6 files changed, 76 insertions, 79 deletions
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index 9476ab33..fbb6de6d 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -15,7 +15,11 @@ dist_check_SCRIPTS = tst-pam_selinux
 TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
+if HAVE_VENDORDIR
+secureconfdir = $(VENDOR_SCONFIGDIR)
+else
 secureconfdir = $(SCONFIGDIR)
+endif
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-I$(top_srcdir)/libpam_misc/include $(WARN_CFLAGS)
diff --git a/modules/pam_selinux/Makefile.in b/modules/pam_selinux/Makefile.in
index c58ce8e5..cad48d6c 100644
--- a/modules/pam_selinux/Makefile.in
+++ b/modules/pam_selinux/Makefile.in
@@ -440,6 +440,7 @@ CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
 DLLTOOL = @DLLTOOL@
+DOCBOOK_RNG = @DOCBOOK_RNG@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -452,11 +453,13 @@ EXEEXT = @EXEEXT@
 EXE_CFLAGS = @EXE_CFLAGS@
 EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
+FILECMD = @FILECMD@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
+HTML_STYLESHEET = @HTML_STYLESHEET@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -488,12 +491,14 @@ LIBSELINUX = @LIBSELINUX@
 LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
+LOGIND_CFLAGS = @LOGIND_CFLAGS@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
 LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
+MAN_STYLESHEET = @MAN_STYLESHEET@
 MKDIR_P = @MKDIR_P@
 MSGFMT = @MSGFMT@
 MSGFMT_015 = @MSGFMT_015@
@@ -516,6 +521,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
+PDF_STYLESHEET = @PDF_STYLESHEET@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -526,12 +532,16 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
-STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
+STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
+SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
+SYSTEMD_LIBS = @SYSTEMD_LIBS@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
+TXT_STYLESHEET = @TXT_STYLESHEET@
 USE_NLS = @USE_NLS@
+VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@
 VERSION = @VERSION@
 WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
@@ -605,7 +615,8 @@ XMLS = README.xml pam_selinux.8.xml
 dist_check_SCRIPTS = tst-pam_selinux
 TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-I$(top_srcdir)/libpam_misc/include $(WARN_CFLAGS)
 
diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml
index 7e1baf55..dc1b5697 100644
--- a/modules/pam_selinux/README.xml
+++ b/modules/pam_selinux/README.xml
@@ -1,41 +1,27 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_selinux.8.xml">
--->
-]>
+<article xmlns="http://docbook.org/ns/docbook" version="5.0">
 
-<article>
-
-  <articleinfo>
+  <info>
 
     <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-name")/*)'/>
     </title>
 
-  </articleinfo>
+  </info>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-description"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-description")/*)'/>
   </section>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-options"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-options")/*)'/>
   </section>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-examples"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-examples")/*)'/>
   </section>
 
   <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-author"]/*)'/>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-author")/*)'/>
   </section>
 
-</article>
+</article>
+\ No newline at end of file
diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8
index 22a3d0a2..260bc477 100644
--- a/modules/pam_selinux/pam_selinux.8
+++ b/modules/pam_selinux/pam_selinux.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_selinux
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/03/2021
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\"      Date: 05/07/2023
 .\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
+.\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SELINUX" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -51,43 +51,43 @@ should be placed before them\&. When such a placement is not feasible,
 could be used to temporary restore original security contexts\&.
 .SH "OPTIONS"
 .PP
-\fBopen\fR
+open
 .RS 4
 Only execute the open_session part of the module\&.
 .RE
 .PP
-\fBclose\fR
+close
 .RS 4
 Only execute the close_session part of the module\&.
 .RE
 .PP
-\fBrestore\fR
+restore
 .RS 4
 In open_session part of the module, temporarily restore the security contexts as they were before the previous call of the module\&. Another call of this module without the restore option will set up the new security contexts again\&.
 .RE
 .PP
-\fBnottys\fR
+nottys
 .RS 4
 Do not setup security context of the controlling terminal\&.
 .RE
 .PP
-\fBdebug\fR
+debug
 .RS 4
 Turn on debug messages via
 \fBsyslog\fR(3)\&.
 .RE
 .PP
-\fBverbose\fR
+verbose
 .RS 4
 Attempt to inform the user when security context is set\&.
 .RE
 .PP
-\fBselect_context\fR
+select_context
 .RS 4
 Attempt to ask the user for a custom security context role\&. If MLS is on, ask also for sensitivity level\&.
 .RE
 .PP
-\fBenv_params\fR
+env_params
 .RS 4
 Attempt to obtain a custom security context role from PAM environment\&. If MLS is on, obtain also sensitivity level\&. This option and the select_context option are mutually exclusive\&. The respective PAM environment variables are
 \fISELINUX_ROLE_REQUESTED\fR,
@@ -95,7 +95,7 @@ Attempt to obtain a custom security context role from PAM environment\&. If MLS
 \fISELINUX_USE_CURRENT_RANGE\fR\&. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\&.
 .RE
 .PP
-\fBuse_current_range\fR
+use_current_range
 .RS 4
 Use the sensitivity level of the current process for the user context instead of the default level\&. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment\&.
 .RE
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 28d465f5..3aa632cf 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ b/modules/pam_selinux/pam_selinux.8.xml
@@ -1,54 +1,51 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_selinux">
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_selinux">
 
   <refmeta>
     <refentrytitle>pam_selinux</refentrytitle>
     <manvolnum>8</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+    <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+    <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
   </refmeta>
 
-  <refnamediv id="pam_selinux-name">
+  <refnamediv xml:id="pam_selinux-name">
     <refname>pam_selinux</refname>
     <refpurpose>PAM module to set the default security context</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
-    <cmdsynopsis id="pam_selinux-cmdsynopsis">
+    <cmdsynopsis xml:id="pam_selinux-cmdsynopsis" sepchar=" ">
       <command>pam_selinux.so</command>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	open
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	close
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	restore
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	nottys
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	debug
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	verbose
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	select_context
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	env_params
       </arg>
-      <arg choice="opt">
+      <arg choice="opt" rep="norepeat">
 	use_current_range
       </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
-  <refsect1 id="pam_selinux-description">
+  <refsect1 xml:id="pam_selinux-description">
     <title>DESCRIPTION</title>
     <para>
       pam_selinux is a PAM module that sets up the default SELinux security
@@ -79,12 +76,12 @@
     </para>
   </refsect1>
 
-  <refsect1 id="pam_selinux-options">
+  <refsect1 xml:id="pam_selinux-options">
     <title>OPTIONS</title>
     <variablelist>
       <varlistentry>
         <term>
-          <option>open</option>
+          open
         </term>
         <listitem>
           <para>
@@ -94,7 +91,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>close</option>
+          close
         </term>
         <listitem>
           <para>
@@ -104,7 +101,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>restore</option>
+          restore
         </term>
         <listitem>
           <para>
@@ -117,7 +114,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>nottys</option>
+          nottys
         </term>
         <listitem>
           <para>
@@ -127,7 +124,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>debug</option>
+          debug
         </term>
         <listitem>
           <para>
@@ -140,7 +137,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>verbose</option>
+          verbose
         </term>
         <listitem>
           <para>
@@ -150,7 +147,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>select_context</option>
+          select_context
         </term>
         <listitem>
           <para>
@@ -161,7 +158,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>env_params</option>
+          env_params
         </term>
         <listitem>
           <para>
@@ -178,7 +175,7 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>use_current_range</option>
+          use_current_range
         </term>
         <listitem>
           <para>
@@ -191,14 +188,14 @@
     </variablelist>
   </refsect1>
 
-  <refsect1 id="pam_selinux-types">
+  <refsect1 xml:id="pam_selinux-types">
     <title>MODULE TYPES PROVIDED</title>
     <para>
       Only the <option>session</option> module type is provided.
     </para>
   </refsect1>
 
-  <refsect1 id='pam_selinux-return_values'>
+  <refsect1 xml:id="pam_selinux-return_values">
     <title>RETURN VALUES</title>
     <variablelist>
       <varlistentry>
@@ -236,7 +233,7 @@
     </variablelist>
   </refsect1>
 
-  <refsect1 id='pam_selinux-examples'>
+  <refsect1 xml:id="pam_selinux-examples">
     <title>EXAMPLES</title>
     <programlisting>
 auth     required  pam_unix.so
@@ -245,7 +242,7 @@ session  optional  pam_selinux.so
     </programlisting>
   </refsect1>
 
-  <refsect1 id='pam_selinux-see_also'>
+  <refsect1 xml:id="pam_selinux-see_also">
     <title>SEE ALSO</title>
     <para>
       <citerefentry>
@@ -266,11 +263,11 @@ session  optional  pam_selinux.so
     </para>
   </refsect1>
 
-  <refsect1 id='pam_selinux-author'>
+  <refsect1 xml:id="pam_selinux-author">
     <title>AUTHOR</title>
       <para>
         pam_selinux was written by Dan Walsh &lt;dwalsh@redhat.com&gt;.
       </para>
   </refsect1>
 
-</refentry>
+</refentry>
+\ No newline at end of file
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index d8e10d8e..e52e0fc4 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -393,7 +393,6 @@ free_module_data(module_data_t *data)
   freecon(data->prev_exec_context);
   if (data->exec_context != data->default_user_context)
     freecon(data->exec_context);
-  memset(data, 0, sizeof(*data));
   free(data);
 }
 
@@ -553,7 +552,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
     }
     pam_syslog(pamh, LOG_ERR, "Failed to get current context for %s: %m",
 	       data->tty_path);
-    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+    return (security_getenforce() != 0) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
   tclass = string_to_security_class("chr_file");
@@ -563,7 +562,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
     data->prev_tty_context = NULL;
     free(data->tty_path);
     data->tty_path = NULL;
-    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+    return (security_getenforce() != 0) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
   if (security_compute_relabel(data->exec_context, data->prev_tty_context,
@@ -575,7 +574,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
     data->prev_tty_context = NULL;
     free(data->tty_path);
     data->tty_path = NULL;
-    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+    return (security_getenforce() != 0) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
   return PAM_SUCCESS;
@@ -606,7 +605,7 @@ restore_context(const pam_handle_t *pamh, const module_data_t *data, int debug)
 	       data->prev_exec_context ? data->prev_exec_context : "");
   err |= set_exec_context(pamh, data->prev_exec_context);
 
-  if (err && security_getenforce() == 1)
+  if (err && security_getenforce() != 0)
     return PAM_SESSION_ERR;
 
   return PAM_SUCCESS;
@@ -658,7 +657,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data,
   }
 #endif
 
-  if (err && security_getenforce() == 1)
+  if (err && security_getenforce() != 0)
     return PAM_SESSION_ERR;
 
   return PAM_SUCCESS;
@@ -717,7 +716,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv,
 
   if (!data->exec_context) {
     free_module_data(data);
-    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+    return (security_getenforce() != 0) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
   if (ttys && (i = compute_tty_context(pamh, data)) != PAM_SUCCESS) {