From 212d20c80e2bd3b8396b2fcf48862b506404487c Mon Sep 17 00:00:00 2001
From: Ali Riza KESKIN <aliriza.keskin@pardus.org.tr>
Date: Fri, 4 Mar 2022 11:48:54 +0000
Subject: [PATCH] fix PAM service files --without-selinux

Make pam_selinux.so optional in environments where the module isn't provided.
---
 etc/pam.d/login | 4 ++--
 etc/pam.d/su    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/etc/pam.d/login b/etc/pam.d/login
index 5a648065..c1649b37 100644
--- a/etc/pam.d/login
+++ b/etc/pam.d/login
@@ -4,8 +4,8 @@ auth		include		system-auth
 account		required	pam_nologin.so
 account		include		system-auth
 password	include		system-auth
-session		required	pam_selinux.so close
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
 session		include		system-auth
 session		required	pam_loginuid.so
 session		optional	pam_console.so
-session		required	pam_selinux.so open
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/etc/pam.d/su b/etc/pam.d/su
index 7ef7134b..35602bc8 100644
--- a/etc/pam.d/su
+++ b/etc/pam.d/su
@@ -7,7 +7,7 @@ auth		required	pam_wheel.so use_uid
 auth		include		system-auth
 account		include		system-auth
 password	include		system-auth
-session		required	pam_selinux.so close
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
 session		include		system-auth
-session		required	pam_selinux.so open multiple
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
 session		optional	pam_xauth.so