diff options
author | Naïm Favier <n@monade.li> | 2022-11-01 23:50:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-01 23:50:58 +0100 |
commit | 814628a45dabfbd2edd61be98dea0baacfd7b335 (patch) | |
tree | 021fd7afcc4eb7eca514fbd3f2ed6af0a3949b6c /nixos/modules/security | |
parent | a01b2b807e7396987d5de08c41c15323c9957e3c (diff) | |
parent | 8111e4f113b4a10b6093b231712cd943ca0bb6ff (diff) |
Merge pull request #174951 from dpausp/fix-pam-tty-audit
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/pam.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index c74f66d918295..dc145d8585154 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -615,12 +615,12 @@ let optionalString cfg.setLoginUid '' session ${if config.boot.isContainer then "optional" else "required"} pam_loginuid.so '' + - optionalString cfg.ttyAudit.enable '' - session required ${pkgs.pam}/lib/security/pam_tty_audit.so - open_only=${toString cfg.ttyAudit.openOnly} - ${optionalString (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}"} - ${optionalString (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}"} - '' + + optionalString cfg.ttyAudit.enable (concatStringsSep " \\\n " ([ + "session required ${pkgs.pam}/lib/security/pam_tty_audit.so" + ] ++ optional cfg.ttyAudit.openOnly "open_only" + ++ optional (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}" + ++ optional (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}" + )) + optionalString cfg.makeHomeDir '' session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=0077 '' + |