[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/system/

Mon, 27 Feb 2017 02:51:41 -0800 

commit:     f45e0db0dcd22534c2ab32160e56e10795010ebf
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Feb 26 17:08:02 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 27 10:38:00 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f45e0db0

auth: Move optional out of auth_use_pam_systemd() to callers.

 policy/modules/admin/su.if           | 5 ++++-
 policy/modules/system/authlogin.if   | 6 ++----
 policy/modules/system/selinuxutil.te | 5 ++++-
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index cd137d59..8e21b217 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -190,7 +190,6 @@ template(`su_role_template',`
        auth_dontaudit_read_shadow($1_su_t)
        auth_use_nsswitch($1_su_t)
        auth_rw_faillog($1_su_t)
-       auth_use_pam_systemd($1_su_t)
 
        corecmd_search_bin($1_su_t)
 
@@ -227,6 +226,10 @@ template(`su_role_template',`
                ')
        ')
 
+       optional_policy(`
+               auth_use_pam_systemd($1_su_t)
+       ')
+
        tunable_policy(`allow_polyinstantiation',`
                fs_mount_xattr_fs($1_su_t)
                fs_unmount_xattr_fs($1_su_t)

diff --git a/policy/modules/system/authlogin.if 
b/policy/modules/system/authlogin.if
index fb92132d..2b70d124 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -100,10 +100,8 @@ interface(`auth_use_pam',`
 ## </param>
 #
 interface(`auth_use_pam_systemd',`
-       optional_policy(`
-               dbus_system_bus_client($1)
-               systemd_dbus_chat_logind($1)
-       ')
+       dbus_system_bus_client($1)
+       systemd_dbus_chat_logind($1)
 ')
 
 ########################################

diff --git a/policy/modules/system/selinuxutil.te 
b/policy/modules/system/selinuxutil.te
index 5f624126..931d8591 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -283,7 +283,6 @@ auth_use_nsswitch(newrole_t)
 auth_run_chk_passwd(newrole_t, newrole_roles)
 auth_run_upd_passwd(newrole_t, newrole_roles)
 auth_rw_faillog(newrole_t)
-auth_use_pam_systemd(newrole_t)
 
 # Write to utmp.
 init_rw_utmp(newrole_t)
@@ -313,6 +312,10 @@ ifdef(`init_systemd',`
 ')
 
 optional_policy(`
+       auth_use_pam_systemd(newrole_t)
+')
+
+optional_policy(`
        dbus_system_bus_client(newrole_t)
 
        optional_policy(`

Reply via email to