diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 13:00:10 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 13:00:10 -0800 |
| commit | 9d69c7bbb05cc22edce56e751cef5828e652988a (patch) | |
| tree | b97c4aa6e6133fa3e319805c5190819020838c32 /Linux-PAM/modules/pam_selinux/README | |
| parent | a6f4ab0bebc76acf85cc0244bd21c1036009c28c (diff) | |
| parent | d5b06b67bbeeed7c05c0eb2e05d6a972ad050d1c (diff) | |
| download | pam-9d69c7bbb05cc22edce56e751cef5828e652988a.tar.gz pam-9d69c7bbb05cc22edce56e751cef5828e652988a.tar.bz2 pam-9d69c7bbb05cc22edce56e751cef5828e652988a.zip | |
Merge tag 'upstream/0.99.7.1' into debian
Diffstat (limited to 'Linux-PAM/modules/pam_selinux/README')
| -rw-r--r-- | Linux-PAM/modules/pam_selinux/README | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/Linux-PAM/modules/pam_selinux/README b/Linux-PAM/modules/pam_selinux/README new file mode 100644 index 00000000..4268d3fb --- /dev/null +++ b/Linux-PAM/modules/pam_selinux/README @@ -0,0 +1,61 @@ +pam_selinux — PAM module to set the default security context + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +In a nutshell, pam_selinux sets up the default security context for the next +execed shell. + +When an application opens a session using pam_selinux, the shell that gets +executed will be run in the default security context, or if the user chooses +and the pam file allows the selected security context. Also the controlling tty +will have it's security context modified to match the users. + +Adding pam_selinux into a pam file could cause other pam modules to change +their behavior if the exec another application. The close and open option help +mitigate this problem. close option will only cause the close portion of the +pam_selinux to execute, and open will only cause the open portion to run. You +can add pam_selinux to the config file twice. Add the pam_selinux close as the +executes the open pass through the modules, pam_selinux open_session will +happen last. When PAM executes the close pass through the modules pam_selinux +close_session will happen first. + +OPTIONS + +close + + Only execute the close_session portion of the module. + +debug + + Turns on debugging via syslog(3). + +multiple + + Tells pam_selinux.so to allow the user to select the security context they + will login with, if the user has more than one role. + +open + + Only execute the open_session portion of the module. + +nottys + + Do not try to setup the ttys security context. + +verbose + + attempt to inform the user when security context is set. + +EXAMPLES + +auth required pam_unix.so +session required pam_permit.so +session optional pam_selinux.so + + +AUTHOR + +pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. + |