Bug#747303: openssh-server: Please move pam_selinux open call higher in the session PAM stack
Hi,
Please find here a 2nd version of the patch that should apply cleanly
with -6.
Could you please apply it.
Cheers,
Laurent Bigonville
diff -Nru openssh-6.6p1/debian/openssh-server.sshd.pam.in openssh-6.6p1/debian/openssh-server.sshd.pam.in
--- openssh-6.6p1/debian/openssh-server.sshd.pam.in 2014-06-28 15:36:18.000000000 +0200
+++ openssh-6.6p1/debian/openssh-server.sshd.pam.in 2014-06-29 20:51:06.000000000 +0200
@@ -21,6 +21,11 @@
# Set the loginuid process attribute.
session required pam_loginuid.so
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context. Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+
@IF_KEYINIT@# Create a new session keyring.
@IF_KEYINIT@session optional pam_keyinit.so force revoke
@@ -46,10 +51,5 @@
# /etc/default/locale, so read that as well.
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
-# SELinux needs to intervene at login time to ensure that the process starts
-# in the proper default security context. Only sessions which are intended
-# to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-
# Standard Un*x password updating.
@include common-password
Reply to: