sys-apps/systemd: call pam_selinux.so in pam config for systemd-user

Currently, systemd --user sessions get launched with the wrong context, init_t. Let's fix our pam config for systemd-user by calling pam_selinux.so with close and nottys open like upstream does. Closes: https://bugs.gentoo.org/908759 Signed-off-by: Rahul Sandhu <rahul@sandhuservices.dev> Closes: https://github.com/gentoo/gentoo/pull/38747 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
author: Rahul Sandhu <rahul@sandhuservices.dev> 2024-09-23 18:36:58 +0100
committer: Mike Gilbert <floppym@gentoo.org> 2024-09-26 15:15:20 -0400
commit: 27e8a693ee6afa4ae673f1f4625fae81b86ad86f (patch)
tree: 95863eae2011a2c5380049dd2942ba16fd4b929e /sys-apps/systemd/files
parent: media-libs/openimageio: implement an important configure fix for all versions (diff)
download: gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.gz
gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.bz2
gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/systemd-user-selinux.pam b/sys-apps/systemd/files/systemd-user-selinux.pam
new file mode 100644
index 000000000000..0d5d6beb34da
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user-selinux.pam
@@ -0,0 +1,7 @@
+account include system-auth
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so
author	Rahul Sandhu <rahul@sandhuservices.dev>	2024-09-23 18:36:58 +0100
committer	Mike Gilbert <floppym@gentoo.org>	2024-09-26 15:15:20 -0400
commit	27e8a693ee6afa4ae673f1f4625fae81b86ad86f (patch)
tree	95863eae2011a2c5380049dd2942ba16fd4b929e /sys-apps/systemd/files
parent	media-libs/openimageio: implement an important configure fix for all versions (diff)
download	gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.gz gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.tar.bz2 gentoo-27e8a693ee6afa4ae673f1f4625fae81b86ad86f.zip