We add pam conf files for login/sshd to use pam_selinux module. When
selinux is not in DISTRO_FEATURES, pam-plugin-selinux would not be
built, this will cause runtime errors to not allow users to login in
on the console or ssh.
Use @target_selinux() to enable these pam conf files conditionally.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
rndc.key would be labeled with wrong named_zone_t inherited from
/etc/bind while creating, so restorecon on it.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
"-Wa,--noexecstack" will mark objects as requiring executable stack,
this is a dangerous CFLAG and would cause security issues.
So disable it as most distros did.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
sshd_config file from oe-core to set "UsePAM yes".
sshd file (pam config for sshd) from oe-core to add pam_selinux module.
Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
