diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-02-01 16:22:23 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-02-01 16:22:23 +0000 |
| commit | 2535f925c1a6049e5ad9ee4f313bcaa79131932b (patch) | |
| tree | b0f1ae461c7b4650ccd8c5211e57f24c114eb79c /modules/pam_namespace/namespace.conf.5.xml | |
| parent | 538dad819245deb53f1d55109130dce2199c6730 (diff) | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2008-02-01 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/namespace.conf.5.xml: Add documentation for
tmpfs and tmpdir polyinst and for ~ user list modifier.
* modules/pam_namespace/namespace.init: Add documentation for the
new init parameter. Add home directory initialization script.
* modules/pam_namespace/pam_namespace.8.xml: Document the new
init parameter of the namespace.init script.
* modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag.
(cleanup_data): New function.
(process_line): Set exclusive flag. Add tmpfs and tmpdir methods.
(ns_override): Change behavior on the exclusive flag.
(poly_name): Process tmpfs and tmpdir methods.
(inst_init): Add flag for new directory initialization.
(create_dirs): Process the tmpdir method, add the new directory
flag.
(ns_setup): Remove unused code. Process the tmpfs method.
(cleanup_tmpdirs): New function.
(setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs
on failures.
(pam_sm_close_session): Instead of parsing the config file again use
the previously set data for cleanup.
* modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods
and exclusive flag.
Diffstat (limited to 'modules/pam_namespace/namespace.conf.5.xml')
| -rw-r--r-- | modules/pam_namespace/namespace.conf.5.xml | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml index db48cdcb..9fbefc49 100644 --- a/modules/pam_namespace/namespace.conf.5.xml +++ b/modules/pam_namespace/namespace.conf.5.xml @@ -72,10 +72,13 @@ <para> The third field, <replaceable>method</replaceable>, is the method - used for polyinstantiation. It can take 3 different values; "user" + used for polyinstantiation. It can take these values; "user" for polyinstantiation based on user name, "level" for - polyinstantiation based on process MLS level and user name, and "context" for - polyinstantiation based on process security context and user name + polyinstantiation based on process MLS level and user name, "context" for + polyinstantiation based on process security context and user name, + "tmpfs" for mounting tmpfs filesystem as an instance dir, and + "tmpdir" for creating temporary directory as an instance dir which is + removed when the user's session is closed. Methods "context" and "level" are only available with SELinux. This field cannot be blank. </para> @@ -84,7 +87,8 @@ The fourth field, <replaceable>list_of_uids</replaceable>, is a comma separated list of user names for whom the polyinstantiation is not performed. If left blank, polyinstantiation will be performed - for all users. + for all users. If the list is preceded with a single "~" character, + polyinstantiation is performed only for users in the list. </para> <para> |