New upstream version 1.0.1

1 files changed, 51 insertions, 0 deletions

diff --git a/modules/pam_sepermit/README b/modules/pam_sepermit/README
new file mode 100644
index 00000000..11429832
--- /dev/null
+++ b/modules/pam_sepermit/README
@@ -0,0 +1,51 @@
+pam_sepermit — PAM module to allow/deny login depending on SELinux enforcement
+state
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_sepermit module allows or denies login depending on SELinux enforcement
+state.
+
+When the user which is logging in matches an entry in the config file he is
+allowed access only when the SELinux is in enforcing mode. Otherwise he is
+denied access. For users not matching any entry in the config file the
+pam_sepermit module returns PAM_IGNORE return value.
+
+The config file contains a simple list of user names one per line. If the name
+is prefixed with @ character it means that all users in the group name match.
+If it is prefixed with a % character the SELinux user is used to match against
+the name instead of the account name. Note that when SELinux is disabled the
+SELinux user assigned to the account cannot be determined. This means that such
+entries are never matched when SELinux is disabled and pam_sepermit will return
+PAM_IGNORE.
+
+Each user name in the configuration file can have optional arguments separated
+by : character. The only currently recognized argument is exclusive. The
+pam_sepermit module will allow only single concurrent user session for the user
+with this argument specified and it will attempt to kill all processes of the
+user after logout.
+
+OPTIONS
+
+debug
+
+    Turns on debugging via syslog(3).
+
+conf=/path/to/config/file
+
+    Path to alternative config file overriding the default.
+
+EXAMPLES
+
+auth     [success=done ignore=ignore default=bad] pam_sepermit.so
+auth     required  pam_unix.so
+account  required  pam_unix.so
+session  required  pam_permit.so
+
+
+AUTHOR
+
+pam_sepermit was written by Tomas Mraz <tmraz@redhat.com>.
+