morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity
79,669 Commits 1 Branch 0 Tags
9a4f9e84c4ba79f39c7f5ab4b4d1a099a7496d52
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lennart Poettering 9a4f9e84c4 pam_systemd_home: tweak order in authentication stack 
Let's move pam_systemd_home before pam_unix in the authentication hook.

Since a while we are exposing shadow entries for homed log entries via
NSS. This means that pam_unix now potentially has enough data for
authenticating a user on its own, without letting pam_systemd_home do
that. This is superficially OK, but also means that authentication will
always go via password, even if pkcs11/fido2 is registered.

Let's move this around, but be careful about it: let's list the precise
errors which we think are enough to terminating further PAM processing,
so that pam_unix comes into control in all cases where it's not clear
that pam_systemd_home owns the user record.

This previously wasn't visible to me, because on Fedora until authselect
1.5.1 (released earleir this year) the NSS shadow stuff was not enabled.

This does the same also for the "account" stack, except that the order
there already was as we want it.

Finally, shorten the account stack, by just requiring pam_unix.so and
dropping pam_permit.so, because it doesn't really serve much purpose
(and Fedora doesn't use it by default either.)
2025-02-26 18:12:08 +01:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
mkosi: Update to latest
2025-02-26 14:58:39 +01:00
.obs
obs: trigger systemd-suse instead of systemd-fedora
2025-02-18 23:10:00 +00:00
.semaphore
Revert "semaphore: skip some tests"
2024-12-13 23:43:28 +00:00
catalog
catalog: assign a proper message ID for mounts on symlinked paths
2025-02-18 13:49:24 +01:00
coccinelle
coccinelle: add .gitignore for cache files
2025-01-19 08:27:47 +09:00
docs
efivars: kill SystemdOptions efi var support
2025-02-26 17:28:43 +01:00
factory
pam_systemd_home: tweak order in authentication stack
2025-02-26 18:12:08 +01:00
hwdb.d
hostnamed: expose ChassisAssetTag in dbus/varlink
2025-02-26 11:29:25 +01:00
LICENSES
boot: Add HWID calculation from SMBIOS strings and matching against a built-in list
2024-11-05 22:29:58 +03:00
man
pam_systemd_home: tweak order in authentication stack
2025-02-26 18:12:08 +01:00
mime
creds-util: add a concept of "user-scoped" credentials
2024-01-30 17:07:47 +01:00
mkosi.conf.d
mkosi: add libapparmor1 to package list for opensuse
2025-02-21 22:35:44 +00:00
mkosi.coverage
mkosi: Make sure the /coverage directory exists
2024-12-05 22:03:07 +01:00
mkosi.extra
mkosi: move drop-in config for sanitizers
2024-12-10 09:46:29 +09:00
mkosi.extra.common
issue: add trailing empty line
2025-02-19 16:08:39 +01:00
mkosi.images
mkosi: update fedora commit reference
2025-02-25 19:30:42 +01:00
mkosi.repart
mkosi: switch rootfs to ext4
2025-01-22 22:50:52 +00:00
mkosi.sanitizers
mkosi: wrap several more commands when running on sanitizers
2025-02-14 11:54:56 +00:00
mkosi.uki-profiles
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network: mark container/VM/namespace networks as not required for online + disable DHCP lease persistency
2025-02-09 19:37:38 +09:00
po
po: Translated using Weblate (Interlingua)
2025-02-18 03:43:59 +09:00
presets
integritysetup: add remote-integritysetup.target to match remote-{crypt|verity}setup.target
2025-02-25 21:40:05 +01:00
profile.d
profile.d: don't bail if $SHELL_* variables are unset
2024-12-11 18:33:41 +00:00
rules.d
hostnamed: expose ChassisAssetTag in dbus/varlink
2025-02-26 11:29:25 +01:00
shell-completion
shell completion: add kernel-identify/inspect verbs for bootctl
2025-02-18 21:40:29 +00:00
src
pam_systemd_home: tweak order in authentication stack
2025-02-26 18:12:08 +01:00
sysctl.d
sysctl.d: Fix pid_max comment
2023-10-31 13:07:49 +01:00
sysusers.d
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
test
pam_systemd_home: tweak order in authentication stack
2025-02-26 18:12:08 +01:00
tmpfiles.d
Revert "link README.logs from tmpfiles.d/legacy.conf only if available"
2024-11-29 14:18:15 +01:00
tools
tools/dbus_exporter: set LD_ORIGIN_PATH if procfs is not available
2025-02-20 10:46:23 +00:00
units
integritysetup: add remote-integritysetup.target to match remote-{crypt|verity}setup.target
2025-02-25 21:40:05 +01:00
xorg
.clang-format
Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
2024-03-06 15:24:23 +01:00
.ctags
.dir-locals.el
.editorconfig
editorconfig: add NEWS whitespace configuration
2023-10-26 22:41:03 +01:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
Add .venv to gitignore
2024-12-20 15:33:32 +00:00
.mailmap
mailmap: fix entries for Tobias Klauser
2024-12-11 13:55:07 +00:00
.packit.yml
packit: Switch to meson.version for the current version
2025-02-25 19:30:47 +01:00
.pylintrc
Add .pylintrc to globally suppress warnings we don't really care about
2023-08-10 18:13:29 +02:00
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
LICENSE.GPL2
LICENSE.LGPL2.1
meson_options.txt
meson: add more space for sections
2025-02-26 00:33:55 +09:00
meson.build
core: dlopen()'ify libapparmor
2025-02-21 14:22:51 +01:00
meson.version
meson: update version to 258~devel
2024-12-10 19:30:06 +00:00
mkosi.clangd
mkosi: Fix mkosi.clangd
2025-02-14 17:13:10 +01:00
mkosi.clean
mkosi: Add missing SPDX line
2024-09-22 15:23:08 +02:00
mkosi.conf
mkosi: Enable History= option
2025-02-25 10:59:50 +01:00
mkosi.functions
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
mkosi.postinst.chroot
mkosi: Enable userdb tmpfiles dropin on Fedora/CentOS
2025-02-20 16:57:22 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
efivars: kill SystemdOptions efi var support
2025-02-26 17:28:43 +01:00
README
udevadm-trigger: drop support of kernels order than 4.13
2025-02-26 18:07:51 +09:00
README.md
README: fix broken link in OBS badge
2025-02-15 01:32:51 +00:00
ruff.toml
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
TODO
update TODO
2025-02-25 14:32:23 +01:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 321 MiB
Languages
C 89%
Python 5.1%
Shell 4.5%
Meson 1.2%