jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

pam, shadow: disable pam_namespace for /tmp and /var/tmp.

Browse source 
There are some problems with it that aren't easy to fix, so give up.

--HG--
extra : convert_revision : 16763d6ef027eab3f9ffed1edcbc0f8fdbe16862
This commit is contained in:
Juan RP 2010-02-17 05:40:55 +01:00
parent 56e1327bfe
commit 18e6d02732
4 changed files with 3 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
srcpkgs/pam/INSTALL
View file

@ -1,16 +0,0 @@
# This script creates the pam_namespace(8) instance directories
# for /tmp and /var/tmpfs, they are created from /tmp/.tmp_inst
# and /var/tmp/.tmp_inst respectively.
#
case "${ACTION}" in
post)
if [ ! -d tmp/.tmp_inst ]; then
mkdir -m 0000 tmp/.tmp_inst || exit $?
echo "Created pam_namespace(8) /tmp instance dir."
fi
if [ ! -d var/tmp/.tmp_inst ]; then
mkdir -m 0000 var/tmp/.tmp_inst || exit $?
echo "Created pam_namespace(8) /var/tmp instance dir."
fi
;;
esac

19
srcpkgs/pam/template
View file

@ -1,7 +1,7 @@
# Template file for 'pam' # Template file for 'pam'
pkgname=pam pkgname=pam
version=1.1.1 version=1.1.1
revision=3 revision=4
wrksrc="Linux-PAM-$version" wrksrc="Linux-PAM-$version"
distfiles="${KERNEL_SITE}/libs/pam/library/Linux-PAM-$version.tar.bz2" distfiles="${KERNEL_SITE}/libs/pam/library/Linux-PAM-$version.tar.bz2"
build_style=gnu_configure build_style=gnu_configure
@ -38,23 +38,6 @@ post_install()
# Fix unix_chkpwd perms. # Fix unix_chkpwd perms.
chmod 4755 ${DESTDIR}/sbin/unix_chkpwd chmod 4755 ${DESTDIR}/sbin/unix_chkpwd
#
# Enable by default pam_namespace(8) to mount /tmp and
# /var/tmp as tmpfs for all users except root.
#
cat >> ${DESTDIR}/etc/security/namespace.conf << _EOF
#
# ------ END OF DEFAULT FILE ---------
#
# XBPS: by default create /tmp and /var/tmp tmpfs instances to
# all users except root.
#
/tmp /tmp/.tmp_inst/ tmpfs root
/var/tmp /var/tmp/.tmp_inst/ tmpfs root
#
_EOF
chmod 644 ${DESTDIR}/etc/security/namespace.conf || return 1
# #
# Fix a syntax error in namespace.init, -p flag is unknown # Fix a syntax error in namespace.init, -p flag is unknown
# at least to dash and bash. # at least to dash and bash.

4
srcpkgs/shadow/files/login.pam
View file

@ -1,5 +1,4 @@
# login pam service with sha512 passwords, cracklib and # login pam service with sha512 passwords and cracklib support.
# namespace support for tmpfs /tmp and /var/tmp.
auth requisite pam_nologin.so auth requisite pam_nologin.so
auth required pam_securetty.so auth required pam_securetty.so
auth required pam_unix.so auth required pam_unix.so
@ -11,6 +10,5 @@ session required pam_limits.so
session optional pam_mail.so dir=/var/mail standard session optional pam_mail.so dir=/var/mail standard
session optional pam_lastlog.so session optional pam_lastlog.so
session required pam_unix.so session required pam_unix.so
session required pam_namespace.so
password required pam_cracklib.so try_first_pass retry=3 password required pam_cracklib.so try_first_pass retry=3
password required pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_unix.so sha512 shadow nullok try_first_pass use_authtok

2
srcpkgs/shadow/template
View file

@ -1,7 +1,7 @@
# Template file for 'shadow' # Template file for 'shadow'
pkgname=shadow pkgname=shadow
version=4.1.4.2 version=4.1.4.2
revision=2 revision=3
distfiles="ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/$pkgname-$version.tar.bz2" distfiles="ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/$pkgname-$version.tar.bz2"
build_style=gnu_configure build_style=gnu_configure
configure_args="--libdir=/lib --enable-shared --disable-static configure_args="--libdir=/lib --enable-shared --disable-static