diff options
Diffstat (limited to 'modules/pam_selinux/pam_selinux.8.xml')
-rw-r--r-- | modules/pam_selinux/pam_selinux.8.xml | 207 |
1 files changed, 0 insertions, 207 deletions
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml deleted file mode 100644 index 1f00f082..00000000 --- a/modules/pam_selinux/pam_selinux.8.xml +++ /dev/null @@ -1,207 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_selinux"> - - <refmeta> - <refentrytitle>pam_selinux</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_selinux-name"> - <refname>pam_selinux</refname> - <refpurpose>PAM module to set the default security context</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_selinux-cmdsynopsis"> - <command>pam_selinux.so</command> - <arg choice="opt"> - close - </arg> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - multiple - </arg> - <arg choice="opt"> - open - </arg> - <arg choice="opt"> - nottys - </arg> - <arg choice="opt"> - verbose - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_selinux-description"> - <title>DESCRIPTION</title> - <para> - In a nutshell, pam_selinux sets up the default security context for the - next execed shell. - </para> - <para> - When an application opens a session using pam_selinux, the shell that - gets executed will be run in the default security context, or if the - user chooses and the pam file allows the selected security context. - Also the controlling tty will have it's security context modified to - match the users. - </para> - <para> - Adding pam_selinux into a pam file could cause other pam modules to - change their behavior if the exec another application. The close and - open option help mitigate this problem. close option will only cause - the close portion of the pam_selinux to execute, and open will only - cause the open portion to run. You can add pam_selinux to the config - file twice. Add the pam_selinux close as the executes the open pass - through the modules, pam_selinux open_session will happen last. - When PAM executes the close pass through the modules pam_selinux - close_session will happen first. - </para> - </refsect1> - - <refsect1 id="pam_selinux-options"> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>close</option> - </term> - <listitem> - <para> - Only execute the close_session portion of the module. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Turns on debugging via - <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>multiple</option> - </term> - <listitem> - <para> - Tells pam_selinux.so to allow the user to select the - security context they will login with, if the user has - more than one role. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>open</option> - </term> - <listitem> - <para> - Only execute the open_session portion of the module. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>nottys</option> - </term> - <listitem> - <para> - Do not try to setup the ttys security context. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>verbose</option> - </term> - <listitem> - <para> - attempt to inform the user when security context is set. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_selinux-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <option>session</option> service is supported. - </para> - </refsect1> - - <refsect1 id='pam_selinux-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Unable to get or set a valid context. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The security context was set successfull. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The user is not known to the system. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_selinux-examples'> - <title>EXAMPLES</title> - <programlisting> -auth required pam_unix.so -session required pam_permit.so -session optional pam_selinux.so - </programlisting> - </refsect1> - - <refsect1 id='pam_selinux-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_selinux-author'> - <title>AUTHOR</title> - <para> - pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. - </para> - </refsect1> - -</refentry> |