package pam-0.99.7.1 pam_selinux.so doesn't support seusers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam (Debian) |
Fix Released
|
Unknown
|
|||
pam (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The version of pam_selinux.c in pam 0.99.7.1 is using an old method for determining contexts. Because of this it does not correctly handle the seusers configuration. This was fixed in upstream on 6/15/07 and has been in pam releases starting with 99.8. Most policies use the seusers feature and without it proper support for SELinux won't be possible in Hardy (specifically, login security contexts will not be correct). I've attached an updated source package (which is also available in my PPA https:/
Thanks,
Caleb
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
Source package:
pam_0.99.
Binary package:
+++-===
ii libpam-modules 0.99.7.1-5ubuntu3 Pluggable Authentication Modules for PAM
Related branches
Changed in pam: | |
status: | Unknown → Confirmed |
Changed in pam: | |
status: | Confirmed → Fix Committed |
Changed in pam: | |
status: | Fix Committed → Fix Released |
This bug was fixed in the package pam - 0.99.7.1-5ubuntu4
---------------
pam (0.99.7.1-5ubuntu4) hardy; urgency=low
* ubuntu- pam_selinux_ seusers: patch pam_selinux to correctly support
seusers (backported from changes in PAM 0.99.8). Without this patch
login will not get correct security context when using libselinux
>= 1.27.2 (LP: #187822).
-- Caleb Case <email address hidden> Wed, 30 Jan 2008 06:39:48 -0500