Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/495235/?format=api
{ "id": 495235, "url": "http://patchwork.ozlabs.org/api/patches/495235/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/1436905227-26937-7-git-send-email-clayton.shotwell@rockwellcollins.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1436905227-26937-7-git-send-email-clayton.shotwell@rockwellcollins.com>", "list_archive_url": null, "date": "2015-07-14T20:20:18", "name": "[v9,06/15] linux-pam: selinux support", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": false, "hash": "9963e220edb00ddce2ee98630fb5b62eae7456ab", "submitter": { "id": 64481, "url": "http://patchwork.ozlabs.org/api/people/64481/?format=api", "name": "Clayton Shotwell", "email": "clayton.shotwell@rockwellcollins.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/1436905227-26937-7-git-send-email-clayton.shotwell@rockwellcollins.com/mbox/", "series": [], "comments": "http://patchwork.ozlabs.org/api/patches/495235/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/495235/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@busybox.net>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "buildroot@lists.busybox.net" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "buildroot@osuosl.org" ], "Received": [ "from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\tby ozlabs.org (Postfix) with ESMTP id 698AE140772\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 15 Jul 2015 06:21:15 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 9FDF0A43A1;\n\tTue, 14 Jul 2015 20:21:14 +0000 (UTC)", "from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 4IthQlLqxla9; Tue, 14 Jul 2015 20:21:09 +0000 (UTC)", "from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 2E54DA4386;\n\tTue, 14 Jul 2015 20:20:46 +0000 (UTC)", "from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 7243D1CE650\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:43 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 6AA359559B\n\tfor <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:43 +0000 (UTC)", "from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id rwootZ65unMu for <buildroot@lists.busybox.net>;\n\tTue, 14 Jul 2015 20:20:42 +0000 (UTC)", "from secvs02.rockwellcollins.com (secvs02.rockwellcollins.com\n\t[205.175.225.241])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 3D9069558D\n\tfor <buildroot@buildroot.org>; Tue, 14 Jul 2015 20:20:42 +0000 (UTC)", "from unknown (HELO crulimr02.rockwellcollins.com)\n\t([131.198.26.125])\n\tby secvs02.rockwellcollins.com with ESMTP; 14 Jul 2015 15:20:42 -0500" ], "X-Virus-Scanned": [ "amavisd-new at osuosl.org", "amavisd-new at osuosl.org" ], "X-Greylist": "domain auto-whitelisted by SQLgrey-1.7.6", "X-Received": "from thehammer.rockwellcollins.com (unknown [192.168.141.197])\n\tby crulimr02.rockwellcollins.com (Postfix) with ESMTP id 1B63460150; \n\tTue, 14 Jul 2015 15:20:42 -0500 (CDT)", "From": "Clayton Shotwell <clayton.shotwell@rockwellcollins.com>", "To": "buildroot@buildroot.org", "Date": "Tue, 14 Jul 2015 15:20:18 -0500", "Message-Id": "<1436905227-26937-7-git-send-email-clayton.shotwell@rockwellcollins.com>", "X-Mailer": "git-send-email 1.9.1", "In-Reply-To": "<1436905227-26937-1-git-send-email-clayton.shotwell@rockwellcollins.com>", "References": "<1436905227-26937-1-git-send-email-clayton.shotwell@rockwellcollins.com>", "Subject": "[Buildroot] [PATCH v9 06/15] linux-pam: selinux support", "X-BeenThere": "buildroot@busybox.net", "X-Mailman-Version": "2.1.18-1", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.busybox.net>", "List-Unsubscribe": "<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>", "List-Archive": "<http://lists.busybox.net/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@busybox.net>", "List-Help": "<mailto:buildroot-request@busybox.net?subject=help>", "List-Subscribe": "<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@busybox.net", "Sender": "\"buildroot\" <buildroot-bounces@busybox.net>" }, "content": "From: Matt Weber <matthew.weber@rockwellcollins.com>\n\nSigned-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>\nReviewed-by: Samuel Martin <s.martin49@gmail.com>\n\n---\nChanges v8 -> v9:\n - No changes\n\nChanges v7 -> v8:\n - Removed sub-shell around the config file install block and\n refactored the block to use absolute paths for the copying\n (Suggested by Samuel)\n - Changed the enable-db=no configure option to disable-db to be\n consistent with the rest of the configure options (Suggested by\n Samuel)\n\nChanges v6 -> v7:\n - Added missing host-pkgconf dependency and removed unneeded\n host-autoconf dependency(Clayton S.)\n\nChanges v5 -> v6:\n - No changes\n\nChanges v4 -> v5:\n - Dropping unneeded patch (Clayton S.)\n\nChanges v1 -> v4:\n - Did not exist\n---\n package/linux-pam/linux-pam.mk | 56 +++++++++++++++++++++++++++++++++++++-\n package/linux-pam/system-auth.pamd | 15 ++++++++++\n 2 files changed, 70 insertions(+), 1 deletion(-)\n create mode 100644 package/linux-pam/system-auth.pamd", "diff": "diff --git a/package/linux-pam/linux-pam.mk b/package/linux-pam/linux-pam.mk\nindex 26b627e..72ead8e 100644\n--- a/package/linux-pam/linux-pam.mk\n+++ b/package/linux-pam/linux-pam.mk\n@@ -8,6 +8,9 @@ LINUX_PAM_VERSION = 1.1.8\n LINUX_PAM_SOURCE = Linux-PAM-$(LINUX_PAM_VERSION).tar.bz2\n LINUX_PAM_SITE = http://linux-pam.org/library\n LINUX_PAM_INSTALL_STAGING = YES\n+\n+# lckpwdf is included with shadow\n+# cracklib and libdb are not currently present in buildroot\n LINUX_PAM_CONF_OPTS = \\\n \t--disable-prelude \\\n \t--disable-isadir \\\n@@ -15,8 +18,10 @@ LINUX_PAM_CONF_OPTS = \\\n \t--disable-db \\\n \t--disable-regenerate-docu \\\n \t--enable-securedir=/lib/security \\\n+\t--disable-cracklib \\\n \t--libdir=/lib\n-LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf\n+\n+LINUX_PAM_DEPENDENCIES = flex host-flex host-pkgconf host-linux-pam\n LINUX_PAM_AUTORECONF = YES\n LINUX_PAM_LICENSE = BSD-3c\n LINUX_PAM_LICENSE_FILES = Copyright\n@@ -26,12 +31,61 @@ LINUX_PAM_DEPENDENCIES += gettext\n LINUX_PAM_MAKE_OPTS += LIBS=-lintl\n endif\n \n+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)\n+\tLINUX_PAM_CONF_OPTS += --enable-selinux\n+\tLINUX_PAM_DEPENDENCIES += libselinux\n+else\n+\tLINUX_PAM_CONF_OPTS += --disable-selinux\n+endif\n+\n+ifeq ($(BR2_PACKAGE_AUDIT),y)\n+\tLINUX_PAM_CONF_OPTS += --enable-audit\n+\tLINUX_PAM_DEPENDENCIES += audit\n+else\n+\tLINUX_PAM_CONF_OPTS += --disable-audit\n+endif\n+\n # Install default pam config (deny everything)\n define LINUX_PAM_INSTALL_CONFIG\n \t$(INSTALL) -m 0644 -D package/linux-pam/other.pam \\\n \t\t$(TARGET_DIR)/etc/pam.d/other\n endef\n \n+# Use the host-pam pam_conv1 app to create the pam.d files\n+define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL\n+\tif [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \\\n+\t\tmv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \\\n+\tfi; \\\n+\tcd $(TARGET_DIR)/etc/ && \\\n+\tcat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \\\n+\tif [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \\\n+\t\tcp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \\\n+\t\trm -rf $(TARGET_DIR)/etc/pam.d/; \\\n+\t\tmv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \\\n+\tfi;\n+\t$(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth\n+endef\n+\n+LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL\n LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG\n \n+HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf\n+\n+HOST_LINUX_PAM_CONF_OPTS = --disable-rpath \\\n+ --enable-read-both-confs \\\n+ --disable-regenerate-docu \\\n+ --disable-isadir \\\n+ --disable-nis \\\n+ --enable-securedir=/lib/security \\\n+ --disable-prelude \\\n+ --disable-cracklib \\\n+ --disable-lckpwdf \\\n+ --disable-db \\\n+ --disable-selinux \\\n+ --disable-audit \\\n+\n+define HOST_LINUX_PAM_INSTALL_CMDS\n+\t$(INSTALL) -m 755 $(@D)/conf/pam_conv1/pam_conv1 $(HOST_DIR)/usr/bin/\n+endef\n $(eval $(autotools-package))\n+$(eval $(host-autotools-package))\ndiff --git a/package/linux-pam/system-auth.pamd b/package/linux-pam/system-auth.pamd\nnew file mode 100644\nindex 0000000..2fa116a\n--- /dev/null\n+++ b/package/linux-pam/system-auth.pamd\n@@ -0,0 +1,15 @@\n+#%PAM-1.0\n+auth required pam_env.so\n+auth sufficient pam_unix.so\n+auth required pam_deny.so\n+\n+account required pam_unix.so\n+\n+#password required pam_cracklib.so try_first_pass retry=3\n+password sufficient pam_unix.so md5 shadow try_first_pass\n+password required pam_deny.so\n+\n+session optional pam_keyinit.so revoke\n+session required pam_limits.so\n+session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid\n+session required pam_unix.so\n", "prefixes": [ "v9", "06/15" ] }