summaryrefslogtreecommitdiff
path: root/modules/pam_selinux/pam_selinux.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_selinux/pam_selinux.8.xml')
-rw-r--r--modules/pam_selinux/pam_selinux.8.xml220
1 files changed, 0 insertions, 220 deletions
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
deleted file mode 100644
index 3acd1322..00000000
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ /dev/null
@@ -1,220 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_selinux">
-
- <refmeta>
- <refentrytitle>pam_selinux</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_selinux-name">
- <refname>pam_selinux</refname>
- <refpurpose>PAM module to set the default security context</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_selinux-cmdsynopsis">
- <command>pam_selinux.so</command>
- <arg choice="opt">
- close
- </arg>
- <arg choice="opt">
- debug
- </arg>
- <arg choice="opt">
- open
- </arg>
- <arg choice="opt">
- nottys
- </arg>
- <arg choice="opt">
- verbose
- </arg>
- <arg choice="opt">
- select_context
- </arg>
- <arg choice="opt">
- use_current_range
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_selinux-description">
- <title>DESCRIPTION</title>
- <para>
- In a nutshell, pam_selinux sets up the default security context for the
- next execed shell.
- </para>
- <para>
- When an application opens a session using pam_selinux, the shell that
- gets executed will be run in the default security context, or if the
- user chooses and the pam file allows the selected security context.
- Also the controlling tty will have it's security context modified to
- match the users.
- </para>
- <para>
- Adding pam_selinux into a pam file could cause other pam modules to
- change their behavior if the exec another application. The close and
- open option help mitigate this problem. close option will only cause
- the close portion of the pam_selinux to execute, and open will only
- cause the open portion to run. You can add pam_selinux to the config
- file twice. Add the pam_selinux close as the executes the open pass
- through the modules, pam_selinux open_session will happen last.
- When PAM executes the close pass through the modules pam_selinux
- close_session will happen first.
- </para>
- </refsect1>
-
- <refsect1 id="pam_selinux-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>close</option>
- </term>
- <listitem>
- <para>
- Only execute the close_session portion of the module.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Turns on debugging via
- <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>open</option>
- </term>
- <listitem>
- <para>
- Only execute the open_session portion of the module.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>nottys</option>
- </term>
- <listitem>
- <para>
- Do not try to setup the ttys security context.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>verbose</option>
- </term>
- <listitem>
- <para>
- attempt to inform the user when security context is set.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>select_context</option>
- </term>
- <listitem>
- <para>
- Attempt to ask the user for a custom security context role.
- If MLS is on ask also for sensitivity level.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>use_current_range</option>
- </term>
- <listitem>
- <para>
- Use the sensitivity range of the process for the user context.
- This option and the select_context option are mutually exclusive.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_selinux-services">
- <title>MODULE SERVICES PROVIDED</title>
- <para>
- Only the <option>session</option> service is supported.
- </para>
- </refsect1>
-
- <refsect1 id='pam_selinux-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- Unable to get or set a valid context.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The security context was set successfull.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_USER_UNKNOWN</term>
- <listitem>
- <para>
- The user is not known to the system.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_selinux-examples'>
- <title>EXAMPLES</title>
- <programlisting>
-auth required pam_unix.so
-session required pam_permit.so
-session optional pam_selinux.so
- </programlisting>
- </refsect1>
-
- <refsect1 id='pam_selinux-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_selinux-author'>
- <title>AUTHOR</title>
- <para>
- pam_selinux was written by Dan Walsh &lt;dwalsh@redhat.com&gt;.
- </para>
- </refsect1>
-
-</refentry>