Home Explore Help
Sign In
Qubes
/
core-agent-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

archlinux: restore setup of pam.d/su-l

qubes-gui agent calls su-l instead of initializing its own pam
session such as qrexec.
pam.d/su-l qubes specific configuration must be restored to ensure
that the user login session is properly initialized:
https://github.com/QubesOS/qubes-issues/issues/3185
Olivier MEDOC 6 years ago
parent
0f3084ff2a
commit
5971cdd5bc
3 changed files with 14 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      archlinux/PKGBUILD
  2. 2 1
      archlinux/PKGBUILD-qubes-pacman-options.conf
  3. 11 0
      archlinux/PKGBUILD.install

+ 1 - 1
archlinux/PKGBUILD
View File 

@@ -3,7 +3,7 @@
 
 # shellcheck disable=SC2034
 
 pkgname=qubes-vm-core
 
 pkgver=$(cat version)
 
-pkgrel=12
 
+pkgrel=13
 
 epoch=
 
 pkgdesc="The Qubes core files for installation inside a Qubes VM."
 
 arch=("x86_64")

+ 2 - 1
archlinux/PKGBUILD-qubes-pacman-options.conf
View File 

@@ -1 +1,2 @@
 
-[options]
 
+[options]
 
+NoUpgrade = etc/pam.d/su-l

+ 11 - 0
archlinux/PKGBUILD.install
View File 

@@ -315,6 +315,17 @@ update_finalize() {
 
 
     /usr/lib/qubes/update-proxy-configs
 
 
+    # Archlinux specific: Update pam.d configuration for su to enable systemd-login wrapper
 
+    # This is required as qubes-gui agent calls xinit with su -l user without initializing properly
 
+    # the user session.
 
+    # pam_unix.so can also be removed from su configuration
 
+    # as system-login (which include system-auth) already gives pam_unix.so
 
+    # with more appropriate parameters (fix the missing nullok parameter)
 
+    if grep -q pam_unix.so /etc/pam.d/su; then
 
+        echo "Fixing pam.d"
 
+	cp /etc/pam.d/qrexec /etc/pam.d/su-l
 
+    fi
 
+
 
     # Archlinux specific: ensure tty1 is enabled
 
     rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
 
     systemctl enable getty\@tty1.service