summaryrefslogtreecommitdiff
path: root/modules/pam_namespace/pam_namespace.h
Commit message (Collapse)AuthorAge
* Fix various typos found using codespell toolDmitry V. Levin2020-03-28
|
* pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mountsTomas Mraz2019-11-04
| | | | | | | | | | * modules/pam_namespace/namespace.conf.5.xml: Add documentation for the noexec, nosuid, and nodev flags support. * modules/pam_namespace/pam_namespace.c (filter_mntopts): New function to filter out the flags. (parse_method): Call the function. (ns_setup): Apply the flags to the tmpfs mount. * modules/pam_namespace/pam_namespace.h: Add mount_flags to polydir_s struct.
* pam_namespace: add mntopts flag for tmpfs mount optionsTomas Mraz2012-10-10
| | | | | | | | | modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir structure. modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts. (parse_method): Parse the mntopts flag. (ns_setup): Pass the mount_opts to mount(). modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag.
* Small documentation and define fixesThorsten Kukuk2012-08-16
| | | | | | | modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary modules/pam_pwhistory/pam_pwhistory.c: Document how the module works modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6]
* Do not unmount anything by default in pam_namespace close session call.Tomas Mraz2012-01-26
| | | | | | | | * modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize the unmount_on_close option and make the default to be to not unmount. * modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to PAMNS_UNMOUNT_ON_CLOSE. * modules/pam_namespace/pam_namespace.8.xml: Document the change.
* Fix whitespace issuesDmitry V. Levin2011-10-26
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Define the MS_PRIVATE and MS_REC flags if they are not in sys/mount.h.Tomas Mraz2011-06-06
|
* Add support for the mount_private option to pam_namespace.Tomas Mraz2011-06-02
|
* Relevant BUGIDs:Tomas Mraz2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-04-18 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/pam_namespace.c: New functions unprotect_dirs(), cleanup_protect_data(), protect_mount(), protect_dir() to protect directory by bind mount. (cleanup_data): Renamed to cleanup_polydir_data(). (parse_create_params): Allow missing specification of mode or owner. (check_inst_parent): Call protect_dir() on the instance parent directory. The directory is created when it doesn't exist. (create_polydir): Protect and make the polydir by protect_dir(), remove potential races. (create_dirs): Renamed to create_instance(), remove call to inst_init(). (ns_setup): Call protect_dir() on the polydir if it already exists. Call inst_init() after the polydir is mounted. (setup_namespace): Set the namespace protect data to be cleaned up on pam_close_session()/pam_end(). (pam_sm_open_session): Initialize the protect_dirs. (pam_sm_close_session): Cleanup namespace protect data. * modules/pam_namespace/pam_namespace.h: Define struct for the stack of protected dirs. * modules/pam_namespace/pam_namespace.8.xml: Document when the instance init script is called. * modules/pam_namespace/namespace.conf.5.xml: Likewise.
* Relevant BUGIDs:Tomas Mraz2008-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix, new feature Commit summary: --------------- 2008-02-13 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d dir. * modules/pam_namespace/argv_parse.c: New file. * modules/pam_namespace/argv_parse.h: New file. * modules/pam_namespace/namespace.conf.5.xml: Document new features. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define. Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags and polydir flags. (polydir_s): Add rdir, replace exclusive with flags, add init_script, owner, group, and mode. (instance_data): Add ruser, gid, and ruid. * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent(). (add_polydir_entry): Add the entry directly, no copy. (del_polydir): New function. (del_polydir_list): Call del_polydir(). (expand_variables, parse_create_params, parse_iscript_params, parse_method): New functions. (process_line): Call expand_variables() on polydir and instance prefix. Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap. (parse_config_file): Parse .conf files from namespace.d dir after namespace.conf. (form_context): Call getcon() or get_default_context_with_level() when appropriate flags are set. (poly_name): Handle shared polydir flag. (inst_init): Execute non-default init script when specified. (create_polydir): New function. (create_dirs): Remove the code which checks the polydir. Do not call inst_init() when noinit flag is set. (ns_setup): Check the polydir and eventually create it if the create flag is set. (setup_namespace): Use ruser uid from idata. Set the namespace polydir pam data only when namespace was set up correctly. Unmount polydir based on ruser. (get_user_data): New function. (pam_sm_open_session): Check for use_current_context and use_default_context options. Call get_user_data(). (pam_sm_close_session): Call get_user_data().
* Relevant BUGIDs:Tomas Mraz2008-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-02-01 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/namespace.conf.5.xml: Add documentation for tmpfs and tmpdir polyinst and for ~ user list modifier. * modules/pam_namespace/namespace.init: Add documentation for the new init parameter. Add home directory initialization script. * modules/pam_namespace/pam_namespace.8.xml: Document the new init parameter of the namespace.init script. * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag. (cleanup_data): New function. (process_line): Set exclusive flag. Add tmpfs and tmpdir methods. (ns_override): Change behavior on the exclusive flag. (poly_name): Process tmpfs and tmpdir methods. (inst_init): Add flag for new directory initialization. (create_dirs): Process the tmpdir method, add the new directory flag. (ns_setup): Remove unused code. Process the tmpfs method. (cleanup_tmpdirs): New function. (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs on failures. (pam_sm_close_session): Instead of parsing the config file again use the previously set data for cleanup. * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods and exclusive flag.
* Relevant BUGIDs:Tomas Mraz2007-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: bugfix, new feature Commit summary: --------------- 2007-06-15 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/README.xml: Avoid duplication of documentation. * modules/pam_namespace/namespace.conf: More real life example from MLS support. * modules/pam_namespace/namespace.conf.5.xml: Likewise plus properly describe how instance directory names are formed. * modules/pam_namespace/namespace.init: Preserve euid when called from setuid apps (su, newrole). * modules/pam_namespace/pam_namespace.8.xml: Added option no_unmount_on_close. * modules/pam_namespace/pam_namespace.c (process_line): Polyinst methods are now user, level and context. Fix crash on unknown override user in config file. (ns_override): Add explicit uid parameter. (form_context): Skip for user method. Implement level based polyinstantiation. (poly_name): Initialize contexts. Add level based polyinst, remove 'both' metod. Use raw contexts for instance names, truncate long instance names and add hash. (ns_setup): Hashing moved to poly_name(). (setup_namespace): Handle correctly override users for su (when unmnt_remnt is used). (pam_sm_close_session): Added no_unmount_on_close option. * modules/pam_namespace/pam_namespace.h: Added no_unmount_on_close_option, level method, limit on instance directory name length.
* Relevant BUGIDs:Thorsten Kukuk2006-07-28
Purpose of commit: cleanup Commit summary: --------------- 2006-07-24 David Quigley <dpquigl@tycho.nsa.gov> * modules/pam_namespace/Makefile.am: Add pam_namespace.h. * modules/pam_namespace/pam_namespace.c: Move includes and data structure definitions from here ... * modules/pam_namespace/pam_namespace.h: ... here. New file. * modules/pam_namespace/pam_namespace.c: Move large sections of code into new functions. Acked by Janak Desai <janak@us.ibm.com>