From ca1e5ad4eab1fc6510ef66b99a8f76ef51e8808f Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Fri, 8 Nov 2024 20:31:28 +0200
Subject: [PATCH] Do not add pam_namespace into /etc/pam.d/postlogin in
 Slackware

pam_namespace should be the last line for session group and Slackware's
configs include other session modules after including postlogin.
---
 tasks/pam.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tasks/pam.yml b/tasks/pam.yml
index c2b2625..2998119 100644
--- a/tasks/pam.yml
+++ b/tasks/pam.yml
@@ -49,7 +49,10 @@
     - pam
     - slackware
 
-- name: Add pam_umask, pam_cgroup & pam_namespace to /etc/pam.d/postlogin (Slackware)
+# NOTE: We can't add pam_namespace into /etc/pam.d/postlogin, as it should be
+# last line for session group (see PAM_NAMESPACE(8)) and Slackware's
+# configurations include postlogin before other session modules.
+- name: Add pam_umask & pam_cgroup to /etc/pam.d/postlogin (Slackware)
   when: ansible_distribution == "Slackware"
   become: true
   ansible.builtin.lineinfile:
@@ -59,7 +62,6 @@
   with_dict:
     umask: optional
     cgroup: optional
-    namespace: required
   tags:
     - configuration
     - pam