package pam- doesn't support seusers

Bug #187822 reported by Caleb Case
Affects Status Importance Assigned to Milestone
pam (Debian)
Fix Released
pam (Ubuntu)
Fix Released

Bug Description

The version of pam_selinux.c in pam is using an old method for determining contexts. Because of this it does not correctly handle the seusers configuration. This was fixed in upstream on 6/15/07 and has been in pam releases starting with 99.8. Most policies use the seusers feature and without it proper support for SELinux won't be possible in Hardy (specifically, login security contexts will not be correct). I've attached an updated source package (which is also available in my PPA This is related to a bug in Debian



DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"

Source package:


Binary package:

ii libpam-modules Pluggable Authentication Modules for PAM

Related branches

Revision history for this message
Caleb Case (calebcase) wrote :
Revision history for this message
Caleb Case (calebcase) wrote :
Changed in pam:
status: Unknown → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pam -

pam ( hardy; urgency=low

  * ubuntu-pam_selinux_seusers: patch pam_selinux to correctly support
    seusers (backported from changes in PAM 0.99.8). Without this patch
    login will not get correct security context when using libselinux
    >= 1.27.2 (LP: #187822).

 -- Caleb Case <email address hidden> Wed, 30 Jan 2008 06:39:48 -0500

Changed in pam:
status: New → Fix Released
Changed in pam:
status: Confirmed → Fix Committed
Changed in pam:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.