[Buildroot] [Buildroot PATCH Selinux v10 03/11] linux-pam: selinux system auth

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [Buildroot PATCH Selinux v10 03/11] linux-pam: selinux system auth
Date: Tue, 23 Feb 2016 22:31:02 +0100	[thread overview]
Message-ID: <20160223223102.2e02dbe6@free-electrons.com> (raw)
In-Reply-To: <1455603506-26138-3-git-send-email-niranjan.reddy@rockwellcollins.com>

Hello,

On Tue, 16 Feb 2016 11:48:18 +0530, Niranjan Reddy wrote:

> diff --git a/package/linux-pam/system-auth.pamd b/package/linux-pam/system-auth.pamd
> new file mode 100644
> index 0000000..2fa116a
> --- /dev/null
> +++ b/package/linux-pam/system-auth.pamd
> @@ -0,0 +1,15 @@
> +#%PAM-1.0
> +auth        required      pam_env.so
> +auth        sufficient    pam_unix.so
> +auth        required      pam_deny.so
> +
> +account     required      pam_unix.so
> +
> +#password    required      pam_cracklib.so try_first_pass retry=3
> +password    sufficient    pam_unix.so md5 shadow try_first_pass
> +password    required      pam_deny.so
> +
> +session     optional      pam_keyinit.so revoke
> +session     required      pam_limits.so
> +session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
> +session     required      pam_unix.so

This patch is just adding one file, which doesn't get used anywhere.
Yes, I know, it will be used in PATCH 4, but either it should be
squashed in PATCH 4 itself (which is reasonable since PATCH 4 isn't
that large), or if you want to keep it separate, indicate how it will
be used in the commit log, and explains what it is doing.

Remember: the people reviewing your code need to *understand* what's
going on, and are not necessarily selinux/pam experts. So you have to
give a sufficient amount of details.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

next prev parent reply	other threads:[~2016-02-23 21:31 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-16  6:18 [Buildroot] [Buildroot PATCH Selinux v10 01/11] dbus: selinux file context support Niranjan Reddy
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 02/11] linux-pam: selinux audit dependencies Niranjan Reddy
2016-02-23 21:29   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 03/11] linux-pam: selinux system auth Niranjan Reddy
2016-02-23 21:31   ` Thomas Petazzoni [this message]
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 04/11] linux-pam: selinux host dependencies Niranjan Reddy
2016-02-23 21:36   ` Thomas Petazzoni
2016-02-26  6:58     ` Niranjan Reddy
2016-02-26  8:17       ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 05/11] busybox: applets as individual binaries Niranjan Reddy
2016-02-23 21:47   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 06/11] policycoreutils: new package Niranjan Reddy
2016-02-23 22:03   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 07/11] qemu x86 selinux: base br defconfig Niranjan Reddy
2016-02-23 21:55   ` Thomas Petazzoni
2016-03-01  6:43     ` Niranjan Reddy
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 08/11] refpolicy: new package Niranjan Reddy
2016-02-23 22:25   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 09/11] python-pyparsing: Add host build option Niranjan Reddy
2016-02-23 21:50   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 10/11] util-linux: selinux, audit, and pam support Niranjan Reddy
2016-02-23 22:07   ` Thomas Petazzoni
2016-02-16  6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 11/11] qemu x86 selinux: added common selinux support files Niranjan Reddy
2016-02-23 21:25 ` [Buildroot] [Buildroot PATCH Selinux v10 01/11] dbus: selinux file context support Thomas Petazzoni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160223223102.2e02dbe6@free-electrons.com \
    --to=thomas.petazzoni@free-electrons.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.