Bug#664807: Please apply attached patch
Hi,
This is a 2nd version of the patch that fixes both #664807 and #677437.
Please apply it
Cheers,
Laurent Bigonville
diff -u xdm-1.1.11/debian/xdm.pam xdm-1.1.11/debian/xdm.pam
--- xdm-1.1.11/debian/xdm.pam
+++ xdm-1.1.11/debian/xdm.pam
@@ -1,6 +1,16 @@
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_env.so envfile=/etc/default/locale
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session required pam_loginuid.so
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_limits.so
@include common-auth
Reply to: