[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

On Fri, Oct 21, 2005 at 06:09:21PM +0200, Christian Perrier wrote:

> >         Oh, that's not needed. SElinux uses PAM to mediate access to
> >  the password (there is a SELinux PAM module now). So, people who want
> >  to enable SELinux on their machine have to do something like so:

> > ,----[ Add SELinux capability to the system ]
> > | if ! grep pam_selinux.so /etc/pam.d/login >& /dev/null; then
> > |     echo "" >> /etc/pam.d/login
> > |     echo "session required pam_selinux.so multiple" >> /etc/pam.d/login
> > |     echo "" >> /etc/pam.d/login
> > | fi
> > `----

> We could maybe provide this (commented) in /etc/pam.d/login....or,
> maybe better, this could go (still commented) in
> /etc/pam.d/common-session.

> Could you point me (and possibly other readers) to "not too deeply
> technical" doc about SELinux? After all, talking of something without
> actually really knowing it is pretty hard..:-)

Could someone first test whether putting this in common-session works right
for all services?

This seems like an opportune time for someone to write a config interface
for /etc/pam.d/common-*, so that we have a generally useful means of
enabling other PAM modules as well.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: