[Buildroot] [PATCH 05/10] linux-pam: add support for SELinux

Ryan Barnett rjbarnet at rockwellcollins.com
Fri Sep 6 01:04:19 UTC 2013


Added patches to fix issues with linux-pam's audit support and to
correctly install pam_sepermit.

Signed-off-by: Ryan Barnett <rjbarnet at rockwellcollins.com>
---
 ...t_log_acct_message_return_value_check_fix.patch |   16 ++++++++++++++++
 ...inux-pam-sepermit-install-path-correction.patch |   11 +++++++++++
 package/linux-pam/linux-pam.mk                     |   14 ++++++++++++++
 3 files changed, 41 insertions(+), 0 deletions(-)
 create mode 100644 package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
 create mode 100644 package/linux-pam/linux-pam-sepermit-install-path-correction.patch

diff --git a/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch b/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
new file mode 100644
index 0000000..d819f08
--- /dev/null
+++ b/package/linux-pam/linux-pam-audit_log_acct_message_return_value_check_fix.patch
@@ -0,0 +1,16 @@
+--- a/libpam/pam_audit.c	2011-06-21 04:04:56.000000000 -0500
++++ b/libpam/pam_audit.c	2012-09-12 08:55:26.000000000 -0500
+@@ -41,11 +41,11 @@
+      an official errno number, but must not. It can also be a audit
+      internal error code. Which makes errno useless :-((. Try the
+      best to fix it. */
+-  errno = -rc;
++  errno = rc;
+ 
+   pamh->audit_state |= PAMAUDIT_LOGGED;
+ 
+-  if (rc < 0) {
++  if (rc <= 0) {
+       if (rc == -EPERM && getuid() != 0)
+           return 0;
+       if (errno != old_errno) {
diff --git a/package/linux-pam/linux-pam-sepermit-install-path-correction.patch b/package/linux-pam/linux-pam-sepermit-install-path-correction.patch
new file mode 100644
index 0000000..23b6ff8
--- /dev/null
+++ b/package/linux-pam/linux-pam-sepermit-install-path-correction.patch
@@ -0,0 +1,11 @@
+--- a/modules/pam_sepermit/Makefile.am	2012-08-15 06:08:43.000000000 -0500
++++ b/modules/pam_sepermit/Makefile.am	2013-08-22 15:53:22.792515096 -0500
+@@ -35,7 +35,7 @@
+   securelib_LTLIBRARIES = pam_sepermit.la
+ 
+ install-data-local:
+-	mkdir -p $(sepermitlockdir)
++	mkdir -p $(DESTDIR)/$(sepermitlockdir)
+ endif
+ if ENABLE_REGENERATE_MAN
+ noinst_DATA = README pam_sepermit.8 sepermit.conf.5
diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk
index 4472cd4..022031b 100644
--- a/package/linux-pam/linux-pam.mk
+++ b/package/linux-pam/linux-pam.mk
@@ -26,4 +26,18 @@ ifeq ($(BR2_NEEDS_GETTEXT_IF_LOCALE),y)
 	LINUX_PAM_MAKE_OPT += LIBS=-lintl
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+	PAM_CONF_OPT += --enable-selinux
+	PAM_DEPENDENCIES += libselinux
+else
+	PAM_CONF_OPT += --disable-selinux
+endif
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+	PAM_DEPENDENCIES += audit
+	PAM_CONF_OPT += --enable-audit
+else
+	PAM_CONF_OPT += --disable-audit
+endif
+
 $(eval $(autotools-package))
-- 
1.7.1




More information about the buildroot mailing list