From fbcbb0e302b0c7561e565531b47fba9477b238ba Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 10 Oct 2012 19:46:02 +0200
Subject: pam_namespace: add mntopts flag for tmpfs mount options

modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir
structure.
modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts.
(parse_method): Parse the mntopts flag.
(ns_setup): Pass the mount_opts to mount().
modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
---
 modules/pam_namespace/pam_namespace.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'modules/pam_namespace/pam_namespace.c')

diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index a40f05e6..e0d5e30b 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -64,6 +64,7 @@ static void del_polydir(struct polydir_s *poly)
 	if (poly) {
 		free(poly->uid);
 		free(poly->init_script);
+		free(poly->mount_opts);
 		free(poly);
 	}
 }
@@ -237,9 +238,9 @@ static int parse_method(char *method, struct polydir_s *poly,
     static const char *method_names[] = { "user", "context", "level", "tmpdir",
 	"tmpfs", NULL };
     static const char *flag_names[] = { "create", "noinit", "iscript",
-	"shared", NULL };
+	"shared", "mntopts", NULL };
     static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT,
-	POLYDIR_ISCRIPT, POLYDIR_SHARED };
+	POLYDIR_ISCRIPT, POLYDIR_SHARED, POLYDIR_MNTOPTS };
     int i;
     char *flag;
 
@@ -279,6 +280,20 @@ static int parse_method(char *method, struct polydir_s *poly,
 					return -1;
 				};
 				break;
+
+			    case POLYDIR_MNTOPTS:
+				if (flag[namelen] != '=')
+					break;
+				if (poly->method != TMPFS) {
+					pam_syslog(idata->pamh, LOG_WARNING, "Mount options applicable only to tmpfs method");
+					break;
+				}
+				free(poly->mount_opts); /* if duplicate mntopts specified */
+				if ((poly->mount_opts = strdup(flag+namelen+1)) == NULL) {
+					pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
+					return -1;
+				}
+				break;
 			}
 		}
 	}
@@ -1464,7 +1479,7 @@ static int ns_setup(struct polydir_s *polyptr,
     }
 
     if (polyptr->method == TMPFS) {
-	if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) {
+	if (mount("tmpfs", polyptr->dir, "tmpfs", 0, polyptr->mount_opts) < 0) {
 	    pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m",
 		polyptr->dir);
             return PAM_SESSION_ERR;
-- 
cgit v1.2.3