path: root/modules/pam_namespace/pam_namespace.8.xml
diff options
Diffstat (limited to 'modules/pam_namespace/pam_namespace.8.xml')
1 files changed, 9 insertions, 8 deletions
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
index 6ec3ad23..f0f80d33 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
@@ -44,7 +44,7 @@
<arg choice="opt">
- no_unmount_on_close
+ unmount_on_close
<arg choice="opt">
@@ -195,16 +195,17 @@
- <option>no_unmount_on_close</option>
+ <option>unmount_on_close</option>
- For certain trusted programs such as newrole, open session
- is called from a child process while the parent performs
- close session and pam end functions. For these commands
- use this option to instruct pam_close_session to not
- unmount the bind mounted polyinstantiated directory in the
- parent.
+ Explicitly unmount the polyinstantiated directories instead
+ of relying on automatic namespace destruction after the last
+ process in a namespace exits. This option should be used
+ only in case it is ensured by other means that there cannot be
+ any processes running in the private namespace left after the
+ session close. It is also useful only in case there are
+ multiple pam session calls in sequence from the same process.