summaryrefslogtreecommitdiff
path: root/modules/pam_selinux/README
diff options
context:
space:
mode:
authorSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 21:23:37 -0800
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:51 -0800
commit7e6c4749370338c9af7e1b959f8ab96d089786d6 (patch)
tree2da5e702d7da7b222237ea5ac71e208dd70791a6 /modules/pam_selinux/README
parentfa4960114fc50965a9696f2db7406a9d792e3ff8 (diff)
parent795badba7f95e737f979917859cd32c9bd47bcad (diff)
Merge upstream version 1.1.8
Diffstat (limited to 'modules/pam_selinux/README')
-rw-r--r--modules/pam_selinux/README68
1 files changed, 38 insertions, 30 deletions
diff --git a/modules/pam_selinux/README b/modules/pam_selinux/README
index 67217905..fb4d4499 100644
--- a/modules/pam_selinux/README
+++ b/modules/pam_selinux/README
@@ -4,58 +4,66 @@ pam_selinux — PAM module to set the default security context
DESCRIPTION
-In a nutshell, pam_selinux sets up the default security context for the next
-execed shell.
-
-When an application opens a session using pam_selinux, the shell that gets
-executed will be run in the default security context, or if the user chooses
-and the pam file allows the selected security context. Also the controlling tty
-will have it's security context modified to match the users.
-
-Adding pam_selinux into a pam file could cause other pam modules to change
-their behavior if the exec another application. The close and open option help
-mitigate this problem. close option will only cause the close portion of the
-pam_selinux to execute, and open will only cause the open portion to run. You
-can add pam_selinux to the config file twice. Add the pam_selinux close as the
-executes the open pass through the modules, pam_selinux open_session will
-happen last. When PAM executes the close pass through the modules pam_selinux
-close_session will happen first.
+pam_selinux is a PAM module that sets up the default SELinux security context
+for the next executed process.
+
+When a new session is started, the open_session part of the module computes and
+sets up the execution security context used for the next execve(2) call, the
+file security context for the controlling terminal, and the security context
+used for creating a new kernel keyring.
+
+When the session is ended, the close_session part of the module restores old
+security contexts that were in effect before the change made by the
+open_session part of the module.
+
+Adding pam_selinux into the PAM stack might disrupt behavior of other PAM
+modules which execute applications. To avoid that, pam_selinux.so open should
+be placed after such modules in the PAM stack, and pam_selinux.so close should
+be placed before them. When such a placement is not feasible, pam_selinux.so
+restore could be used to temporary restore original security contexts.
OPTIONS
-close
+open
- Only execute the close_session portion of the module.
+ Only execute the open_session part of the module.
-debug
+close
- Turns on debugging via syslog(3).
+ Only execute the close_session part of the module.
-open
+restore
- Only execute the open_session portion of the module.
+ In open_session part of the module, temporarily restore the security
+ contexts as they were before the previous call of the module. Another call
+ of this module without the restore option will set up the new security
+ contexts again.
nottys
- Do not try to setup the ttys security context.
+ Do not setup security context of the controlling terminal.
+
+debug
+
+ Turn on debug messages via syslog(3).
verbose
- attempt to inform the user when security context is set.
+ Attempt to inform the user when security context is set.
select_context
- Attempt to ask the user for a custom security context role. If MLS is on
+ Attempt to ask the user for a custom security context role. If MLS is on,
ask also for sensitivity level.
env_params
Attempt to obtain a custom security context role from PAM environment. If
- MLS is on obtain also sensitivity level. This option and the select_context
- option are mutually exclusive. The respective PAM environment variables are
- SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and
- SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and
- the last one if set to 1 makes the PAM module behave as if the
+ MLS is on, obtain also sensitivity level. This option and the
+ select_context option are mutually exclusive. The respective PAM
+ environment variables are SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED,
+ and SELINUX_USE_CURRENT_RANGE. The first two variables are self describing
+ and the last one if set to 1 makes the PAM module behave as if the
use_current_range was specified on the command line of the module.
use_current_range