Update upstream source from tag 'upstream/1.5.3'

Update to upstream version '1.5.3'
with Debian dir 6b9d9dfb8a4ca02d4557097ee59960e72a6a4a29

1 files changed, 15 insertions, 15 deletions

diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8
index d0afb6c6..3c9e9b39 100644
--- a/modules/pam_namespace/pam_namespace.8
+++ b/modules/pam_namespace/pam_namespace.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_namespace
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 09/03/2021
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\"      Date: 05/07/2023
 .\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
+.\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_NAMESPACE" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_NAMESPACE" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -41,57 +41,57 @@ exists, it is used to initialize the instance directory after it is set up and m
 The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&.
 .SH "OPTIONS"
 .PP
-\fBdebug\fR
+debug
 .RS 4
 A lot of debug information is logged using syslog
 .RE
 .PP
-\fBunmnt_remnt\fR
+unmnt_remnt
 .RS 4
 For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\&. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\&. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context
 .RE
 .PP
-\fBunmnt_only\fR
+unmnt_only
 .RS 4
 For trusted programs that want to undo any existing bind mounts and process instance directories on their own, this argument allows them to unmount currently mounted instance directories
 .RE
 .PP
-\fBrequire_selinux\fR
+require_selinux
 .RS 4
 If selinux is not enabled, return failure
 .RE
 .PP
-\fBgen_hash\fR
+gen_hash
 .RS 4
 Instead of using the security context string for the instance name, generate and use its md5 hash\&.
 .RE
 .PP
-\fBignore_config_error\fR
+ignore_config_error
 .RS 4
 If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\&. Without this option, pam will return an error to the calling program resulting in termination of the session\&.
 .RE
 .PP
-\fBignore_instance_parent_mode\fR
+ignore_instance_parent_mode
 .RS 4
 Instance parent directories by default are expected to have the restrictive mode of 000\&. Using this option, an administrator can choose to ignore the mode of the instance parent\&. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\&.
 .RE
 .PP
-\fBunmount_on_close\fR
+unmount_on_close
 .RS 4
 Explicitly unmount the polyinstantiated directories instead of relying on automatic namespace destruction after the last process in a namespace exits\&. This option should be used only in case it is ensured by other means that there cannot be any processes running in the private namespace left after the session close\&. It is also useful only in case there are multiple pam session calls in sequence from the same process\&.
 .RE
 .PP
-\fBuse_current_context\fR
+use_current_context
 .RS 4
 Useful for services which do not change the SELinux context with setexeccon call\&. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\&.
 .RE
 .PP
-\fBuse_default_context\fR
+use_default_context
 .RS 4
 Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\&. The module will use the default SELinux context of the user for the level and context polyinstantiation\&.
 .RE
 .PP
-\fBmount_private\fR
+mount_private
 .RS 4
 This option can be used on systems where the / mount point or its submounts are made shared (for example with a
 \fBmount \-\-make\-rshared /\fR