diff options
Diffstat (limited to 'modules/pam_namespace/README')
| -rw-r--r-- | modules/pam_namespace/README | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/modules/pam_namespace/README b/modules/pam_namespace/README index 13c9c45b..8259051b 100644 --- a/modules/pam_namespace/README +++ b/modules/pam_namespace/README @@ -8,10 +8,11 @@ The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. If an executable script /etc/security/namespace.init -exists, it is used to initialize the namespace every time a new instance -directory is setup. The script receives the polyinstantiated directory path, -the instance directory path, flag whether the instance directory was newly -created (0 for no, 1 for yes), and the user name as its arguments. +exists, it is used to initialize the instance directory after it is set up and +mounted on the polyinstantiated direcory. The script receives the +polyinstantiated directory path, the instance directory path, flag whether the +instance directory was newly created (0 for no, 1 for yes), and the user name +as its arguments. The pam_namespace module disassociates the session namespace from the parent namespace. Any mounts/unmounts performed in the parent namespace, such as @@ -92,9 +93,9 @@ The pam_namespace.so module allows setup of private namespaces with polyinstantiated directories. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context. If an executable script /etc/security/namespace.init exists, -it is used to initialize the namespace every time a new instance directory is -setup. The script receives the polyinstantiated directory path and the instance -directory path as its arguments. +it is used to initialize the namespace every time an instance directory is set +up and mounted. The script receives the polyinstantiated directory path and the +instance directory path as its arguments. The /etc/security/namespace.conf file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would |