From 59812d1cf1127a1af65b530addff76be767092b1 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Fri, 10 May 2019 22:11:40 +0300
Subject: pam_namespace: secure tmp-inst directories

When using polyinstantiation for /tmp and/or /var/tmp, pam_namespace
creates subdirectories with fixed name tmp-inst. These paths should be
secured as early as possible to avoid that somehow these directories
could created and controlled by for example a malicious user or
service.

Ship a systemd service, which creates the directories early in
boot sequence with correct permissions and ownership.

Closes #111.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 modules/pam_namespace/namespace.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'modules/pam_namespace/namespace.conf')

diff --git a/modules/pam_namespace/namespace.conf b/modules/pam_namespace/namespace.conf
index b611a0f2..75ec6193 100644
--- a/modules/pam_namespace/namespace.conf
+++ b/modules/pam_namespace/namespace.conf
@@ -21,7 +21,10 @@
 # is explicitly called with an argument to ignore the mode of the
 # instance parent. System administrators should use this argument with
 # caution, as it will reduce security and isolation achieved by
-# polyinstantiation.
+# polyinstantiation. The parent directories (except $HOME) are created
+# at boot by pam_namespace_helper, but in a live system, system
+# administrators should create the parent directories before enabling
+# them here.
 #
 #/tmp     /tmp-inst/       	level      root,adm
 #/var/tmp /var/tmp/tmp-inst/   	level      root,adm
-- 
cgit v1.2.3