From 6a5f54e8cbc6cff10b36d517918149d45fb5a1c7 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Sun, 17 Jan 2010 22:48:29 +0100
Subject: [PATCH] pam: fix conf_files, enable pam_namespace(8) for /tmp and
 /var/tmp.

- We now create /tmp and /var/tmp as tmpfs instances for all users
  except root, via pam_namespace(8).
- Fixed conf_files, it's /etc/environment not /etc/security/environment.

Bump revision.

--HG--
extra : convert_revision : 04b3d5a9c3e08b28e61708ea33ddb78db8ce5c77
---
 srcpkgs/pam/INSTALL  | 16 ++++++++++++++++
 srcpkgs/pam/template | 29 +++++++++++++++++++++++++++--
 2 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/pam/INSTALL

diff --git a/srcpkgs/pam/INSTALL b/srcpkgs/pam/INSTALL
new file mode 100644
index 00000000000..1d0d1f00926
--- /dev/null
+++ b/srcpkgs/pam/INSTALL
@@ -0,0 +1,16 @@
+# This script creates the pam_namespace(8) instance directories
+# for /tmp and /var/tmpfs, they are created from /tmp/.tmp_inst
+# and /var/tmp/.tmp_inst respectively.
+#
+case "${ACTION}" in
+post)
+	if [ ! -d tmp/.tmp_inst ]; then
+		mkdir -m 0000 tmp/.tmp_inst || exit $?
+		echo "Created pam_namespace(8) /tmp instance dir."
+	fi
+	if [ ! -d var/tmp/.tmp_inst ]; then
+		mkdir -m 0000 var/tmp/.tmp_inst || exit $?
+		echo "Created pam_namespace(8) /var/tmp instance dir."
+	fi
+	;;
+esac
diff --git a/srcpkgs/pam/template b/srcpkgs/pam/template
index 963cbe54921..f0e90a1c31a 100644
--- a/srcpkgs/pam/template
+++ b/srcpkgs/pam/template
@@ -1,7 +1,7 @@
 # Template file for 'pam'
 pkgname=pam
 version=1.1.1
-revision=2
+revision=3
 wrksrc="Linux-PAM-$version"
 distfiles="${KERNEL_SITE}/libs/pam/library/Linux-PAM-$version.tar.bz2"
 build_style=gnu_configure
@@ -16,8 +16,8 @@ long_desc="
  PAM was invented by SUN Microsystems."
 
 conf_files="
+/etc/environment
 /etc/security/access.conf
-/etc/security/environment
 /etc/security/group.conf
 /etc/security/limits.conf
 /etc/security/namespace.conf
@@ -37,4 +37,29 @@ post_install()
 	rm -rf ${DESTDIR}/var
 	# Fix unix_chkpwd perms.
 	chmod 4755 ${DESTDIR}/sbin/unix_chkpwd
+
+	#
+	# Enable by default pam_namespace(8) to mount /tmp and
+	# /var/tmp as tmpfs for all users except root.
+	#
+	cat >> ${DESTDIR}/etc/security/namespace.conf << _EOF
+#
+# ------ END OF DEFAULT FILE ---------
+#
+# XBPS: by default create /tmp and /var/tmp tmpfs instances to
+# all users except root.
+#
+/tmp		/tmp/.tmp_inst/		tmpfs	root
+/var/tmp	/var/tmp/.tmp_inst/	tmpfs	root
+#
+_EOF
+	chmod 644 ${DESTDIR}/etc/security/namespace.conf || return 1
+
+	#
+	# Fix a syntax error in namespace.init, -p flag is unknown
+	# at least to dash and bash.
+	#
+	sed -i -e "s|^#!/bin/sh -p$|#!/bin/sh|" \
+		${DESTDIR}/etc/security/namespace.init || return 1
+	chmod 755 ${DESTDIR}/etc/security/namespace.init || return 1
 }