From 130d09b8e7ed356f728fc6b67a71633ab018a83a Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Tue, 10 Sep 2019 20:41:10 +0000
Subject: pam-arch: Restrict greeter service to the gdm user

Copied from pam-exherbo.
---
 data/pam-arch/gdm-launch-environment.pam | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'data/pam-arch')

diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
index 89521472..d59c9cb9 100644
--- a/data/pam-arch/gdm-launch-environment.pam
+++ b/data/pam-arch/gdm-launch-environment.pam
@@ -1,10 +1,13 @@
 auth     required  pam_env.so
+auth     required  pam_succeed_if.so audit quiet_success user = gdm
 auth     optional  pam_permit.so
 
+account  required  pam_succeed_if.so audit quiet_success user = gdm
 account  optional  pam_permit.so
 
 password required  pam_deny.so
 
 session  optional  pam_keyinit.so force revoke
+session  required  pam_succeed_if.so audit quiet_success user = gdm
 session  required  pam_systemd.so
 session  optional  pam_permit.so
-- 
cgit v1.2.1