diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-04-18 12:53:38 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-04-18 12:53:38 +0000 |
| commit | 902026536a826400014a7508b008e41269d081e6 (patch) | |
| tree | 90c35614bc4a873845fafcf806385312fc05903f /modules/pam_namespace/pam_namespace.8.xml | |
| parent | 31a8f873dac892b15d374d8eb33037515678d6af (diff) | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2008-04-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_namespace/pam_namespace.c: New functions
unprotect_dirs(), cleanup_protect_data(), protect_mount(),
protect_dir() to protect directory by bind mount.
(cleanup_data): Renamed to cleanup_polydir_data().
(parse_create_params): Allow missing specification of mode
or owner.
(check_inst_parent): Call protect_dir() on the instance parent
directory. The directory is created when it doesn't exist.
(create_polydir): Protect and make the polydir by protect_dir(),
remove potential races.
(create_dirs): Renamed to create_instance(), remove call to
inst_init().
(ns_setup): Call protect_dir() on the polydir if it already exists.
Call inst_init() after the polydir is mounted.
(setup_namespace): Set the namespace protect data to be cleaned up
on pam_close_session()/pam_end().
(pam_sm_open_session): Initialize the protect_dirs.
(pam_sm_close_session): Cleanup namespace protect data.
* modules/pam_namespace/pam_namespace.h: Define struct for the
stack of protected dirs.
* modules/pam_namespace/pam_namespace.8.xml: Document when the
instance init script is called.
* modules/pam_namespace/namespace.conf.5.xml: Likewise.
Diffstat (limited to 'modules/pam_namespace/pam_namespace.8.xml')
| -rw-r--r-- | modules/pam_namespace/pam_namespace.8.xml | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml index 32c5359d..787aba4a 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml @@ -64,11 +64,11 @@ provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. If an executable script <filename>/etc/security/namespace.init</filename> exists, it - is used to initialize the namespace every time a new instance - directory is setup. The script receives the polyinstantiated - directory path, the instance directory path, flag whether the instance - directory was newly created (0 for no, 1 for yes), and the user name - as its arguments. + is used to initialize the instance directory after it is set up + and mounted on the polyinstantiated direcory. The script receives the + polyinstantiated directory path, the instance directory path, flag + whether the instance directory was newly created (0 for no, 1 for yes), + and the user name as its arguments. </para> <para> |