summaryrefslogtreecommitdiff
path: root/src/pam-module.c
AgeCommit message (Collapse)Author
2011-06-15pam-module: add debug= parameterMichal Schmidt
It is customary that pam modules do not log debugging information by default. Usually they offer a 'debug' option. Add a boolean debug= option to pam_systemd.so. This will solve bug https://bugzilla.redhat.com/show_bug.cgi?id=705427 Commit 53d5582fa006b0eb528f5dc3f4ba978abd8ac5a3 was not sufficient to fix it, because in Fedora rsyslog is configured to write even LOG_DEBUG messages to /var/log/secure by default.
2011-05-16pam: downgrade a few log msgsLennart Poettering
2011-04-12pam: use /proc/self/sessionid only if CAP_AUDIT_CONTROL is setLennart Poettering
2011-04-12pam: use /proc/self/loginuid only if we have CAP_AUDIT_CONTROLLennart Poettering
2011-04-01general: replace a few uses of /var/run by /runLennart Poettering
2011-03-14pam: determine user cgroup tree from cgroup of PID 1Lennart Poettering
2011-03-10pam: do not leak file descriptor if flock failsAndrey Borzenkov
If flock fails, fd is not returned to caller so it cannot clean up.
2011-02-13pam: introduce whitelist and blacklist user list featureLennart Poettering
This is useful to exclude root from the session logout killings or to limit killing to the selinux guest users.
2011-02-04pam: optionally reset cgroup memberships for login sessionsLennart Poettering
2011-01-22clang: fix some issues found with clang-analyzersystemd/v17Lennart Poettering
2011-01-18pam: optionally keep processes of root user aroundLennart Poettering
2010-12-24pam: do not sort user sessions into their own cgroups in the 'cpu' hierarchy ↵Lennart Poettering
by default While this offers quite a few benefits for normally scheduled processes this breaks RT scheduling for all user processes, since we do not assign an RT share to the cgroups created via this mechanism. If the user cgroups have no RT share assigned no member process can make use of RT functionality. However, software like JACK and PA/rtkit assume that RT is available in some way or another, either via RLIMIT_RTPRIO or via some privileged service. Creating implicit cpu cgroups but not adding RT shares to them hence breaks these applications. There is no sane way to implicitly add RT shares to these groups, since they are pulled from a global, limited pool and it would hence be very hard to make this work without limiting the number of concurrent sessions, or constantly rewriting the cpu share settings of already logged in session cgroups. Most likely this issue needs to be fixed in-kernel because we can enable this feature by default again.
2010-11-17pam: duplicate cgroup tree in the cpu hierarchy by default, optionally moreLennart Poettering
2010-11-16pam: always rely on loginuid instead of uid to determine cgroup and ↵Lennart Poettering
XDG_RUNTIME_DIR
2010-11-15pam: rename master user cgroup to 'master'Lennart Poettering
2010-11-14pam: rename 'no-session' to 'user' cgroupLennart Poettering
2010-08-14emacs: make sure nobody accidently adds tabs to our sourcesLennart Poettering
2010-07-21pam: remove only sessions we ourselves created in the first placeLennart Poettering
2010-07-12pam: remove leftover libcgroup inclusionLennart Poettering
2010-07-12cgroup: reimplement the last bit of libcgroup functionality nativelyLennart Poettering
2010-07-11cgroup: kill processes, not tasks and other cgroup changesLennart Poettering
2010-06-24pam: make sure we don't assign colliding session ids if we get our session ↵Lennart Poettering
ids from multiple sources
2010-06-23pam: dont use $XDG_SESSION_COOKIE since CK wants that to be secret. Come up ↵Lennart Poettering
with our own $XDG_SESSION_ID based on /proc/self/sessionid if that is available
2010-06-21pam: implement systemd PAM module and generelize cgroup API for that a bitLennart Poettering