Hello community, here is the log from the commit of package pam-config for openSUSE:Factory checked in at 2019-12-02 11:33:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam-config (Old) and /work/SRC/openSUSE:Factory/.pam-config.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pam-config" Mon Dec 2 11:33:21 2019 rev:82 rq:751482 version:1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/pam-config/pam-config.changes 2019-08-27 15:21:00.120852470 +0200 +++ /work/SRC/openSUSE:Factory/.pam-config.new.4691/pam-config.changes 2019-12-02 11:37:58.370456029 +0100 @@ -1,0 +2,8 @@ +Mon Nov 25 08:02:48 UTC 2019 - Josef Möllers <josef.moellers@suse.com> + +- Prevent systemd-user to call pam_mount when opening/closing a + (PAM) session as it drops privileges in between and so when closing + it may be unable to undo things set up during opening. + [bsc#1153630, bsc1153630-prevent-systemd-pam_mount.patch] + +------------------------------------------------------------------- New: ---- bsc1153630-prevent-systemd-pam_mount.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam-config.spec ++++++ --- /var/tmp/diff_new_pack.YKxR2g/_old 2019-12-02 11:37:58.846456129 +0100 +++ /var/tmp/diff_new_pack.YKxR2g/_new 2019-12-02 11:37:58.850456130 +0100 @@ -24,6 +24,7 @@ Group: System/Management URL: https://github.com/SUSE/pam-config Source: %{name}-%{version}.tar.xz +Patch1: bsc1153630-prevent-systemd-pam_mount.patch PreReq: pam >= 1.3.0 %description @@ -36,6 +37,8 @@ %prep %setup -q +%patch1 -p1 + %build %configure make %{?_smp_mflags} ++++++ bsc1153630-prevent-systemd-pam_mount.patch ++++++ Index: pam-config-1.2/src/mod_pam_mount.c =================================================================== --- pam-config-1.2.orig/src/mod_pam_mount.c +++ pam-config-1.2/src/mod_pam_mount.c @@ -135,7 +135,12 @@ write_config_mount ( pam_module_t *this } /* pam_thinkfinger.so is not enabled so we can safely add * pam_mount.so + * We'll also add a line preventing systemd-user from invoking pam_mount.so as it + * causes problems at least when (trying) to umount a user partition as it drops privileges between + * opening and closing a (PAM) session. + * Note that this doesn't break anything if systemd is not used. */ + fprintf(fp, "session [success=1 default=ignore]\tpam_succeed_if.so\tservice = systemd-user\n"); fprintf (fp, "session optional\tpam_mount.so\n"); } return close_service_file (fp,gl_service);