Djam/pam
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/pam.git synced 2025-02-23 08:22:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
pam/pam-1.2.0-fix-running-in-containers.patch
Andrey Bondrov 0c0a8a017b New version 1.3.0 
Re-diff patches
2016-09-19 17:31:47 +10:00

56 lines
2.7 KiB
Diff
Raw Blame History

--- Linux-PAM-1_2_0/libpam/pam_audit.c.omv~ 2015-06-11 17:17:49.768740173 +0200
+++ Linux-PAM-1_2_0/libpam/pam_audit.c 2015-06-11 17:18:27.654412940 +0200
@@ -70,9 +70,10 @@ _pam_audit_open(pam_handle_t *pamh)
audit_fd = audit_open();
if (audit_fd < 0) {
/* You get these error codes only when the kernel doesn't have
- * audit compiled in. */
+ * audit compiled in. EPERM happens when running inside a container
+ * (e.g. systemd-nspawn, docker) */
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
+ errno == EAFNOSUPPORT || errno == EPERM)
return -2;
/* this should only fail in case of extreme resource shortage,
--- Linux-PAM-1_2_0/modules/pam_loginuid/pam_loginuid.c.omv~ 2015-06-11 17:19:12.543025498 +0200
+++ Linux-PAM-1_2_0/modules/pam_loginuid/pam_loginuid.c 2015-06-11 17:19:44.274751787 +0200
@@ -117,9 +117,10 @@ static int check_auditd(void)
/* This is here to let people that build their own kernel
and disable the audit system get in. You get these error
codes only when the kernel doesn't have audit
- compiled in. */
+ compiled in. EPERM is when running inside systemd-nspawn
+ or docker. */
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
+ errno == EAFNOSUPPORT || errno == EPERM)
return PAM_SUCCESS;
return PAM_SESSION_ERR;
}
--- Linux-PAM-1_2_0/modules/pam_tally2/pam_tally2.c.omv~ 2015-06-11 17:18:49.540224003 +0200
+++ Linux-PAM-1_2_0/modules/pam_tally2/pam_tally2.c 2015-06-11 17:19:05.000090583 +0200
@@ -517,7 +517,7 @@ tally_check (tally_t oldcnt, time_t oldt
audit_fd = audit_open();
/* If there is an error & audit support is in the kernel report error */
if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT))
+ errno == EAFNOSUPPORT || errno == EPERM))
return PAM_SYSTEM_ERR;
(void)pam_get_item(pamh, PAM_TTY, &tty);
(void)pam_get_item(pamh, PAM_RHOST, &rhost);
--- Linux-PAM-1_2_0/modules/pam_unix/unix_chkpwd.c.omv~ 2015-06-11 17:20:06.152563149 +0200
+++ Linux-PAM-1_2_0/modules/pam_unix/unix_chkpwd.c 2015-06-11 17:20:29.964357904 +0200
@@ -66,9 +66,10 @@ static int _audit_log(int type, const ch
audit_fd = audit_open();
if (audit_fd < 0) {
/* You get these error codes only when the kernel doesn't have
- * audit compiled in. */
+ * audit compiled in. EPERM is when running inside docker or
+ * systemd-nspawn. */
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
+ errno == EAFNOSUPPORT || errno == EPERM)
return PAM_SUCCESS;
helper_log_err(LOG_CRIT, "audit_open() failed: %m");
Reference in a new issue View git blame Copy permalink