commit pam-config for openSUSE:Factory

root Mon, 02 Dec 2019 02:38:32 -0800

Hello community,

here is the log from the commit of package pam-config for openSUSE:Factory 
checked in at 2019-12-02 11:33:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pam-config (Old)
 and      /work/SRC/openSUSE:Factory/.pam-config.new.4691 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "pam-config"

Mon Dec  2 11:33:21 2019 rev:82 rq:751482 version:1.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/pam-config/pam-config.changes    2019-08-27 
15:21:00.120852470 +0200
+++ /work/SRC/openSUSE:Factory/.pam-config.new.4691/pam-config.changes  
2019-12-02 11:37:58.370456029 +0100
@@ -1,0 +2,8 @@
+Mon Nov 25 08:02:48 UTC 2019 - Josef Möllers <[email protected]>
+
+- Prevent systemd-user to call pam_mount when opening/closing a
+  (PAM) session as it drops privileges in between and so when closing
+  it may be unable to undo things set up during opening.
+  [bsc#1153630, bsc1153630-prevent-systemd-pam_mount.patch]
+
+-------------------------------------------------------------------

New:
----
  bsc1153630-prevent-systemd-pam_mount.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pam-config.spec ++++++
--- /var/tmp/diff_new_pack.YKxR2g/_old  2019-12-02 11:37:58.846456129 +0100
+++ /var/tmp/diff_new_pack.YKxR2g/_new  2019-12-02 11:37:58.850456130 +0100
@@ -24,6 +24,7 @@
 Group:          System/Management
 URL:            https://github.com/SUSE/pam-config
 Source:         %{name}-%{version}.tar.xz
+Patch1:         bsc1153630-prevent-systemd-pam_mount.patch
 PreReq:         pam >= 1.3.0
 
 %description
@@ -36,6 +37,8 @@
 %prep
 %setup -q
 
+%patch1 -p1
+
 %build
 %configure
 make %{?_smp_mflags}

++++++ bsc1153630-prevent-systemd-pam_mount.patch ++++++
Index: pam-config-1.2/src/mod_pam_mount.c
===================================================================
--- pam-config-1.2.orig/src/mod_pam_mount.c
+++ pam-config-1.2/src/mod_pam_mount.c
@@ -135,7 +135,12 @@ write_config_mount (  pam_module_t *this
     }
     /* pam_thinkfinger.so is not enabled so we can safely add
      * pam_mount.so
+     * We'll also add a line preventing systemd-user from invoking 
pam_mount.so as it
+     * causes problems at least when (trying) to umount a user partition as it 
drops privileges between
+     * opening and closing a (PAM) session.
+     * Note that this doesn't break anything if systemd is not used.
      */
+    fprintf(fp, "session  [success=1 
default=ignore]\tpam_succeed_if.so\tservice = systemd-user\n");
     fprintf (fp, "session  optional\tpam_mount.so\n");
   }
   return close_service_file (fp,gl_service);

commit pam-config for openSUSE:Factory

Reply via email to