Bug#664807: Please apply attached patch

To: 664807@bugs.debian.org, 677437@bugs.debian.org
Subject: Bug#664807: Please apply attached patch
From: Laurent Bigonville <bigon@debian.org>
Date: Sun, 29 Jun 2014 21:31:13 +0200
Message-id: <[🔎] 20140629213113.79abf1fa@fornost.bigon.be>
Reply-to: Laurent Bigonville <bigon@debian.org>, 664807@bugs.debian.org

Hi,

This is a 2nd version of the patch that fixes both #664807 and #677437.

Please apply it

Cheers,

Laurent Bigonville

diff -u xdm-1.1.11/debian/xdm.pam xdm-1.1.11/debian/xdm.pam
--- xdm-1.1.11/debian/xdm.pam
+++ xdm-1.1.11/debian/xdm.pam
@@ -1,6 +1,16 @@
 auth		requisite	pam_nologin.so
 auth		required	pam_env.so
 auth		required	pam_env.so envfile=/etc/default/locale
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without this it is possible 
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+session required        pam_loginuid.so
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
 session		required	pam_limits.so
 
 @include common-auth

Reply to:

Prev by Date: Bug#753192: mesa-demos: FTBFS: drawtex.c:34: undefined reference to `glDrawTexfOES'
Next by Date: Processed: tagging 677437
Previous by thread: Bug#753192: mesa-demos: FTBFS: drawtex.c:34: undefined reference to `glDrawTexfOES'
Next by thread: Processed: tagging 677437
Index(es):
- Date
- Thread