1 |
commit: f45e0db0dcd22534c2ab32160e56e10795010ebf |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Sun Feb 26 17:08:02 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Feb 27 10:38:00 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f45e0db0 |
7 |
|
8 |
auth: Move optional out of auth_use_pam_systemd() to callers. |
9 |
|
10 |
policy/modules/admin/su.if | 5 ++++- |
11 |
policy/modules/system/authlogin.if | 6 ++---- |
12 |
policy/modules/system/selinuxutil.te | 5 ++++- |
13 |
3 files changed, 10 insertions(+), 6 deletions(-) |
14 |
|
15 |
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if |
16 |
index cd137d59..8e21b217 100644 |
17 |
--- a/policy/modules/admin/su.if |
18 |
+++ b/policy/modules/admin/su.if |
19 |
@@ -190,7 +190,6 @@ template(`su_role_template',` |
20 |
auth_dontaudit_read_shadow($1_su_t) |
21 |
auth_use_nsswitch($1_su_t) |
22 |
auth_rw_faillog($1_su_t) |
23 |
- auth_use_pam_systemd($1_su_t) |
24 |
|
25 |
corecmd_search_bin($1_su_t) |
26 |
|
27 |
@@ -227,6 +226,10 @@ template(`su_role_template',` |
28 |
') |
29 |
') |
30 |
|
31 |
+ optional_policy(` |
32 |
+ auth_use_pam_systemd($1_su_t) |
33 |
+ ') |
34 |
+ |
35 |
tunable_policy(`allow_polyinstantiation',` |
36 |
fs_mount_xattr_fs($1_su_t) |
37 |
fs_unmount_xattr_fs($1_su_t) |
38 |
|
39 |
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if |
40 |
index fb92132d..2b70d124 100644 |
41 |
--- a/policy/modules/system/authlogin.if |
42 |
+++ b/policy/modules/system/authlogin.if |
43 |
@@ -100,10 +100,8 @@ interface(`auth_use_pam',` |
44 |
## </param> |
45 |
# |
46 |
interface(`auth_use_pam_systemd',` |
47 |
- optional_policy(` |
48 |
- dbus_system_bus_client($1) |
49 |
- systemd_dbus_chat_logind($1) |
50 |
- ') |
51 |
+ dbus_system_bus_client($1) |
52 |
+ systemd_dbus_chat_logind($1) |
53 |
') |
54 |
|
55 |
######################################## |
56 |
|
57 |
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te |
58 |
index 5f624126..931d8591 100644 |
59 |
--- a/policy/modules/system/selinuxutil.te |
60 |
+++ b/policy/modules/system/selinuxutil.te |
61 |
@@ -283,7 +283,6 @@ auth_use_nsswitch(newrole_t) |
62 |
auth_run_chk_passwd(newrole_t, newrole_roles) |
63 |
auth_run_upd_passwd(newrole_t, newrole_roles) |
64 |
auth_rw_faillog(newrole_t) |
65 |
-auth_use_pam_systemd(newrole_t) |
66 |
|
67 |
# Write to utmp. |
68 |
init_rw_utmp(newrole_t) |
69 |
@@ -313,6 +312,10 @@ ifdef(`init_systemd',` |
70 |
') |
71 |
|
72 |
optional_policy(` |
73 |
+ auth_use_pam_systemd(newrole_t) |
74 |
+') |
75 |
+ |
76 |
+optional_policy(` |
77 |
dbus_system_bus_client(newrole_t) |
78 |
|
79 |
optional_policy(` |