From 5ea6d47931e49aa8b87405f5dbd9af4e19785e0e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 18 Jun 2006 08:26:58 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- 2006-06-18 Thorsten Kukuk * modules/pam_selinux/Makefile.am: Include Make.xml.rules. * modules/pam_selinux/pam_selinux.8.xml: New. * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. * modules/pam_selinux/README.xml: New. * modules/pam_selinux/README: Regenerated from xml file. --- modules/pam_selinux/pam_selinux.8.xml | 207 ++++++++++++++++++++++++++++++++++ 1 file changed, 207 insertions(+) create mode 100644 modules/pam_selinux/pam_selinux.8.xml (limited to 'modules/pam_selinux/pam_selinux.8.xml') diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml new file mode 100644 index 00000000..1f00f082 --- /dev/null +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -0,0 +1,207 @@ + + + + + + + pam_selinux + 8 + Linux-PAM Manual + + + + pam_selinux + PAM module to set the default security context + + + + + pam_selinux.so + + close + + + debug + + + multiple + + + open + + + nottys + + + verbose + + + + + + DESCRIPTION + + In a nutshell, pam_selinux sets up the default security context for the + next execed shell. + + + When an application opens a session using pam_selinux, the shell that + gets executed will be run in the default security context, or if the + user chooses and the pam file allows the selected security context. + Also the controlling tty will have it's security context modified to + match the users. + + + Adding pam_selinux into a pam file could cause other pam modules to + change their behavior if the exec another application. The close and + open option help mitigate this problem. close option will only cause + the close portion of the pam_selinux to execute, and open will only + cause the open portion to run. You can add pam_selinux to the config + file twice. Add the pam_selinux close as the executes the open pass + through the modules, pam_selinux open_session will happen last. + When PAM executes the close pass through the modules pam_selinux + close_session will happen first. + + + + + OPTIONS + + + + + + + + Only execute the close_session portion of the module. + + + + + + + + + + Turns on debugging via + + syslog3 + . + + + + + + + + + + Tells pam_selinux.so to allow the user to select the + security context they will login with, if the user has + more than one role. + + + + + + + + + + Only execute the open_session portion of the module. + + + + + + + + + + Do not try to setup the ttys security context. + + + + + + + + + + attempt to inform the user when security context is set. + + + + + + + + MODULE SERVICES PROVIDED + + Only the service is supported. + + + + + RETURN VALUES + + + PAM_AUTH_ERR + + + Unable to get or set a valid context. + + + + + PAM_SUCCESS + + + The security context was set successfull. + + + + + PAM_USER_UNKNOWN + + + The user is not known to the system. + + + + + + + + EXAMPLES + +auth required pam_unix.so +session required pam_permit.so +session optional pam_selinux.so + + + + + SEE ALSO + + + pam.conf5 + , + + pam.d8 + , + + pam8 + + + + + + AUTHOR + + pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. + + + + -- cgit v1.2.3