diff options
| author | Luca Boccassi <bluca@debian.org> | 2022-12-07 13:01:50 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-07 13:01:50 +0100 |
| commit | 87edf80b1b137cef718dbcf94df4be0856c297cb (patch) | |
| tree | a2ca71622783e17e666a61481631912c76e5552d /src/login | |
| parent | 47c57b4813c81187db86ed6e33ecf11f8a25825a (diff) | |
| parent | 0ef48896d9f23b9fd547a532a4e6e6b8f8b12901 (diff) | |
| download | systemd-87edf80b1b137cef718dbcf94df4be0856c297cb.tar.gz | |
Merge pull request #25502 from keszybz/pam-namespace-add
Add pam_namespace to user@.service pam stack
Diffstat (limited to 'src/login')
| -rw-r--r-- | src/login/systemd-user.in | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in index 39bcbd71fe..06f7e36458 100644 --- a/src/login/systemd-user.in +++ b/src/login/systemd-user.in @@ -4,18 +4,19 @@ # Used by systemd --user instances. {% if ENABLE_HOMED %} --account sufficient pam_systemd_home.so +-account sufficient pam_systemd_home.so {% endif %} -account sufficient pam_unix.so no_pass_expiry -account required pam_permit.so +account sufficient pam_unix.so no_pass_expiry +account required pam_permit.so {% if HAVE_SELINUX %} -session required pam_selinux.so close -session required pam_selinux.so nottys open +session required pam_selinux.so close +session required pam_selinux.so nottys open {% endif %} -session required pam_loginuid.so -session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session required pam_namespace.so {% if ENABLE_HOMED %} --session optional pam_systemd_home.so +-session optional pam_systemd_home.so {% endif %} -session optional pam_systemd.so +session optional pam_systemd.so |