From cfecf6487bfe63c06db44e073f80f83eed292db6 Mon Sep 17 00:00:00 2001 From: Philippe Coval Date: Tue, 1 Jul 2014 18:50:33 +0200 Subject: [PATCH] extra fix to avoid root and display sessions This prevent not wanted systemd --user as root once root logs in Bug-Tizen: TC-1357/related Bug-Tizen: TC-211/related Change-Id: I4c5a51670ccaaeef3ea4d33a831399fa373af0f4 Signed-off-by: Philippe Coval --- scripts/base-general.post | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scripts/base-general.post b/scripts/base-general.post index 8660083..c5484c6 100644 --- a/scripts/base-general.post +++ b/scripts/base-general.post @@ -18,6 +18,20 @@ diff -urN bad/etc/pam.d/systemd-user good/etc/pam.d/systemd-user password required pam_deny.so EOF +# extra fix to avoid root and display sessions +patch -p1 -d/ <<'EOF' +--- bad/etc/pam.d/system-auth 2014-04-07 06:16:51.888018876 -0700 ++++ good/etc/pam.d/system-auth 2014-04-07 06:16:46.335018503 -0700 +@@ -11,7 +11,6 @@ + password required pam_deny.so + + session optional pam_keyinit.so revoke +-session optional pam_systemd.so + session required pam_limits.so + session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid + session required pam_unix.so +EOF + # create appfw dirs inside homes for user in app; do for appdir in desktop manifest dbspace; do -- 2.7.4