From 17a3f6715591b215a7fdd3127db4abe70ff26381 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 26 Jan 2012 14:50:51 +0100
Subject: Do not unmount anything by default in pam_namespace close session
 call.

* modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize
the unmount_on_close option and make the default to be to not unmount.
* modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to
PAMNS_UNMOUNT_ON_CLOSE.
* modules/pam_namespace/pam_namespace.8.xml: Document the change.
---
 modules/pam_namespace/pam_namespace.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

(limited to 'modules/pam_namespace/pam_namespace.c')

diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 470f493b..a40f05e6 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -2108,24 +2108,26 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
             idata.flags |= PAMNS_DEBUG;
         if (strcmp(argv[i], "ignore_config_error") == 0)
             idata.flags |= PAMNS_IGN_CONFIG_ERR;
-        if (strcmp(argv[i], "no_unmount_on_close") == 0)
-            idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
+        if (strcmp(argv[i], "unmount_on_close") == 0)
+            idata.flags |= PAMNS_UNMOUNT_ON_CLOSE;
     }
 
     if (idata.flags & PAMNS_DEBUG)
         pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
 
     /*
-     * For certain trusted programs such as newrole, open session
-     * is called from a child process while the parent perfoms
-     * close session and pam end functions. For these commands
-     * pam_close_session should not perform the unmount of the
-     * polyinstantiatied directory because it will result in
-     * undoing of parents polyinstantiatiaion. These commands
-     * will invoke pam_namespace with the "no_unmount_on_close"
-     * argument.
+     * Normally the unmount is implicitly done when the last
+     * process in the private namespace exits.
+     * If it is ensured that there are no child processes left in
+     * the private namespace by other means and if there are
+     * multiple sessions opened and closed sequentially by the
+     * same process, the "unmount_on_close" option might be
+     * used to unmount the polydirs explicitly.
      */
-    if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
+    if (!(idata.flags & PAMNS_UNMOUNT_ON_CLOSE)) {
+	pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL);
+	pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
+
 	if (idata.flags & PAMNS_DEBUG)
 	    pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
         return PAM_SUCCESS;
-- 
cgit v1.2.3