requires pam)
- paranoid-telnetd-git (requires pam)
- php-pam (requires pam)
- physlock-git (requires pam)
- physlock-issue-git (requires pam)
- pipelinedb (requires pam)
- poldi (requires pam)
- poldi-ecc-dsa-git (requires pam)
- poldi-git (requires pam)
- policycoreutils (requires pam)
- polkit-consolekit (requires pam)
- polkit-elogind (requires pam)
- polkit-git (requires pam)
- polkit-no-script-git (requires pam)
- postgresql-10 (requires pam)
- postgresql-10 (requires pam) (make)
- postgresql-1c (requires pam)
- postgresql-1c (requires pam) (make)
- postgresql-9.6 (requires pam)
- postgresql-92-upgrade (requires pam)
- postgresql-93-upgrade (requires pam)
- postgresql-94-upgrade (requires pam)
- postgresql-95-upgrade (requires pam)
- postgresql-96-upgrade (requires pam)
- postgresql-beta (requires pam)
- postgresql-docs-10 (requires pam) (make)
- postgresql-docs-1c (requires pam) (make)
- postgresql-libs-10 (requires pam) (make)
- postgresql-libs-1c (requires pam) (make)
- postgresql-lts (requires pam) (make)
- postgresql-lts (requires pam)
- postgresql-lts-docs (requires pam) (make)
- postgresql-lts-libs (requires pam) (make)
- postgresql-lts-old-upgrade (requires pam)
- postgresql-src (requires pam)
- postgresql-src-beta (requires pam)
- ppp-git (requires pam)
- proftpd (requires pam)
- pwauth (requires pam)
- pypam2-bzr (requires pam)
- python-pamela (requires pam)
- python-simplepam (requires pam)
- python-simplepam-git (requires pam)
- pyvtlock-git (requires pam)
- rstudio-desktop (requires pam) (make)
- rstudio-desktop-git (requires pam) (make)
- rstudio-server-git (requires pam) (make)
- schroot-hybris (requires pam)
- screen-git (requires pam)
- shadow-capitals (requires pam)
- shadow-libpassphrase (requires pam)
- shadow-libpassphrase (requires pam) (make)
- shadow-relaxed (requires pam)
- shadow-selinux
- shellinabox-git (requires pam)
- shifter-imagegw (requires pam)
- shifter-imagegw-git (requires pam)
- shifter-runtime (requires pam)
- shifter-runtime-git (requires pam)
- shifter-slurm-imagegw (requires pam)
- shifter-slurm-imagegw-git (requires pam)
- shifter-slurm-runtime (requires pam)
- shifter-slurm-runtime-git (requires pam)
- shubhcron (requires pam)
- simplylock-git (requires pam)
- slim-defaultsession (requires pam)
- slim-git (requires pam)
- slim-git (requires pam) (make)
- slim-synergy (requires pam)
- slim-unicode (requires pam)
- slim-xserver-ready (requires pam)
- slimlock (requires pam)
- slimlock-git (requires pam)
- slimlock-git (requires pam) (make)
- slurm-llnl (requires pam) (optional)
- slurm-llnl-dev (requires pam) (optional)
- slurm-llnl-git (requires pam) (optional)
- snapper-git (requires pam) (make)
- squid-git (requires pam)
- squid4 (requires pam)
- squid5 (requires pam)
- strongswan-nosystemd (requires pam)
- strongswan-pkcs11 (requires pam)
- sudo-hg (requires pam)
- sudo-masochist (requires pam)
- sudo-selinux
- super (requires pam)
- sway-git (requires pam)
- swaylock-delay-password-git (requires pam)
- swaylock-git (requires pam)
- sxlock-git (requires pam)
- systemd-cdown-git (requires pam)
- systemd-cdown-git (requires pam) (make)
- systemd-git (requires pam)
- systemd-git (requires pam) (make)
- systemd-libs-git (requires pam) (make)
- systemd-libs-selinux (make)
- systemd-resolvconf-cdown-git (requires pam) (make)
- systemd-resolvconf-git (requires pam) (make)
- systemd-resolvconf-selinux (make)
- systemd-selinux
- systemd-selinux (make)
- systemd-sysvcompat-cdown-git (requires pam) (make)
- systemd-sysvcompat-git (requires pam) (make)
- systemd-sysvcompat-selinux (make)
- thinkfinger (requires pam)
- tigervnc-git (requires pam)
- usermode (requires pam)
- util-linux-aes (requires pam)
- util-linux-selinux
- veyon (requires pam)
- virtualbox-guest-utils-nox-svn (requires pam)
- virtualbox-guest-utils-svn (requires pam)
- virtualbox-i3-guest-utils (requires pam)
- virtualbox51-guest-utils (requires pam)
- virtualbox51-guest-utils-nox (requires pam)
- vlock-original (requires pam)
- vlock-original-noroot (requires pam)
- wdm (requires pam)
- xlockless (requires pam)
- xlsh-without-x (requires pam)
- xorg-xdm-git (requires pam)
- xorg-xdm-xlogin (requires pam)
- xorg-xdm-xlogin-git (requires pam)
- xscreensaver-arch-logo-nogdm (requires pam)
- xscreensaver-hacks (requires pam)
- xsecurelock-git (requires pam)
- yubico-pam-git (requires pam)
- zarafa-server (requires pam)
Latest Comments
1 2 3 4 5 Next › Last »
JoSSa commented on 2019-03-19 12:17
Yes, using 4.20.16.a-1-hardened. I have not been using linux-selinux anymore.
IooNag commented on 2019-03-17 14:19
JoSSa: which kernel are you using? On the virtual machine that I am using for tests, "passwd vagrant" works fine with linux-selinux (4.19.9.arch1-1) but not with linux-hardened (version 4.20.16.a-1-hardened). On this second kernel:
strace -e execve -f -s1024 passwd vagrant
execve("/usr/bin/passwd", ["passwd", "vagrant"], 0x7a1596282228 / 33 vars /) = 0 strace: Process 422 attached [pid 422] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "nullok"], 0x63ffd6b553e0 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 422] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGSEGV, si_utime=3, si_stime=14} --- strace: Process 423 attached [pid 423] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "chkexpiry"], 0x63ffd6b513a8 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 423] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGSEGV, si_utime=1, si_stime=15} --- passwd: Authentication failure passwd: password unchanged +++ exited with 10 +++
What could make execve() syscall return ENOMEM?
JoSSa commented on 2019-03-02 03:56
Successfully compiled. But when I use "passwd <someuser>" as root, I get:
passwd: Authentication failure passwd: password unchanged
even in selinux permissive mode. In the log file the error is (XXXX is my machine hostname):
Mar 01 22:46:23 XXXXX audit[1065]: ANOM_ABEND auid=1000 uid=0 gid=0 ses=3 subj=staff_u:staff_r:chkpwd_t:s0 pid=1065 comm="unix_chkpwd" exe="/usr/bin/unix_chkpwd" sig=11 res=1 Mar 01 22:46:23 XXXXX passwd[1063]: pam_unix(passwd:chauthtok): unix_chkpwd abnormal exit: 11
IooNag commented on 2019-02-23 08:42
@larrybowgensloth I successfully build the package today. What error have you got? Could you try building Arch Linux's official pam package?
larrybowgensloth commented on 2019-02-23 01:17
Sadly this doesn't compile anymore.
Siosm commented on 2014-01-02 21:49
Renamed to pam-selinux
skorgon commented on 2013-05-11 17:01
I can confirm, the updated release fixes the issue.
Nicky726 commented on 2013-05-11 15:16
I upgraded the package, so that it is now based on version 1.1.6-3 currently in [core]. I can log in without problems now. It seems to me, that a rebuild was needed due to libtirpc upgrade.
skorgon commented on 2013-05-11 05:42
This package and/or selinux-pam-base just prevented me from login to my system (gfx + tty).
journal with selinux-pam + selinux-pam-base
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: pam_unix(kde:session): session opened for user skorgon by (uid=0)
May 10 22:11:34 skorgonTP systemd-logind[329]: New session 1 of user skorgon.
May 10 22:11:34 skorgonTP systemd-logind[329]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: pam_open_session() for skorgon failed: Module is unknown
May 10 22:11:34 skorgonTP kdm[388]: :0[388]: Client start failed
May 10 20:42:45 skorgonTP login[340]: PAM unable to dlopen(/usr/lib/security/pam_unix.so): /usr/lib/security/pam_unix.so: undefined symbol: log_debug
May 10 20:42:45 skorgonTP login[340]: PAM adding faulty module: /usr/lib/security/pam_unix.so
May 10 20:42:45 skorgonTP login[340]: FAILED LOGIN SESSION FROM tty1 FOR root, Module is unknown
journal with stock pam + selinux-pam-base:
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_unix(kde:session): session opened for user skorgon by (uid=0)
May 10 22:11:39 skorgonTP systemd-logind[329]: New session 2 of user skorgon.
May 10 22:11:39 skorgonTP systemd-logind[329]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display.
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_open_session() for skorgon failed: Module is unknown
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: Client start failed
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_unix(kde:session): session closed for user skorgon
May 10 22:11:39 skorgonTP kdm[502]: :0[502]: pam_close_session() failed: Module is unknown
May 10 22:11:39 skorgonTP systemd-logind[329]: Removed session 2.
May 10 22:11:41 skorgonTP dhclient[493]: XMT: Solicit on wlp3s0, interval 8110ms.
May 10 22:11:41 skorgonTP dhclient[493]: RCV: Advertise message on wlp3s0 from fe80::1e14:48ff:fe5f:1a20.
May 10 22:11:41 skorgonTP dhclient[493]: message status code NoAddrsAvail: "No addresses available for this interface."
May 10 22:11:44 skorgonTP login[336]: PAM unable to dlopen(/usr/lib/security/pam_selinux.so): /usr/lib/security/pam_selinux.so: cannot open shared object file: No such file or directory
May 10 22:11:44 skorgonTP login[336]: PAM adding faulty module: /usr/lib/security/pam_selinux.so
May 10 22:11:47 skorgonTP login[336]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
May 10 22:11:47 skorgonTP systemd-logind[329]: New session 3 of user root.
May 10 22:11:47 skorgonTP login[336]: Module is unknown
xangelux commented on 2013-02-25 16:13
it seems that the file contains that functions and it complains about re-defining a functions as well as getting the function parameters wrong, so I assume the function was added to the selinux packages with the correct parameters so I deleted the function and it builded properly. As I read pam_unix2 is in charge of checking the password in shadow and passwd so if it doesn't work anybody could notice in a sudo, su or even a login (I assume). Not sure if I'm correct but so far I'm ussing that hack and nothing has gone wrong. I'm considering reporting it as a bug to arch devs.