From b3644707da87d61559f8322771a88d2162a47a4e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 15 Jun 2007 09:38:11 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix, new feature Commit summary: --------------- 2007-06-15 Tomas Mraz * modules/pam_namespace/README.xml: Avoid duplication of documentation. * modules/pam_namespace/namespace.conf: More real life example from MLS support. * modules/pam_namespace/namespace.conf.5.xml: Likewise plus properly describe how instance directory names are formed. * modules/pam_namespace/namespace.init: Preserve euid when called from setuid apps (su, newrole). * modules/pam_namespace/pam_namespace.8.xml: Added option no_unmount_on_close. * modules/pam_namespace/pam_namespace.c (process_line): Polyinst methods are now user, level and context. Fix crash on unknown override user in config file. (ns_override): Add explicit uid parameter. (form_context): Skip for user method. Implement level based polyinstantiation. (poly_name): Initialize contexts. Add level based polyinst, remove 'both' metod. Use raw contexts for instance names, truncate long instance names and add hash. (ns_setup): Hashing moved to poly_name(). (setup_namespace): Handle correctly override users for su (when unmnt_remnt is used). (pam_sm_close_session): Added no_unmount_on_close option. * modules/pam_namespace/pam_namespace.h: Added no_unmount_on_close_option, level method, limit on instance directory name length. --- modules/pam_namespace/pam_namespace.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'modules/pam_namespace/pam_namespace.h') diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h index c918cff3..0847ec08 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h @@ -63,6 +63,7 @@ #ifdef WITH_SELINUX #include +#include #endif #ifndef CLONE_NEWNS @@ -86,15 +87,19 @@ #define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */ #define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */ #define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */ +#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */ + +#define NAMESPACE_MAX_DIR_LEN 80 /* * Polyinstantiation method options, based on user, security context * or both */ enum polymethod { + NONE, USER, CONTEXT, - BOTH, + LEVEL, }; /* -- cgit v1.2.3