summary: Does SELinux cooperate with pam_timestamp_check and pam_timestamp.so?
description: |+
Does SELinux cooperate with pam_timestamp_check and pam_timestamp.so?
Confined and unconfined users are tested using SSH.
This TC uses following parameters which can be overriden:
* ALLOWED_USERS - which SELinux users should be tested?
* DENIED_USERS - which SELinux users should NOT be tested?
* TIMESTAMP_DIR - in which directory is the _pam_timestamp_key file stored?
contact: aborah@redhat.com
component:
- pam
- selinux-policy
require:
- library(selinux-policy/common)
recommend:
- audit
- libselinux
- libselinux-utils
- policycoreutils
- selinux-policy
- selinux-policy-targeted
- setools-console
- expect
- openssh-clients
- pam
- psmisc
- binutils
- shadow-utils
environment:
AVC_ERROR: +no_avc_check
duration: 10m
enabled: true
tag:
- NoRHEL4
- NoRHEL5
- NoRHEL6
- TIPpass
- TIPpass_Security
- f32friendly
- targeted
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1791957
adjust:
- enabled: false
when: distro == rhel-4, rhel-5, rhel-6
continue: false
- environment:
TIMESTAMP_DIR: /run/sudo
when: distro == rhel-7
continue: false
- enabled: false
when: distro ~<= rhel-8.2
continue: false
extra-nitrate: TC#0606210
extra-summary: /CoreOS/selinux-policy/Regression/pam_timestamp-and-related
extra-task: /CoreOS/selinux-policy/Regression/pam_timestamp-and-related
id: 8d9cd03c-0cce-4527-89ec-dab84f651e26