Package Details: pam-selinux 1.6.1-3

Git Clone URL: https://aur.archlinux.org/pam-selinux.git (read-only, click to copy)
Package Base: pam-selinux
Description: SELinux aware PAM (Pluggable Authentication Modules) library
Upstream URL: http://linux-pam.org
Keywords: selinux
Licenses: GPL-2.0-only
Groups: selinux
Conflicts: pam, selinux-pam
Provides: libpam.so, libpamc.so, libpam_misc.so, pam, selinux-pam
Submitter: Siosm
Maintainer: IooNag
Last Packager: IooNag
Votes: 22
Popularity: 0.001492
First Submitted: 2013-11-03 20:05 (UTC)
Last Updated: 2024-09-07 13:41 (UTC)

Required by (838)

Sources (2)

Pinned Comments

IooNag commented on 2021-10-10 19:27 (UTC)

WARNING: When upgrading a system using pam-selinux, it is recommended to keep a root shell open in a different session/terminal to fix issues, as the authentication system could break when a dependency is updated. For example when libnsl 2.0.0 was released, /usr/lib/security/pam_unix.so could no longer be loaded and pam-selinux needed to be rebuilt/updated in order to fix the authentication system.

Latest Comments

1 2 3 4 5 Next › Last »

IooNag commented on 2021-12-02 20:03 (UTC) (edited on 2021-12-02 20:04 (UTC) by IooNag)

AkechiShiro: this key is part of the GPG key 296D6F29A020808E8717A8842DB5BD89A340AEB7 owned by "Dmitry V. Levin ldv@altlinux.org". You can find it on https://keyserver.ubuntu.com/pks/lookup?search=0x296D6F29A020808E8717A8842DB5BD89A340AEB7&fingerprint=on&op=index and I mirrored it in https://github.com/archlinuxhardened/selinux/blob/master/_pgp_cache/296D6F29A020808E8717A8842DB5BD89A340AEB7.asc . To fix your issue, you can use one of the following command (whichever works on your system/network):

gpg --recv-key 0x296D6F29A020808E8717A8842DB5BD89A340AEB7
curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x296d6f29a020808e8717a8842db5bd89a340aeb7' | gpg --import
curl 'https://raw.githubusercontent.com/archlinuxhardened/selinux/master/_pgp_cache/296D6F29A020808E8717A8842DB5BD89A340AEB7.asc' | gpg --import

AkechiShiro commented on 2021-11-18 23:44 (UTC)

I'm hitting this error : Linux-PAM-1.5.2.tar.xz ... FAILED (unknown public key A8041FA839E16E36) could someone tell me how should I solve this ?

IooNag commented on 2021-10-10 19:27 (UTC)

WARNING: When upgrading a system using pam-selinux, it is recommended to keep a root shell open in a different session/terminal to fix issues, as the authentication system could break when a dependency is updated. For example when libnsl 2.0.0 was released, /usr/lib/security/pam_unix.so could no longer be loaded and pam-selinux needed to be rebuilt/updated in order to fix the authentication system.

NobodyDBG commented on 2021-10-03 14:08 (UTC)

Hi, after install this update I can't get login in system. I'm tried with Arch-Chroot but when I try "su user" the terminal shows "No modules". Can't rebuild it because makepkg don't work as root.

Any solution how to fix it. I read this warning to late.

leuko commented on 2021-09-16 21:38 (UTC)

libnsl got updated, so this package has to be recompiled. Otherwise you may not be able to login due to PAM errors.

IooNag commented on 2021-04-30 20:36 (UTC)

yar: there was indeed a bug in the PKGBUILD of pam-selinux. I probably fixed it in https://aur.archlinux.org/cgit/aur.git/commit/?h=pam-selinux&id=b156403746cf6d81e6737e8151faecaea7d0c627 and now pam-selinux package declares that it provides libpam.so=0-64. Does it fix your issue?

yar commented on 2021-04-30 06:42 (UTC) (edited on 2021-04-30 06:44 (UTC) by yar)

resolving dependencies...
looking for conflicting packages...
warning: removing 'pam' from target list because it conflicts with 'pam-selinux'
error: failed to prepare transaction (could not satisfy dependencies)
:: unable to satisfy dependency 'libpam.so=0-64' required by xscreensaver

This seems to conflict with xscreensaver now that they depend on libpam.so https://github.com/archlinux/svntogit-packages/commit/99c589cbcf3a1527a6751cf0d8ef2f298a036896

I'm not sure how to resolve this.

JoSSa commented on 2019-03-19 12:17 (UTC)

Yes, using 4.20.16.a-1-hardened. I have not been using linux-selinux anymore.

IooNag commented on 2019-03-17 14:19 (UTC)

JoSSa: which kernel are you using? On the virtual machine that I am using for tests, "passwd vagrant" works fine with linux-selinux (4.19.9.arch1-1) but not with linux-hardened (version 4.20.16.a-1-hardened). On this second kernel:

strace -e execve -f -s1024 passwd vagrant

execve("/usr/bin/passwd", ["passwd", "vagrant"], 0x7a1596282228 / 33 vars /) = 0 strace: Process 422 attached [pid 422] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "nullok"], 0x63ffd6b553e0 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 422] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGSEGV, si_utime=3, si_stime=14} --- strace: Process 423 attached [pid 423] execve("/usr/bin/unix_chkpwd", ["/usr/bin/unix_chkpwd", "vagrant", "chkexpiry"], 0x63ffd6b513a8 / 0 vars /) = -1 ENOMEM (Cannot allocate memory) [pid 423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 423] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGSEGV, si_utime=1, si_stime=15} --- passwd: Authentication failure passwd: password unchanged +++ exited with 10 +++

What could make execve() syscall return ENOMEM?

JoSSa commented on 2019-03-02 03:56 (UTC)

Successfully compiled. But when I use "passwd <someuser>" as root, I get:

passwd: Authentication failure passwd: password unchanged

even in selinux permissive mode. In the log file the error is (XXXX is my machine hostname):

Mar 01 22:46:23 XXXXX audit[1065]: ANOM_ABEND auid=1000 uid=0 gid=0 ses=3 subj=staff_u:staff_r:chkpwd_t:s0 pid=1065 comm="unix_chkpwd" exe="/usr/bin/unix_chkpwd" sig=11 res=1 Mar 01 22:46:23 XXXXX passwd[1063]: pam_unix(passwd:chauthtok): unix_chkpwd abnormal exit: 11