From 12894fae724cee1e5b94e6b36708e0b6752c9cec Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 31 May 2023 18:50:12 +0200
Subject: [PATCH] pam: add call to pam_umask

Setting umask for user sessions via UMASK setting in /etc/login.defs is
a well-known feature. Let's make sure that user manager also runs with
this umask value.

Follow-up for 5e37d1930b41b24c077ce37c6db0e36c745106c7.

(cherry picked from commit 159f1b78576ce91c3932f4867f07361a530875d3)

Resolves: #2210145
---
 src/login/systemd-user.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/login/systemd-user.in b/src/login/systemd-user.in
index 39bcbd71fe..5906a7481b 100644
--- a/src/login/systemd-user.in
+++ b/src/login/systemd-user.in
@@ -18,4 +18,5 @@ session optional pam_keyinit.so force revoke
 {% if ENABLE_HOMED %}
 -session optional pam_systemd_home.so
 {% endif %}
+session optional pam_umask.so silent
 session optional pam_systemd.so