Re: buildd-tools sbuild post-etch
On Tue, Apr 10, 2007 at 08:56:51AM +0100, Roger Leigh wrote:
> Yes. PAM is used for user authentication and authorisation, and is
> integral to the operation of schroot. Given that schroot runs setuid
> root to do what it does, I would be reluctant to write an alternative
> to replace the PAM functionality, due to the potential for severe
> security problems if I make any mistakes.
> Linux-PAM did previously contain Linux kernel datatypes (for reasons
> which escape me), but TTBOMK these were removed over a year ago. Will
> it now build for you? (Some of the modules might not build or be
> useful for you, but the configure script should be able to disable
> those--though this might need adding).
The problem is unconditional use of SELinux.
Fixing PAM for non-Linux was on hold for the last half year or so due to
the etch release, I hope this will change soon (see #333141);
alternatively we could look at doing it out-of-archive ourselves.