[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Mike Gilbert" <floppym@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/
Date: Thu, 26 Sep 2024 19:15:27 +0000 (UTC)	[thread overview]
Message-ID: <1727378120.27e8a693ee6afa4ae673f1f4625fae81b86ad86f.floppym@gentoo> (raw)

commit:     27e8a693ee6afa4ae673f1f4625fae81b86ad86f
Author:     Rahul Sandhu <rahul <AT> sandhuservices <DOT> dev>
AuthorDate: Mon Sep 23 17:36:58 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Sep 26 19:15:20 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27e8a693

sys-apps/systemd: call pam_selinux.so in pam config for systemd-user

Currently, systemd --user sessions get launched with the wrong context,
init_t. Let's fix our pam config for systemd-user by calling
pam_selinux.so with close and nottys open like upstream does.

Closes: https://bugs.gentoo.org/908759
Signed-off-by: Rahul Sandhu <rahul <AT> sandhuservices.dev>
Closes: https://github.com/gentoo/gentoo/pull/38747
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 sys-apps/systemd/files/systemd-user-selinux.pam | 7 +++++++
 sys-apps/systemd/systemd-254.13.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-254.16.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-254.17.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-254.18.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-255.10.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-255.11.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-255.12.ebuild          | 6 +++++-
 sys-apps/systemd/systemd-255.7-r1.ebuild        | 6 +++++-
 sys-apps/systemd/systemd-256.1-r3.ebuild        | 6 +++++-
 sys-apps/systemd/systemd-256.2.ebuild           | 6 +++++-
 sys-apps/systemd/systemd-256.4.ebuild           | 6 +++++-
 sys-apps/systemd/systemd-256.5.ebuild           | 6 +++++-
 sys-apps/systemd/systemd-256.6.ebuild           | 6 +++++-
 sys-apps/systemd/systemd-9999.ebuild            | 6 +++++-
 15 files changed, 77 insertions(+), 14 deletions(-)

diff --git a/sys-apps/systemd/files/systemd-user-selinux.pam b/sys-apps/systemd/files/systemd-user-selinux.pam
new file mode 100644
index 000000000000..0d5d6beb34da
--- /dev/null
+++ b/sys-apps/systemd/files/systemd-user-selinux.pam
@@ -0,0 +1,7 @@
+account include system-auth
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session include system-auth
+session optional pam_systemd.so

diff --git a/sys-apps/systemd/systemd-254.13.ebuild b/sys-apps/systemd/systemd-254.13.ebuild
index b03afeebbbe9..44b91c0ed762 100644
--- a/sys-apps/systemd/systemd-254.13.ebuild
+++ b/sys-apps/systemd/systemd-254.13.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use split-usr; then

diff --git a/sys-apps/systemd/systemd-254.16.ebuild b/sys-apps/systemd/systemd-254.16.ebuild
index 3c99d5286da8..2e0de48f21dc 100644
--- a/sys-apps/systemd/systemd-254.16.ebuild
+++ b/sys-apps/systemd/systemd-254.16.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use split-usr; then

diff --git a/sys-apps/systemd/systemd-254.17.ebuild b/sys-apps/systemd/systemd-254.17.ebuild
index 6948d7750c89..deb2c7187296 100644
--- a/sys-apps/systemd/systemd-254.17.ebuild
+++ b/sys-apps/systemd/systemd-254.17.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use split-usr; then

diff --git a/sys-apps/systemd/systemd-254.18.ebuild b/sys-apps/systemd/systemd-254.18.ebuild
index 3c99d5286da8..2e0de48f21dc 100644
--- a/sys-apps/systemd/systemd-254.18.ebuild
+++ b/sys-apps/systemd/systemd-254.18.ebuild
@@ -397,7 +397,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use split-usr; then

diff --git a/sys-apps/systemd/systemd-255.10.ebuild b/sys-apps/systemd/systemd-255.10.ebuild
index 6b6829770ddf..ddf10377645d 100644
--- a/sys-apps/systemd/systemd-255.10.ebuild
+++ b/sys-apps/systemd/systemd-255.10.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-255.11.ebuild b/sys-apps/systemd/systemd-255.11.ebuild
index caca95ec35cf..b7f7c92ef5c2 100644
--- a/sys-apps/systemd/systemd-255.11.ebuild
+++ b/sys-apps/systemd/systemd-255.11.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-255.12.ebuild b/sys-apps/systemd/systemd-255.12.ebuild
index 6b6829770ddf..ddf10377645d 100644
--- a/sys-apps/systemd/systemd-255.12.ebuild
+++ b/sys-apps/systemd/systemd-255.12.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-255.7-r1.ebuild b/sys-apps/systemd/systemd-255.7-r1.ebuild
index 11a5556c2b86..91957bd6756a 100644
--- a/sys-apps/systemd/systemd-255.7-r1.ebuild
+++ b/sys-apps/systemd/systemd-255.7-r1.ebuild
@@ -408,7 +408,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-256.1-r3.ebuild b/sys-apps/systemd/systemd-256.1-r3.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.1-r3.ebuild
+++ b/sys-apps/systemd/systemd-256.1-r3.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-256.2.ebuild b/sys-apps/systemd/systemd-256.2.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.2.ebuild
+++ b/sys-apps/systemd/systemd-256.2.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-256.4.ebuild b/sys-apps/systemd/systemd-256.4.ebuild
index d83d294dd3b1..6b97cce9a52e 100644
--- a/sys-apps/systemd/systemd-256.4.ebuild
+++ b/sys-apps/systemd/systemd-256.4.ebuild
@@ -432,7 +432,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-256.5.ebuild b/sys-apps/systemd/systemd-256.5.ebuild
index 65993127c17e..37a10570fcd1 100644
--- a/sys-apps/systemd/systemd-256.5.ebuild
+++ b/sys-apps/systemd/systemd-256.5.ebuild
@@ -440,7 +440,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-256.6.ebuild b/sys-apps/systemd/systemd-256.6.ebuild
index 65993127c17e..37a10570fcd1 100644
--- a/sys-apps/systemd/systemd-256.6.ebuild
+++ b/sys-apps/systemd/systemd-256.6.ebuild
@@ -440,7 +440,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index aa4c7f43e59a..0e8952909fb9 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -439,7 +439,11 @@ multilib_src_install_all() {
 	keepdir /var/log/journal
 
 	if use pam; then
-		newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		if use selinux; then
+			newpamd "${FILESDIR}"/systemd-user-selinux.pam systemd-user
+		else
+			newpamd "${FILESDIR}"/systemd-user.pam systemd-user
+		fi
 	fi
 
 	if use kernel-install; then

next             reply	other threads:[~2024-09-26 19:15 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-26 19:15 Mike Gilbert [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-04-29 17:27 [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/ Sam James
2023-12-28  3:53 Sam James
2023-07-06  8:15 Sam James
2023-05-05  4:13 Sam James
2023-04-29  3:50 Mike Gilbert
2023-01-30  2:14 Mike Gilbert
2023-01-13 20:06 Mike Gilbert
2023-01-13  5:33 Sam James
2023-01-11  7:50 Sam James
2022-10-15 18:57 Mike Gilbert
2022-10-14 21:18 Sam James
2022-09-18 15:52 Mike Gilbert
2022-08-02 23:40 Sam James
2022-05-24 22:35 Sam James
2022-05-23 18:35 Mike Gilbert
2022-05-21 22:22 Mike Gilbert
2022-05-07 18:32 Mike Gilbert
2022-04-30  0:30 Sam James
2022-04-28  1:26 Sam James
2022-01-15 15:41 Mike Gilbert
2022-01-13 16:29 Mike Gilbert
2021-10-26 15:00 Mike Gilbert
2021-07-20 19:19 Mike Gilbert
2021-07-11 14:41 Mike Gilbert
2021-06-20 17:33 Mike Gilbert
2021-04-27 18:16 Mike Gilbert
2021-03-17 14:19 Mike Gilbert
2020-11-03 15:48 Mike Gilbert
2020-10-14 19:15 Mike Gilbert
2020-09-24 14:51 Mike Gilbert
2020-08-22  1:56 Mike Gilbert
2020-07-06 14:05 Mike Gilbert
2020-06-11  2:29 Mike Gilbert
2020-03-09 21:22 Mike Gilbert
2020-01-26 17:19 Mike Gilbert
2020-01-07  7:19 Mike Gilbert
2019-09-03 15:27 Mike Gilbert
2019-07-31 14:06 Mike Gilbert
2019-06-17 16:19 Mike Gilbert
2019-05-23 12:26 Louis Sautier
2019-05-09 13:41 Mike Gilbert
2019-05-08 17:29 Mike Gilbert
2019-04-05 20:56 Mike Gilbert
2018-10-30 14:34 Mike Gilbert
2018-09-29 15:27 Mike Gilbert
2018-03-26 21:14 Pacho Ramos
2017-12-31  1:40 Mike Gilbert
2017-12-28 16:01 Mike Gilbert
2017-10-28 18:58 Mike Gilbert
2017-10-08 17:11 Mike Gilbert
2017-09-08 21:16 Mike Gilbert
2017-08-13 23:32 Mike Gilbert
2017-07-12 20:23 Mike Gilbert
2017-06-28 17:01 Mike Gilbert
2017-03-12 17:59 Mike Gilbert
2017-01-03 18:15 Mike Gilbert
2016-12-18 23:08 Mike Gilbert
2016-04-16 20:32 Mike Gilbert
2015-12-12 15:17 Mike Gilbert
2015-11-24 16:28 Mike Gilbert
2015-10-25  9:11 Michał Górny

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0d5d6beb34d dfblob:b03afeebbbe dfblob:44b91c0ed76
dfblob:3c99d5286da dfblob:2e0de48f21d dfblob:6948d7750c8
dfblob:deb2c718729 dfblob:3c99d5286da dfblob:2e0de48f21d
dfblob:6b6829770dd dfblob:ddf10377645 dfblob:caca95ec35c
dfblob:b7f7c92ef5c dfblob:6b6829770dd dfblob:ddf10377645
dfblob:11a5556c2b8 dfblob:91957bd6756 dfblob:d83d294dd3b
dfblob:6b97cce9a52 dfblob:d83d294dd3b dfblob:6b97cce9a52
dfblob:d83d294dd3b dfblob:6b97cce9a52 dfblob:65993127c17
dfblob:37a10570fcd dfblob:65993127c17 dfblob:37a10570fcd
dfblob:aa4c7f43e59 dfblob:0e8952909fb )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/, sys-apps/systemd/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1727378120.27e8a693ee6afa4ae673f1f4625fae81b86ad86f.floppym@gentoo \
    --to=floppym@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox