summaryrefslogtreecommitdiff
path: root/modules/pam_selinux/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_selinux/README')
-rw-r--r--modules/pam_selinux/README66
1 files changed, 0 insertions, 66 deletions
diff --git a/modules/pam_selinux/README b/modules/pam_selinux/README
deleted file mode 100644
index 9e841f2e..00000000
--- a/modules/pam_selinux/README
+++ /dev/null
@@ -1,66 +0,0 @@
-pam_selinux — PAM module to set the default security context
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-In a nutshell, pam_selinux sets up the default security context for the next
-execed shell.
-
-When an application opens a session using pam_selinux, the shell that gets
-executed will be run in the default security context, or if the user chooses
-and the pam file allows the selected security context. Also the controlling tty
-will have it's security context modified to match the users.
-
-Adding pam_selinux into a pam file could cause other pam modules to change
-their behavior if the exec another application. The close and open option help
-mitigate this problem. close option will only cause the close portion of the
-pam_selinux to execute, and open will only cause the open portion to run. You
-can add pam_selinux to the config file twice. Add the pam_selinux close as the
-executes the open pass through the modules, pam_selinux open_session will
-happen last. When PAM executes the close pass through the modules pam_selinux
-close_session will happen first.
-
-OPTIONS
-
-close
-
- Only execute the close_session portion of the module.
-
-debug
-
- Turns on debugging via syslog(3).
-
-open
-
- Only execute the open_session portion of the module.
-
-nottys
-
- Do not try to setup the ttys security context.
-
-verbose
-
- attempt to inform the user when security context is set.
-
-select_context
-
- Attempt to ask the user for a custom security context role. If MLS is on
- ask also for sensitivity level.
-
-use_current_range
-
- Use the sensitivity range of the process for the user context. This option
- and the select_context option are mutually exclusive.
-
-EXAMPLES
-
-auth required pam_unix.so
-session required pam_permit.so
-session optional pam_selinux.so
-
-
-AUTHOR
-
-pam_selinux was written by Dan Walsh <dwalsh@redhat.com>.
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 20:25:59 +0000