summaryrefslogtreecommitdiff
path: root/modules/pam_namespace/pam_namespace.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_namespace/pam_namespace.8.xml')
-rw-r--r--modules/pam_namespace/pam_namespace.8.xml154
1 files changed, 72 insertions, 82 deletions
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
index f0f80d33..954093d9 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
@@ -1,16 +1,13 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-
-<refentry id='pam_namespace'>
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_namespace">
<refmeta>
<refentrytitle>pam_namespace</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+ <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
- <refnamediv id='pam_namespace-name'>
+ <refnamediv xml:id="pam_namespace-name">
<refname>pam_namespace</refname>
<refpurpose>
PAM module for configuring namespace for a session
@@ -20,46 +17,46 @@
<!-- body begins here -->
<refsynopsisdiv>
- <cmdsynopsis id="pam_namespace-cmdsynopsis">
+ <cmdsynopsis xml:id="pam_namespace-cmdsynopsis" sepchar=" ">
<command>pam_namespace.so</command>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
debug
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
unmnt_remnt
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
unmnt_only
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
require_selinux
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
gen_hash
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
ignore_config_error
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
ignore_instance_parent_mode
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
unmount_on_close
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
use_current_context
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
use_default_context
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
mount_private
</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1 id="pam_namespace-description">
+ <refsect1 xml:id="pam_namespace-description">
<title>DESCRIPTION</title>
<para>
The pam_namespace PAM module sets up a private namespace for a session
@@ -74,6 +71,12 @@
and the user name as its arguments.
</para>
+ <para condition="with_vendordir">
+ If <filename>/etc/security/namespace.init</filename> does not exist,
+ <filename>%vendordir%/security/namespace.init</filename> is the
+ alternative to be used for it.
+ </para>
+
<para>
The pam_namespace module disassociates the session namespace from
the parent namespace. Any mounts/unmounts performed in the parent
@@ -88,13 +91,13 @@
</refsect1>
- <refsect1 id="pam_namespace-options">
+ <refsect1 xml:id="pam_namespace-options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
- <option>debug</option>
+ debug
</term>
<listitem>
<para>
@@ -105,7 +108,7 @@
<varlistentry>
<term>
- <option>unmnt_remnt</option>
+ unmnt_remnt
</term>
<listitem>
<para>
@@ -125,7 +128,7 @@
<varlistentry>
<term>
- <option>unmnt_only</option>
+ unmnt_only
</term>
<listitem>
<para>
@@ -140,7 +143,7 @@
<varlistentry>
<term>
- <option>require_selinux</option>
+ require_selinux
</term>
<listitem>
<para>
@@ -151,7 +154,7 @@
<varlistentry>
<term>
- <option>gen_hash</option>
+ gen_hash
</term>
<listitem>
<para>
@@ -164,7 +167,7 @@
<varlistentry>
<term>
- <option>ignore_config_error</option>
+ ignore_config_error
</term>
<listitem>
<para>
@@ -180,7 +183,7 @@
<varlistentry>
<term>
- <option>ignore_instance_parent_mode</option>
+ ignore_instance_parent_mode
</term>
<listitem>
<para>
@@ -195,7 +198,7 @@
<varlistentry>
<term>
- <option>unmount_on_close</option>
+ unmount_on_close
</term>
<listitem>
<para>
@@ -212,7 +215,7 @@
<varlistentry>
<term>
- <option>use_current_context</option>
+ use_current_context
</term>
<listitem>
<para>
@@ -226,7 +229,7 @@
<varlistentry>
<term>
- <option>use_default_context</option>
+ use_default_context
</term>
<listitem>
<para>
@@ -240,7 +243,7 @@
<varlistentry>
<term>
- <option>mount_private</option>
+ mount_private
</term>
<listitem>
<para>
@@ -265,7 +268,7 @@
</variablelist>
</refsect1>
- <refsect1 id="pam_namespace-types">
+ <refsect1 xml:id="pam_namespace-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>session</option> module type is provided.
@@ -273,7 +276,7 @@
</para>
</refsect1>
- <refsect1 id="pam_namespace-return_values">
+ <refsect1 xml:id="pam_namespace-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
@@ -303,33 +306,57 @@
</variablelist>
</refsect1>
- <refsect1 id="pam_namespace-files">
+ <refsect1 xml:id="pam_namespace-files">
<title>FILES</title>
<variablelist>
<varlistentry>
- <term><filename>/etc/security/namespace.conf</filename></term>
+ <term>/etc/security/namespace.conf</term>
<listitem>
<para>Main configuration file</para>
</listitem>
</varlistentry>
+ <varlistentry condition="with_vendordir">
+ <term>%vendordir%/security/namespace.conf</term>
+ <listitem>
+ <para>Default configuration file if
+ <filename>/etc/security/namespace.conf</filename> does not exist.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
- <term><filename>/etc/security/namespace.d</filename></term>
+ <term>/etc/security/namespace.d</term>
<listitem>
<para>Directory for additional configuration files</para>
</listitem>
</varlistentry>
+ <varlistentry condition="with_vendordir">
+ <term>%vendordir%/security/namespace.d</term>
+ <listitem>
+ <para>Directory for additional vendor specific configuration files.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
- <term><filename>/etc/security/namespace.init</filename></term>
+ <term>/etc/security/namespace.init</term>
<listitem>
<para>Init script for instance directories</para>
</listitem>
</varlistentry>
+
+ <varlistentry condition="with_vendordir">
+ <term>%vendordir%/security/namespace.init</term>
+ <listitem>
+ <para>Vendor init script for instance directories if
+ /etc/security/namespace.init does not exist.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
- <refsect1 id="pam_namespace-examples">
+ <refsect1 xml:id="pam_namespace-examples">
<title>EXAMPLES</title>
<para>
@@ -343,50 +370,13 @@
</para>
<para>
- To use polyinstantiation with graphical display manager gdm, insert the
- following line, before exit 0, in /etc/gdm/PostSession/Default:
- </para>
-
- <para>
- /usr/sbin/gdm-safe-restart
- </para>
-
- <para>
- This allows gdm to restart after each session and appropriately adjust
- namespaces of display manager and the X server. If polyinstantiation
- of /tmp is desired along with the graphical environment, then additional
- configuration changes are needed to address the interaction of X server
- and font server namespaces with their use of /tmp to create
- communication sockets. Please use the initialization script
- <filename>/etc/security/namespace.init</filename> to ensure that
- the X server and its clients can appropriately access the
- communication socket X0. Please refer to the sample instructions
- provided in the comment section of the instance initialization script
- <filename>/etc/security/namespace.init</filename>. In addition,
- perform the following changes to use graphical environment with
- polyinstantiation of /tmp:
- </para>
-
- <para>
- <literallayout>
- 1. Disable the use of font server by commenting out "FontPath"
- line in /etc/X11/xorg.conf. If you do want to use the font server
- then you will have to augment the instance initialization
- script to appropriately provide /tmp/.font-unix from the
- polyinstantiated /tmp.
- 2. Ensure that the gdm service is setup to use pam_namespace,
- as described above, by modifying /etc/pam.d/gdm.
- 3. Ensure that the display manager is configured to restart X server
- with each new session. This default setup can be verified by
- making sure that /usr/share/gdm/defaults.conf contains
- "AlwaysRestartServer=true", and it is not overridden by
- /etc/gdm/custom.conf.
- </literallayout>
+ To use polyinstantiation with graphical display manager gdm, please refer
+ to gdm's documentation.
</para>
</refsect1>
- <refsect1 id="pam_namespace-see_also">
+ <refsect1 xml:id="pam_namespace-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
@@ -399,12 +389,12 @@
<refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>.
</para>
</refsect1>
- <refsect1 id="pam_namespace-authors">
+ <refsect1 xml:id="pam_namespace-authors">
<title>AUTHORS</title>
<para>
The namespace setup scheme was designed by Stephen Smalley, Janak Desai
@@ -415,4 +405,4 @@
&lt;tmraz@redhat.com&gt;.
</para>
</refsect1>
-</refentry>
+</refentry> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 07:44:11 +0000