[redhat-lspp] Problem with pam_namespace.so
Tomas Mraz
tmraz at redhat.com
Wed Jan 24 18:24:38 UTC 2007
On Tue, 2007-01-23 at 12:29 +0100, Tomas Mraz wrote:
> On Mon, 2007-01-22 at 13:00 -0500, Daniel J Walsh wrote:
> > We have found a problem with pam_namespace.so.
> >
> > Basically if you go with the default configuration and you
> > polyinstatiate /tmp, /var/tmp and /home
> > for all non-admin users, setting up su to unmnt_only or unmnt_remount
> > will not work as expected. If you su to root, you will still see the
> > polyinstatiated directories. The pam_namespace code checks if
> > the user you are authenticating is polyinstated, if not it returns
> > success. But this happens BEFORE
> > the unmnt_* code. So you do not get to see the previous polyinstatiated
> > file system. I believe this is fixed in Rawhide but not in RHEL5.
> Not yet, I'm just working on that.
pam-0.99.7.1-1.fc7 in rawhide should have this fixed now.
The unmnt_only or unmnt_remnt options will work for the admin users as
well. Note that a new namespace is set up when su-ing from non-admin to
admin user and so the mount/umount operations in the su session won't
affect the whole system.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the redhat-lspp
mailing list