summaryrefslogtreecommitdiff
path: root/modules/pam_selinux/pam_selinux.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_selinux/pam_selinux.8.xml')
-rw-r--r--modules/pam_selinux/pam_selinux.8.xml37
1 files changed, 29 insertions, 8 deletions
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 3acd1322..2c1cdb24 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ b/modules/pam_selinux/pam_selinux.8.xml
@@ -37,6 +37,9 @@
select_context
</arg>
<arg choice="opt">
+ env_params
+ </arg>
+ <arg choice="opt">
use_current_range
</arg>
</cmdsynopsis>
@@ -137,22 +140,40 @@
</varlistentry>
<varlistentry>
<term>
+ <option>env_params</option>
+ </term>
+ <listitem>
+ <para>
+ Attempt to obtain a custom security context role from PAM environment.
+ If MLS is on obtain also sensitivity level. This option and the
+ select_context option are mutually exclusive. The respective PAM
+ environment variables are <emphasis>SELINUX_ROLE_REQUESTED</emphasis>,
+ <emphasis>SELINUX_LEVEL_REQUESTED</emphasis>, and
+ <emphasis>SELINUX_USE_CURRENT_RANGE</emphasis>. The first two variables
+ are self describing and the last one if set to 1 makes the PAM module behave as
+ if the use_current_range was specified on the command line of the module.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>use_current_range</option>
</term>
<listitem>
<para>
- Use the sensitivity range of the process for the user context.
- This option and the select_context option are mutually exclusive.
+ Use the sensitivity level of the current process for the user context
+ instead of the default level. Also suppresses asking of the
+ sensitivity level from the user or obtaining it from PAM environment.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
- <refsect1 id="pam_selinux-services">
- <title>MODULE SERVICES PROVIDED</title>
+ <refsect1 id="pam_selinux-types">
+ <title>MODULE TYPES PROVIDED</title>
<para>
- Only the <option>session</option> service is supported.
+ Only the <option>session</option> module type is provided.
</para>
</refsect1>
@@ -171,7 +192,7 @@
<term>PAM_SUCCESS</term>
<listitem>
<para>
- The security context was set successfull.
+ The security context was set successfully.
</para>
</listitem>
</varlistentry>
@@ -190,7 +211,7 @@
<title>EXAMPLES</title>
<programlisting>
auth required pam_unix.so
-session required pam_permit.so
+session required pam_permit.so
session optional pam_selinux.so
</programlisting>
</refsect1>
@@ -202,7 +223,7 @@ session optional pam_selinux.so
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>