Merge pull request #73596 from 89luca89/fix/linux_pam_tmpfiles

89luca89 · web-flow · commit 00b09eec6d4e · 2025-12-03T18:26:28.000+01:00
fix: add tmpfiles for faillock dirs
diff --git a/linux-pam.yaml b/linux-pam.yaml
@@ -1,10 +1,13 @@
 package:
   name: linux-pam
   version: "1.7.1"
-  epoch: 2
+  epoch: 3
   description: Linux PAM (Pluggable Authentication Modules for Linux)
   copyright:
     - license: BSD-3-Clause
+  checks:
+    disabled:
+      - setuidgid
   dependencies:
     runtime:
       - merged-usrsbin
@@ -52,12 +55,16 @@ pipeline:
       done
 
       # make "unix_chkpwd" shadow group and enable g+s
-      chgrp shadow ${{targets.destdir}}/bin/unix_chkpwd \
-        && chmod g+s ${{targets.destdir}}/bin/unix_chkpwd
+      chgrp shadow ${{targets.destdir}}/usr/bin/unix_chkpwd \
+        && chmod g+s ${{targets.destdir}}/usr/bin/unix_chkpwd
 
       # Don't ship /var/run
       rm -r ${{targets.destdir}}/var/run
 
+      # Copy tmpfile template
+      mkdir -p ${{targets.destdir}}/usr/lib/tmpfiles.d/
+      mv pam-faillock.conf ${{targets.destdir}}/usr/lib/tmpfiles.d/
+
 subpackages:
   - name: linux-pam-dev
     pipeline:
diff --git a/linux-pam/pam-faillock.conf b/linux-pam/pam-faillock.conf
@@ -0,0 +1,3 @@
+ # Create faillock directory with correct SELinux context                        
+ d /var/log/faillock 0700 root root - -                                          
+ Z /var/log/faillock - - - - -     

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ # Create faillock directory with correct SELinux context`
	`2`	`+ d /var/log/faillock 0700 root root - -`
	`3`	`+ Z /var/log/faillock - - - - -`