proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 15:27:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert "Revert "pam: create writable cgroups for unpriv users""

Browse Source 
This reverts commit 79cf25e826.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2018-02-26 16:54:57 +01:00
parent e72d2f5a81
commit 7ac43d3d21
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
3 changed files with 2642 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
configure.ac
View File

@ -607,6 +607,35 @@ else
fi
AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
AC_ARG_WITH(
[pamdir],
[AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM modules are stored,
or "none" if PAM modules are not to be built])],
[pamdir="${withval}"],
[
if test "${prefix}" = "/usr"; then
pamdir="/lib${libdir##*/lib}/security"
else
pamdir="\$(libdir)/security"
fi
]
)
AM_CONDITIONAL([HAVE_PAM], [test x"$pamdir" != "xnone"])
if test "z$pamdir" != "znone"; then
AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
AC_CHECK_LIB(
[pam],
[pam_authenticate],
[PAM_LIBS="-lpam"],
[AC_MSG_ERROR([*** libpam not found.])
])
AC_SUBST(PAM_LIBS)
AC_SUBST([pamdir])
fi
# Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include <sys/prctl.h>])
@ -926,6 +955,9 @@ Security features:
- seccomp: $enable_seccomp
- SELinux: $enable_selinux
PAM:
- cgroup PAM module: $pamdir
Bindings:
- lua: $enable_lua
- python3: $enable_python

15
src/lxc/Makefile.am
View File

@ -305,6 +305,14 @@ init_lxc_static_LDADD = @CAP_LIBS@
init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF
endif
if HAVE_PAM
pam_LTLIBRARIES = pam_cgfs.la
pam_cgfs_la_SOURCES = pam/pam_cgfs.c macro.h
pam_cgfs_la_CFLAGS = $(AM_CFLAGS)
pam_cgfs_la_LIBADD = $(AM_LIBS) $(PAM_LIBS) -L$(top_srcdir)
pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) -module -avoid-version -shared
endif
install-exec-local: install-libLTLIBRARIES
mkdir -p $(DESTDIR)$(datadir)/lxc
install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
@ -319,3 +327,10 @@ install-exec-hook:
uninstall-local:
$(RM) $(DESTDIR)$(libdir)/liblxc.so*
if HAVE_PAM
$(RM) $(DESTDIR)$(pamdir)/pam_cgfs.so*
install-data-hook: install-pamLTLIBRARIES
$(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.la"
$(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.a"
endif

2595
src/lxc/pam/pam_cgfs.c Normal file
View File

File diff suppressed because it is too large Load Diff