suggestion: decouple unshare from mounting in pam_namespace

Louis-Dominique Dubeau ldd at lddubeau.com
Fri Sep 19 07:40:52 UTC 2008


Ok, following up on an old discussion (see below).  I've submitted a patch to 
the tracker to create a new module called pam_unshare which does what we 
discussed here.  I did not have our discussion at hand when I sent the patch 
to the tracker so if I need to send a tarball instead of a patch please let me 
know.  Or if there is anything else I should do, let me know.  I want as much 
as possible to ensure a speedy inclusion of this patch to the mainline PAM.  
I'm actively using pam_unshare right now so I'd rather see it be a standard 
part of my distro rather than have to compile my own hacked PAM packages.

Thanks,
Louis

On Saturday 24 May 2008 02:31:05 Tomas Mraz wrote:
> On Fri, 2008-05-23 at 13:50 -0400, Louis-Dominique Dubeau wrote:
> > On Fri, 2008-05-23 at 10:24 -0400, Louis-Dominique Dubeau wrote:
> > > It makes sense somewhat. But with the KISS principle in mind - when you
> > > want just the unshare, why not create a new module called pam_unshare,
> > > which would just call unshare and not do anything else? I think we
> > > could accept such module into Linux-PAM.
> >
> > I have no problem with this approach.  I just do not know pam well
> > enough to know whether this would have unforeseen consequences or not.
> >
> > What needs to be done to ensure the presence of pam_unshare in a future
> > version of pam?
>
> Just use some existing module as a template - for example remove all
> unnecessary code from pam_namespace + rename all the source files. Also
> rewrite the documentation. Then attach a tarball with the module into
> the issue tracker on PAM sourceforge.net page.








More information about the Pam-list mailing list