From: root Date: Tue, 30 Jul 2019 06:27:20 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=51c9080c1b55083509a9795f1c70bff29b100b1b;p=zenbook committing changes in /etc after apt run Package changes: +lightdm 1.26.0-0ubuntu1 amd64 --- diff --git a/.etckeeper b/.etckeeper index 8bcdb26..d37ec35 100755 --- a/.etckeeper +++ b/.etckeeper @@ -20,6 +20,7 @@ mkdir -p './dbus-1/session.d' mkdir -p './fish/completions' mkdir -p './glvnd/egl_vendor.d' mkdir -p './grokevt/systems' +mkdir -p './guest-session' mkdir -p './initramfs-tools/hooks' mkdir -p './initramfs-tools/scripts/init-bottom' mkdir -p './initramfs-tools/scripts/init-premount' @@ -34,6 +35,7 @@ mkdir -p './initramfs-tools/scripts/panic' mkdir -p './insserv/overrides' mkdir -p './kernel/install.d' mkdir -p './libpaper.d' +mkdir -p './lightdm/lightdm.conf.d' mkdir -p './netplan' mkdir -p './network/interfaces.d' mkdir -p './networkd-dispatcher/dormant.d' @@ -352,6 +354,8 @@ maybe chmod 0644 'apparmor.d/abstractions/kerberosclient' maybe chmod 0644 'apparmor.d/abstractions/launchpad-integration' maybe chmod 0644 'apparmor.d/abstractions/ldapclient' maybe chmod 0644 'apparmor.d/abstractions/libpam-systemd' +maybe chmod 0644 'apparmor.d/abstractions/lightdm' +maybe chmod 0644 'apparmor.d/abstractions/lightdm_chromium-browser' maybe chmod 0644 'apparmor.d/abstractions/likewise' maybe chmod 0644 'apparmor.d/abstractions/mdns' maybe chmod 0644 'apparmor.d/abstractions/mir' @@ -417,6 +421,7 @@ maybe chmod 0644 'apparmor.d/abstractions/xdg-desktop' maybe chmod 0755 'apparmor.d/cache' maybe chmod 0755 'apparmor.d/disable' maybe chmod 0755 'apparmor.d/force-complain' +maybe chmod 0644 'apparmor.d/lightdm-guest-session' maybe chmod 0755 'apparmor.d/local' maybe chmod 0644 'apparmor.d/local/README' maybe chmod 0644 'apparmor.d/local/sbin.dhclient' @@ -1240,6 +1245,7 @@ maybe chmod 0644 'dbus-1/system.d/nm-pptp-service.conf' maybe chmod 0644 'dbus-1/system.d/org.debian.apt.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.Accounts.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.ColorManager.conf' +maybe chmod 0644 'dbus-1/system.d/org.freedesktop.DisplayManager.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.GeoClue2.Agent.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.GeoClue2.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.ModemManager1.conf' @@ -1613,6 +1619,7 @@ maybe chmod 0644 'gtk-2.0/im-multipress.conf' maybe chmod 0755 'gtk-3.0' maybe chmod 0644 'gtk-3.0/im-multipress.conf' maybe chmod 0755 'gtk-3.0/settings.ini' +maybe chmod 0755 'guest-session' maybe chmod 0755 'guymager' maybe chmod 0644 'guymager/guymager.cfg' maybe chmod 0644 'hdparm.conf' @@ -1669,6 +1676,7 @@ maybe chmod 0755 'init.d/kerneloops' maybe chmod 0755 'init.d/keyboard-setup.sh' maybe chmod 0755 'init.d/killprocs' maybe chmod 0755 'init.d/kmod' +maybe chmod 0755 'init.d/lightdm' maybe chmod 0755 'init.d/lm-sensors' maybe chmod 0755 'init.d/lvm2' maybe chmod 0755 'init.d/lvm2-lvmetad' @@ -1739,6 +1747,7 @@ maybe chmod 0644 'init/flush-early-job-log.conf' maybe chmod 0644 'init/gpu-manager.conf' maybe chmod 0644 'init/hostname.conf' maybe chmod 0644 'init/hostname.sh.conf' +maybe chmod 0644 'init/lightdm.conf' maybe chmod 0644 'init/mongodb.conf' maybe chmod 0644 'init/mountall-bootclean.sh.conf' maybe chmod 0644 'init/mountall-net.conf' @@ -1937,6 +1946,8 @@ maybe chmod 0644 'libreoffice/soffice.sh' maybe chmod 0644 'libreoffice/sofficerc' maybe chmod 0755 'lightdm' maybe chmod 0664 'lightdm/lightdm.conf' +maybe chmod 0755 'lightdm/lightdm.conf.d' +maybe chmod 0644 'lightdm/users.conf' maybe chmod 0755 'lighttpd' maybe chmod 0755 'lighttpd/conf-available' maybe chmod 0644 'lighttpd/conf-available/90-javascript-alias.conf' @@ -1970,6 +1981,7 @@ maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/cups-daemon' maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/iptraf-ng' +maybe chmod 0644 'logrotate.d/lightdm' maybe chmod 0644 'logrotate.d/mongodb-server' maybe chmod 0644 'logrotate.d/mysql-server' maybe chmod 0644 'logrotate.d/pm-utils' @@ -2210,6 +2222,9 @@ maybe chmod 0644 'pam.d/common-session-noninteractive' maybe chmod 0644 'pam.d/cron' maybe chmod 0644 'pam.d/cups' maybe chmod 0644 'pam.d/gnome-screensaver' +maybe chmod 0644 'pam.d/lightdm' +maybe chmod 0644 'pam.d/lightdm-autologin' +maybe chmod 0644 'pam.d/lightdm-greeter' maybe chmod 0644 'pam.d/login' maybe chmod 0644 'pam.d/newusers' maybe chmod 0644 'pam.d/other' diff --git a/apparmor.d/abstractions/lightdm b/apparmor.d/abstractions/lightdm new file mode 100644 index 0000000..4be3d4a --- /dev/null +++ b/apparmor.d/abstractions/lightdm @@ -0,0 +1,114 @@ +# vim:syntax=apparmor +# Profile for restricting lightdm guest session +# Author: Martin Pitt + +# This abstraction provides the majority of the confinement for guest sessions. +# It is in its own abstraction so we can have a centralized place for +# confinement for the various lightdm sessions (guest, freerdp, uccsconfigure, +# etc). Note that this profile intentionally omits chromium-browser. + +# Requires apparmor 2.9 + + #include + #include + #include + #include + #include + #include + #include + + # bug in compiz https://launchpad.net/bugs/697678 + /etc/compizconfig/config rw, + /etc/compizconfig/unity.ini rw, + + / r, + /bin/ rmix, + /bin/fusermount Px, + /bin/** rmix, + /cdrom/ rmix, + /cdrom/** rmix, + /dev/ r, + /dev/** rmw, # audio devices etc. + owner /dev/shm/** rmw, + /etc/ r, + /etc/** rmk, + /etc/gdm/Xsession ix, + /etc/X11/xdm/** ix, # needed for openSUSE's default session-wrapper + /etc/X11/xinit/** ix, # needed for openSUSE's default session-wrapper + /lib/ r, + /lib/** rmixk, + /lib32/ r, + /lib32/** rmixk, + /lib64/ r, + /lib64/** rmixk, + owner /{,run/}media/ r, + owner /{,run/}media/** rmwlixk, # we want access to USB sticks and the like + /opt/ r, + /opt/** rmixk, + @{PROC}/ r, + @{PROC}/* rm, + @{PROC}/[0-9]*/net/ r, + @{PROC}/[0-9]*/net/dev r, + @{PROC}/asound rm, + @{PROC}/asound/** rm, + @{PROC}/ati rm, + @{PROC}/ati/** rm, + @{PROC}/sys/vm/overcommit_memory r, + owner @{PROC}/** rm, + # needed for gnome-keyring-daemon + @{PROC}/*/status r, + # needed for bamfdaemon and utilities such as ps and killall + @{PROC}/*/stat r, + /sbin/ r, + /sbin/** rmixk, + /sys/ r, + /sys/** rm, + # needed for confined trusted helpers, such as dbus-daemon + /sys/kernel/security/apparmor/.access rw, + /tmp/ rw, + owner /tmp/** rwlkmix, + /usr/ r, + /usr/** rmixk, + /var/ r, + /var/** rmixk, + /var/guest-data/** rw, # allow to store files permanently + /var/tmp/ rw, + owner /var/tmp/** rwlkm, + /{,var/}run/ r, + # necessary for writing to sockets, etc. + /{,var/}run/** rmkix, + /{,var/}run/mir_socket rw, + /{,var/}run/screen/** wl, + /{,var/}run/shm/** wl, + /{,var/}run/uuidd/request w, + # libpam-xdg-support/logind + owner /{,var/}run/user/*/** rw, + + capability ipc_lock, + + # allow processes in the guest session to signal and ptrace each other + signal peer=@{profile_name}, + ptrace peer=@{profile_name}, + # needed when logging out of the guest session + signal (receive) peer=unconfined, + + unix peer=(label=@{profile_name}), + unix (receive) peer=(label=unconfined), + unix (create), + unix (getattr, getopt, setopt, shutdown), + unix (bind, listen, accept, receive, send) type=stream addr="@/com/ubuntu/upstart-session/**", + unix (bind, listen) type=stream addr="@/tmp/dbus-*", + unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*", + unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*", + unix (bind, listen) type=stream addr="@guest*", + unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"), + unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), + unix (connect, receive, send) type=stream peer=(addr="@/dbus-vfs-daemon/*"), + unix (connect, receive, send) type=stream peer=(addr="@guest*"), + + # silence warnings for stuff that we really don't want to grant + deny capability dac_override, + deny capability dac_read_search, + #deny /etc/** w, # re-enable once LP#697678 is fixed + deny /usr/** w, + deny /var/crash/ w, diff --git a/apparmor.d/abstractions/lightdm_chromium-browser b/apparmor.d/abstractions/lightdm_chromium-browser new file mode 100644 index 0000000..930c87e --- /dev/null +++ b/apparmor.d/abstractions/lightdm_chromium-browser @@ -0,0 +1,74 @@ +# vim:syntax=apparmor +# Profile abstraction for restricting chromium in the lightdm guest session +# Author: Jamie Strandboge + +# The abstraction provides the additional accesses required to launch +# chromium based browsers from within an lightdm session. Because AppArmor +# cannot yet merge profiles and because we want to utilize the access rules +# provided in abstractions/lightdm, this abstraction must be separate from +# abstractions/lightdm. + +# Requires apparmor 2.9 + + /usr/lib/chromium-browser/chromium-browser Cx -> chromium, + /usr/bin/webapp-container Cx -> chromium, + /usr/bin/webbrowser-app Cx -> chromium, + /usr/bin/ubuntu-html5-app-launcher Cx -> chromium, + /opt/google/chrome-stable/google-chrome-stable Cx -> chromium, + /opt/google/chrome-beta/google-chrome-beta Cx -> chromium, + /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium, + /opt/google/chrome/google-chrome Cx -> chromium, + + # Allow ptracing processes in the chromium child profile + ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium, + + # Allow receiving and sending signals to processes in the chromium child profile + signal (receive, send) peer=/usr/lib/lightdm/lightdm-guest-session//chromium, + + # Allow communications with chromium child profile via unix sockets + unix peer=(label=/usr/lib/lightdm/lightdm-guest-session//chromium), + + profile chromium { + # Allow all the same accesses as other applications in the guest session + #include + + # but also allow a few things because of chromium-browser's sandboxing that + # are not appropriate to other guest session applications. + owner @{PROC}/[0-9]*/oom_{,score_}adj w, + @{PROC}/sys/kernel/shmmax r, + capability sys_admin, # for sandbox to change namespaces + capability sys_chroot, # fod sandbox to chroot to a safe directory + capability setgid, # for sandbox to drop privileges + capability setuid, # for sandbox to drop privileges + capability sys_ptrace, # chromium needs this to keep track of itself + @{PROC}/sys/kernel/yama/ptrace_scope r, + + # Allow ptrace reads of processes in the lightdm-guest-session + ptrace (read) peer=/usr/lib/lightdm/lightdm-guest-session, + # Allow other guest session processes to read and trace us + ptrace (readby, tracedby) peer=/usr/lib/lightdm/lightdm-guest-session, + ptrace (readby, tracedby) peer=@{profile_name}, + + # Allow us to receive and send signals from processes in the + # lightdm-guest-session + signal (receive, send) set=("exists", "term") peer=/usr/lib/lightdm/lightdm-guest-session, + + # Allow us to receive and send on unix sockets from processes in the + # lightdm-guest-session + unix (receive, send) peer=(label=/usr/lib/lightdm/lightdm-guest-session), + + @{PROC}/[0-9]*/ r, # sandbox wants these + @{PROC}/[0-9]*/fd/ r, # sandbox wants these + @{PROC}/[0-9]*/statm r, # sandbox wants these + @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these + + owner @{PROC}/@{pid}/setgroups w, + owner @{PROC}/@{pid}/uid_map w, + owner @{PROC}/@{pid}/gid_map w, + + /selinux/ r, + + /usr/lib/chromium-browser/chromium-browser-sandbox ix, + /usr/lib/@{multiarch}/oxide-qt/chrome-sandbox ix, + /opt/google/chrome-*/chrome-sandbox ix, + } diff --git a/apparmor.d/lightdm-guest-session b/apparmor.d/lightdm-guest-session new file mode 100644 index 0000000..f23cd23 --- /dev/null +++ b/apparmor.d/lightdm-guest-session @@ -0,0 +1,27 @@ +# vim:syntax=apparmor +# Profile for restricting lightdm guest session + +#include + +/usr/lib/lightdm/lightdm-guest-session { + # Most applications are confined via the main abstraction + #include + + # chromium-browser needs special confinement due to its sandboxing + #include + + # fcitx and friends needs special treatment due to C/S design + /usr/bin/fcitx ix, + /tmp/fcitx-socket-* rwl, + /dev/shm/* rwl, + /usr/bin/fcitx-qimpanel ix, + /usr/bin/sogou-qimpanel-watchdog ix, + /usr/bin/sogou-sys-notify ix, + /tmp/sogou-qimpanel:* rwl, + + # Allow ibus + unix (bind, listen) type=stream addr="@tmp/ibus/*", + + # mozc_server needs special treatment due to C/S design + unix (bind, listen) type=stream addr="@tmp/.mozc.*", +} diff --git a/dbus-1/system.d/org.freedesktop.DisplayManager.conf b/dbus-1/system.d/org.freedesktop.DisplayManager.conf new file mode 100644 index 0000000..66d9f24 --- /dev/null +++ b/dbus-1/system.d/org.freedesktop.DisplayManager.conf @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + + + diff --git a/init.d/lightdm b/init.d/lightdm new file mode 100755 index 0000000..74f8c0a --- /dev/null +++ b/init.d/lightdm @@ -0,0 +1,112 @@ +#!/bin/sh + +# Largely adapted from xdm's init script: +# Copyright 1998-2002, 2004, 2005 Branden Robinson . +# Copyright 2006 Eugene Konev +# +# This is free software; you may redistribute it and/or modify +# it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, +# or (at your option) any later version. +# +# This is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License with +# the Debian operating system, in /usr/share/common-licenses/GPL; if +# not, write to the Free Software Foundation, Inc., 51 Franklin Street, +# Fifth Floor, Boston, MA 02110-1301, USA. + +### BEGIN INIT INFO +# Provides: lightdm +# Required-Start: $local_fs $remote_fs dbus +# Required-Stop: $local_fs $remote_fs dbus +# Should-Start: $named +# Should-Stop: $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start lightdm +### END INIT INFO + +set -e + +HEED_DEFAULT_DISPLAY_MANAGER= +# To start lightdm even if it is not the default display manager, change +# HEED_DEFAULT_DISPLAY_MANAGER to "false." +# Also overridable from command line like: +# HEED_DEFAULT_DISPLAY_MANAGER=false /etc/init.d/lightdm start +[ -z "$HEED_DEFAULT_DISPLAY_MANAGER" ] && HEED_DEFAULT_DISPLAY_MANAGER=true + +DEFAULT_DISPLAY_MANAGER_FILE=/etc/X11/default-display-manager + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/lightdm +PIDFILE=/var/run/lightdm.pid + +if [ -r /etc/default/locale ]; then + . /etc/default/locale + export LANG LANGUAGE +fi + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +SSD_START_ARGS="--pidfile $PIDFILE --name $(basename $DAEMON) --startas $DAEMON -- -d" +SSD_STOP_ARGS="--pidfile $PIDFILE --name $(basename $DAEMON) --retry TERM/5/TERM/5" + +case "$1" in + start) + if [ "$HEED_DEFAULT_DISPLAY_MANAGER" = "true" ] && + [ -e $DEFAULT_DISPLAY_MANAGER_FILE ] && + [ "$(cat $DEFAULT_DISPLAY_MANAGER_FILE)" != "/usr/bin/lightdm" -a "$(cat $DEFAULT_DISPLAY_MANAGER_FILE)" != "/usr/sbin/lightdm" ]; then + echo "Not starting X display manager (lightdm); it is not the default" \ + "display manager." + else + log_daemon_msg "Starting X display manager" "lightdm" + start-stop-daemon --start --quiet $SSD_START_ARGS \ + || log_progress_msg "already running" + log_end_msg 0 + fi + ;; + + restart) + [ -f $PIDFILE ] && /etc/init.d/lightdm stop + [ -f $PIDFILE ] && exit 1 + /etc/init.d/lightdm start + ;; + + stop) + log_daemon_msg "Stopping X display manager" "lightdm" + if ! [ -f $PIDFILE ]; then + log_progress_msg "not running ($PIDFILE not found)" + else + start-stop-daemon --stop --quiet $SSD_STOP_ARGS + SSD_RES=$? + if [ $SSD_RES -eq 1 ]; then + log_progress_msg "not running" + fi + if [ $SSD_RES -eq 2 ]; then + log_progress_msg "not responding to TERM signals" + else + if [ -f $PIDFILE ]; then + log_progress_msg "(removing stale $PIDFILE)" + rm $PIDFILE + fi + fi + fi + log_end_msg 0 + ;; + force-reload) + /etc/init.d/lightdm restart + ;; + + *) + echo "Usage: /etc/init.d/lightdm {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/init/lightdm.conf b/init/lightdm.conf new file mode 100644 index 0000000..f861dfa --- /dev/null +++ b/init/lightdm.conf @@ -0,0 +1,63 @@ +# LightDM - light Display Manager +# +# The display manager service manages the X servers running on the +# system, providing login and auto-login services +# +# based on gdm upstart script + +description "LightDM Display Manager" +author "Robert Ancell " + +start on ((filesystem + and runlevel [!06] + and started dbus + and plymouth-ready) + or runlevel PREVLEVEL=S) + +stop on runlevel [016] + +respawn +respawn limit 2 15 + +emits login-session-start +emits desktop-session-start +emits desktop-shutdown + +script + if [ -n "$UPSTART_EVENTS" ] + then + # Check kernel command-line for inhibitors, unless we are being called + # manually + for ARG in $(cat /proc/cmdline); do + if [ "$ARG" = "text" ]; then + plymouth quit || : + stop + exit 0 + fi + done + + [ ! -f /etc/X11/default-display-manager -o "$(cat /etc/X11/default-display-manager 2>/dev/null)" = "/usr/bin/lightdm" -o "$(cat /etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/lightdm" ] || { stop; exit 0; } + + if [ "$RUNLEVEL" = S -o "$RUNLEVEL" = 1 ] + then + # Single-user mode + plymouth quit || : + exit 0 + fi + fi + + exec lightdm +end script + +post-start script + sleep 5 + clear > /dev/tty7 +end script + +post-stop script + clear > /dev/tty7 + sleep 1 + if [ "$UPSTART_STOP_EVENTS" = runlevel ]; then + initctl emit desktop-shutdown + fi +end script diff --git a/lightdm/users.conf b/lightdm/users.conf new file mode 100644 index 0000000..e4948a6 --- /dev/null +++ b/lightdm/users.conf @@ -0,0 +1,14 @@ +# +# User accounts configuration +# +# NOTE: If you have AccountsService installed on your system, then LightDM will +# use this instead and these settings will be ignored +# +# minimum-uid = Minimum UID required to be shown in greeter +# hidden-users = Users that are not shown to the user +# hidden-shells = Shells that indicate a user cannot login +# +[UserList] +minimum-uid=500 +hidden-users=nobody nobody4 noaccess +hidden-shells=/bin/false /usr/sbin/nologin diff --git a/logrotate.d/lightdm b/logrotate.d/lightdm new file mode 100644 index 0000000..fed4a02 --- /dev/null +++ b/logrotate.d/lightdm @@ -0,0 +1,9 @@ +/var/log/lightdm/*.log { + daily + missingok + rotate 7 + compress + notifempty + maxsize 10M + copytruncate +} diff --git a/pam.d/lightdm b/pam.d/lightdm new file mode 100644 index 0000000..123ef3b --- /dev/null +++ b/pam.d/lightdm @@ -0,0 +1,19 @@ +#%PAM-1.0 +auth requisite pam_nologin.so +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +@include common-auth +auth optional pam_gnome_keyring.so +auth optional pam_kwallet.so +auth optional pam_kwallet5.so +@include common-account +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +#session required pam_loginuid.so +session required pam_limits.so +@include common-session +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +session optional pam_gnome_keyring.so auto_start +session optional pam_kwallet.so auto_start +session optional pam_kwallet5.so auto_start +session required pam_env.so readenv=1 +session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale +@include common-password diff --git a/pam.d/lightdm-autologin b/pam.d/lightdm-autologin new file mode 100644 index 0000000..5053ebd --- /dev/null +++ b/pam.d/lightdm-autologin @@ -0,0 +1,12 @@ +#%PAM-1.0 +auth requisite pam_nologin.so +auth required pam_permit.so +@include common-account +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +#session required pam_loginuid.so +session required pam_limits.so +@include common-session +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +session required pam_env.so readenv=1 +session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale +@include common-password diff --git a/pam.d/lightdm-greeter b/pam.d/lightdm-greeter new file mode 100644 index 0000000..35736d3 --- /dev/null +++ b/pam.d/lightdm-greeter @@ -0,0 +1,15 @@ +#%PAM-1.0 +auth required pam_permit.so +auth optional pam_gnome_keyring.so +auth optional pam_kwallet.so +auth optional pam_kwallet5.so +@include common-account +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close +session required pam_limits.so +@include common-session +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +session optional pam_gnome_keyring.so auto_start +session optional pam_kwallet.so auto_start +session optional pam_kwallet5.so auto_start +session required pam_env.so readenv=1 +session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale diff --git a/rc0.d/K02lightdm b/rc0.d/K02lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc0.d/K02lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc1.d/K02lightdm b/rc1.d/K02lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc1.d/K02lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc2.d/S04lightdm b/rc2.d/S04lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc2.d/S04lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc3.d/S04lightdm b/rc3.d/S04lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc3.d/S04lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc4.d/S04lightdm b/rc4.d/S04lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc4.d/S04lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc5.d/S04lightdm b/rc5.d/S04lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc5.d/S04lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file diff --git a/rc6.d/K02lightdm b/rc6.d/K02lightdm new file mode 120000 index 0000000..ae17aeb --- /dev/null +++ b/rc6.d/K02lightdm @@ -0,0 +1 @@ +../init.d/lightdm \ No newline at end of file