- Timestamp:
- 06/27/2019 08:55:17 PM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 9.0, 9.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ff3264f
- Parents:
- e77adf7
- Location:
- postlfs
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/filesystems/fuse3.xml
re77adf7 r51dfb3e 182 182 183 183 <screen role="root"><userinput>cat > /etc/fuse.conf << "EOF" 184 # Set the maximum number of FUSE mounts allowed to non-root users.184 <literal># Set the maximum number of FUSE mounts allowed to non-root users. 185 185 # The default is 1000. 186 186 # … … 190 190 # mount options. 191 191 # 192 #user_allow_other 192 #user_allow_other</literal> 193 193 EOF</userinput></screen> 194 194 -
postlfs/filesystems/initramfs.xml
re77adf7 r51dfb3e 55 55 56 56 <screen role="root"><userinput>cat > /sbin/mkinitramfs << "EOF" 57 #!/bin/bash57 <literal>#!/bin/bash 58 58 # This file based in part on the mkinitramfs script for the LFS LiveCD 59 59 # written by Alexander E. Patrakov and Jeremy Huntwork. … … 244 244 rm -rf $WDIR $unsorted 245 245 printf "done.\n" 246 246 </literal> 247 247 EOF 248 248 … … 251 251 <screen role="root"><userinput>mkdir -p /usr/share/mkinitramfs && 252 252 cat > /usr/share/mkinitramfs/init.in << "EOF" 253 #!/bin/sh253 <literal>#!/bin/sh 254 254 255 255 PATH=/bin:/usr/bin:/sbin:/usr/sbin … … 358 358 359 359 exec switch_root /.root "$init" "$@" 360 360 </literal> 361 361 EOF</userinput></screen> 362 362 -
postlfs/security/consolekit.xml
re77adf7 r51dfb3e 219 219 220 220 <screen role="root"><userinput>cat > /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck << "EOF" 221 #!/bin/sh221 <literal>#!/bin/sh 222 222 TAGDIR=/var/run/console 223 223 … … 235 235 sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE" 236 236 [ -s "$TAGFILE" ] || rm -f "$TAGFILE" 237 fi 237 fi</literal> 238 238 EOF 239 239 chmod -v 755 /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck</userinput></screen> -
postlfs/security/libcap.xml
re77adf7 r51dfb3e 98 98 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} && 99 99 cat > /etc/pam.d/system-auth << "EOF" && 100 # Begin /etc/pam.d/system-auth100 <literal># Begin /etc/pam.d/system-auth 101 101 102 auth optional pam_cap.so 102 auth optional pam_cap.so</literal> 103 103 EOF 104 104 tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth</userinput></screen> -
postlfs/security/linux-pam.xml
re77adf7 r51dfb3e 190 190 191 191 cat > /etc/pam.d/other << "EOF" 192 auth required pam_deny.so192 <literal>auth required pam_deny.so 193 193 account required pam_deny.so 194 194 password required pam_deny.so 195 session required pam_deny.so 195 session required pam_deny.so</literal> 196 196 EOF</userinput></screen> 197 197 -
postlfs/security/polkit.xml
re77adf7 r51dfb3e 72 72 </listitem> 73 73 </itemizedlist> 74 <!-- 75 <bridgehead renderas="sect3" >Additional Downloads</bridgehead>76 <itemizedlist spacing="compact" >77 <listitem> 78 <para> 79 Re quired patch:80 <ulink url="&patch-root;/polkit-&polkit-version;- security_patch-3.patch"/>74 75 <bridgehead renderas="sect3" revision="sysv">Additional Downloads</bridgehead> 76 <itemizedlist spacing="compact" revision="sysv"> 77 <listitem> 78 <para> 79 Recommended patch: 80 <ulink url="&patch-root;/polkit-&polkit-version;-fix_elogind_detection-1.patch"/> 81 81 </para> 82 82 </listitem> 83 83 </itemizedlist> 84 --> 84 85 85 <bridgehead renderas="sect3">Polkit Dependencies</bridgehead> 86 86 … … 91 91 </para> 92 92 93 <bridgehead renderas="sect4" revision="systemd">Recommended</bridgehead> 94 <para role="recommended" revision="systemd"> 95 <xref linkend="linux-pam"/> 96 </para> 97 98 <note revision="systemd"> 93 <bridgehead renderas="sect4">Recommended</bridgehead> 94 <para role="recommended"> 95 <xref linkend="linux-pam"/><phrase revision="sysv"> and 96 <xref linkend="elogind"/></phrase> 97 </para> 98 99 <note> 99 100 <para> 100 Since <command>systemd-logind</command> uses PAM to register user 101 sessions, it is a good idea to build <application>Polkit</application> 102 with PAM support so <command>systemd-logind</command> can track 103 <application>Polkit</application> sessions. 101 Since <phrase revision="sysv"><command>elogind</command></phrase> 102 <phrase revision="systemd"><command>systemd-logind</command></phrase> 103 uses PAM to register user sessions, it is a good idea to build 104 <application>Polkit</application> with PAM support so 105 <phrase revision="sysv"><command>elogind</command></phrase> 106 <phrase revision="systemd"><command>systemd-logind</command></phrase> 107 can track <application>Polkit</application> sessions. 104 108 </para> 105 109 </note> … … 115 119 <xref linkend="DocBook"/>, 116 120 <xref linkend="docbook-xsl"/>, 117 <xref linkend="gtk-doc"/>, <phrase revision="systemd">and </phrase> 118 <xref linkend="libxslt"/><phrase revision="sysv">, and 119 <xref linkend="linux-pam"/></phrase> 121 <xref linkend="gtk-doc"/>, and 122 <xref linkend="libxslt"/> 120 123 </para> 121 124 … … 169 172 <screen><userinput>sed -i "s:/sys/fs/cgroup/systemd/:/sys:g" configure</userinput></screen> 170 173 </note> 171 <!-- 172 <para>Fix an issue identified upstream after the package release:</para> 173 174 <screen><userinput>sed -e '/JS_ReportWarningUTF8/s/,/, "%s",/' \ 175 -i src/polkitbackend/polkitbackendjsauthority.cpp</userinput></screen> --> 176 174 175 <para revision="sysv"> 176 Fix an issue introduced in recent <application>Polkit</application> 177 realeases with elogind: 178 </para> 179 180 <screen revision="sysv"><userinput>patch -Np1 -i ../polkit-&polkit-version;-fix_elogind_detection-1.patch && 181 autoreconf -fi</userinput></screen> 177 182 <para> 178 183 Install <application>Polkit</application> by running the following 179 184 commands: 180 185 </para> 181 182 <screen revision="sysv"><userinput>./configure --prefix=/usr \183 --sysconfdir=/etc \184 --localstatedir=/var \185 --disable-static \186 --enable-libsystemd-login=no \187 --enable-libelogind=no \188 --with-authfw=shadow \189 --with-os-type=LFS &&190 make</userinput></screen>191 186 192 187 <screen revision="systemd"><userinput>./configure --prefix=/usr \ … … 197 192 make</userinput></screen> 198 193 194 <screen revision="sysv"><userinput>./configure --prefix=/usr \ 195 --sysconfdir=/etc \ 196 --localstatedir=/var \ 197 --disable-static \ 198 --with-os-type=LFS \ 199 --enable-libsystemd-login=no && 200 make</userinput></screen> 201 199 202 <para> 200 203 To test the results, issue: <command>make check</command>. … … 214 217 <title>Command Explanations</title> 215 218 216 <para revision="sysv"> 217 <parameter>--enable-libsystemd-login=no</parameter>: This parameter fixes 218 building without <application>systemd</application>, which is not part 219 of LFS/BLFS. If you use <application>systemd</application>, 220 replace "no" by "yes". 221 </para> 222 223 <para revision="sysv"> 224 <parameter>--with-authfw=shadow</parameter>: This parameter configures the 225 package to use the <application>Shadow</application> rather than the 226 <application>Linux-PAM</application> Authentication framework. Change 227 the argument to 'pam' if you would like to use 228 <application>Linux-PAM</application>. 229 </para> 230 231 <para revision="systemd"> 219 <para> 232 220 <option>--with-authfw=shadow</option>: This switch enables the 233 221 package to use the <application>Shadow</application> rather than the … … 240 228 241 229 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 242 href="../../xincludes/gtk-doc-rebuild.xml"/> 230 href="../../xincludes/gtk-doc-rebuild.xml"/> 231 232 <para revision="sysv"> 233 <parameter>--enable-libsystemd-login=no</parameter>: This switch forces 234 polkit to build with elogind support (if available) rather than systemd. 235 </para> 243 236 244 237 </sect2> -
postlfs/virtualization/qemu.xml
re77adf7 r51dfb3e 525 525 <screen role="root" 526 526 revision="systemd"><userinput>cat >> /etc/sysctl.d/60-net-forward.conf << EOF 527 net.ipv4.ip_forward=1 527 <literal>net.ipv4.ip_forward=1</literal> 528 528 EOF</userinput></screen> 529 529
Note:
See TracChangeset
for help on using the changeset viewer.