shadow: drop select_context for login pam_selinux

select_context param for pam_selinux module attempt to ask the user
for a custom security context role while login.

Admins and linux distros hardly use this param to the pam configs,
because this adds a new step in login process, and users could use
"newrole" command instead after login in.

Moreover, this is totally unnecessary for policy types without
multiple roles.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>

recipes-extended/shadow/files/pam.d/login

@@ -93,6 +93,6 @@ session    include      common-session
 # SELinux needs to intervene at login time to ensure that the process
 # starts in the proper default security context. Only sessions which are
 # intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open select_context
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
 # When the module is present, "required" would be sufficient (When SELinux
 # is disabled, this returns success.)

recipes-extended/shadow/shadow_4.1.4.3.bbappend

@@ -1,4 +1,4 @@
-PR .= ".4"
+PR .= ".5"
 
 inherit with-selinux with-audit