diff options
| author | Tomas Mraz <tm@t8m.info> | 2006-06-27 13:07:42 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2006-06-27 13:07:42 +0000 |
| commit | bc7424a26860cc26630a80e5500284f3af36b940 (patch) | |
| tree | 22b1b5f2a5ecb5616d7b86c8ca22f7de439e3751 /modules/pam_namespace/namespace.conf | |
| parent | abf8754ad5c98462b2134aa339271b52960569c0 (diff) | |
| download | pam-bc7424a26860cc26630a80e5500284f3af36b940.tar.gz pam-bc7424a26860cc26630a80e5500284f3af36b940.tar.bz2 pam-bc7424a26860cc26630a80e5500284f3af36b940.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
* modules/pam_namespace/pam_namespace.c: New module
originally written by Janak Desai.
* modules/pam_namespace/Makefile.am: New.
* modules/pam_namespace/README: New.
* modules/pam_namespace/md5.c: New.
* modules/pam_namespace/md5.h: New.
* modules/pam_namespace/namespace.conf: New.
* modules/pam_namespace/namespace.conf.5: New.
* modules/pam_namespace/namespace.conf.5.xml: New.
* modules/pam_namespace/namespace.init: New.
* modules/pam_namespace/pam_namespace.8: New.
* modules/pam_namespace/pam_namespace.8.xml: New.
* modules/Makefile.am: Added pam_namespace.
* configure.in: Added pam_namespace, test for unshare
library call.
Diffstat (limited to 'modules/pam_namespace/namespace.conf')
| -rw-r--r-- | modules/pam_namespace/namespace.conf | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/modules/pam_namespace/namespace.conf b/modules/pam_namespace/namespace.conf new file mode 100644 index 00000000..c7305ffe --- /dev/null +++ b/modules/pam_namespace/namespace.conf @@ -0,0 +1,30 @@ +# /etc/security/namespace.conf +# +# See /usr/share/doc/pam-*/txts/README.pam_namespace for more information. +# +# Uncommenting the following three lines will polyinstantiate +# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will +# be polyinstantiated based on both security context as well as user +# name, whereas home directory will be polyinstantiated based on +# security context only. Polyinstantion will not be performed for +# user root and adm for directories /tmp and /var/tmp, whereas home +# directories will be polyinstantiated for all users. The user name +# and/or context is appended to the instance prefix. +# +# Note that instance directories do not have to reside inside the +# polyinstantiated directory. In the examples below, instances of /tmp +# will be created in /tmp-inst directory, where as instances of /var/tmp +# and users home directories will reside within the directories that +# are being polyinstantiated. +# +# Instance parent directories must exist for the polyinstantiation +# mechanism to work. By default, they should be created with the mode +# of 000. pam_namespace module will enforce this mode unless it +# is explicitly called with an argument to ignore the mode of the +# instance parent. System administrators should use this argument with +# caution, as it will reduce security and isolation achieved by +# polyinstantiation. +# +#/tmp /tmp-inst/ both root,adm +#/var/tmp /var/tmp/tmp-inst/ both root,adm +#$HOME $HOME/$USER.inst/inst- context |