From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-935142-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DA48C139694
	for <garchives@archives.gentoo.org>; Mon, 27 Feb 2017 10:51:07 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7BFAC21C099;
	Mon, 27 Feb 2017 10:51:04 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 5394D21C099
	for <gentoo-commits@lists.gentoo.org>; Mon, 27 Feb 2017 10:50:59 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 92E09340C97
	for <gentoo-commits@lists.gentoo.org>; Mon, 27 Feb 2017 10:50:58 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id E65D15651
	for <gentoo-commits@lists.gentoo.org>; Mon, 27 Feb 2017 10:50:55 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1488191880.f45e0db0dcd22534c2ab32160e56e10795010ebf.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/admin/su.if policy/modules/system/authlogin.if policy/modules/system/selinuxutil.te
X-VCS-Directories: policy/modules/admin/ policy/modules/system/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: f45e0db0dcd22534c2ab32160e56e10795010ebf
X-VCS-Branch: master
Date: Mon, 27 Feb 2017 10:50:55 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 0ecc5439-daae-4ef9-a04e-1cc8e9c38681
X-Archives-Hash: 808590e2828c71793a66118ce419f6d3
Message-ID: <20170227105055.er77lNOp-yJjDhPj1ggP0uQY7JLLTPMb2rZH2_0CMfM@z>

commit:     f45e0db0dcd22534c2ab32160e56e10795010ebf
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Feb 26 17:08:02 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 27 10:38:00 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f45e0db0

auth: Move optional out of auth_use_pam_systemd() to callers.

 policy/modules/admin/su.if           | 5 ++++-
 policy/modules/system/authlogin.if   | 6 ++----
 policy/modules/system/selinuxutil.te | 5 ++++-
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index cd137d59..8e21b217 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -190,7 +190,6 @@ template(`su_role_template',`
 	auth_dontaudit_read_shadow($1_su_t)
 	auth_use_nsswitch($1_su_t)
 	auth_rw_faillog($1_su_t)
-	auth_use_pam_systemd($1_su_t)
 
 	corecmd_search_bin($1_su_t)
 
@@ -227,6 +226,10 @@ template(`su_role_template',`
 		')
 	')
 
+	optional_policy(`
+		auth_use_pam_systemd($1_su_t)
+	')
+
 	tunable_policy(`allow_polyinstantiation',`
 		fs_mount_xattr_fs($1_su_t)
 		fs_unmount_xattr_fs($1_su_t)

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index fb92132d..2b70d124 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -100,10 +100,8 @@ interface(`auth_use_pam',`
 ## </param>
 #
 interface(`auth_use_pam_systemd',`
-	optional_policy(`
-		dbus_system_bus_client($1)
-		systemd_dbus_chat_logind($1)
-	')
+	dbus_system_bus_client($1)
+	systemd_dbus_chat_logind($1)
 ')
 
 ########################################

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 5f624126..931d8591 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -283,7 +283,6 @@ auth_use_nsswitch(newrole_t)
 auth_run_chk_passwd(newrole_t, newrole_roles)
 auth_run_upd_passwd(newrole_t, newrole_roles)
 auth_rw_faillog(newrole_t)
-auth_use_pam_systemd(newrole_t)
 
 # Write to utmp.
 init_rw_utmp(newrole_t)
@@ -313,6 +312,10 @@ ifdef(`init_systemd',`
 ')
 
 optional_policy(`
+	auth_use_pam_systemd(newrole_t)
+')
+
+optional_policy(`
 	dbus_system_bus_client(newrole_t)
 
 	optional_policy(`