[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buildd-tools sbuild post-etch

On Tue, Apr 10, 2007 at 08:56:51AM +0100, Roger Leigh wrote:
> Yes.  PAM is used for user authentication and authorisation, and is
> integral to the operation of schroot.  Given that schroot runs setuid
> root to do what it does, I would be reluctant to write an alternative
> to replace the PAM functionality, due to the potential for severe
> security problems if I make any mistakes.
> 
> Linux-PAM did previously contain Linux kernel datatypes (for reasons
> which escape me), but TTBOMK these were removed over a year ago.  Will
> it now build for you?  (Some of the modules might not build or be
> useful for you, but the configure script should be able to disable
> those--though this might need adding).

The problem is unconditional use of SELinux.

Fixing PAM for non-Linux was on hold for the last half year or so due to
the etch release, I hope this will change soon (see #333141);
alternatively we could look at doing it out-of-archive ourselves.


Michael
Reply to: