From ffe3830f997b26538dabbac0c7cbc359e71a3c34 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 20 Mar 2008 17:06:32 +0000 Subject: Relevant BUGIDs: rhbz#438338, rhbz#438264 Purpose of commit: bugfix Commit summary: --------------- 2008-03-20 Tomas Mraz * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER method only when appropriate. (setup_namespace): Do not umount when not mounted with RUSER. * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call freecontext() after the context is logged not before. --- modules/pam_namespace/pam_namespace.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'modules/pam_namespace') diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index d0741fd2..80c51443 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -822,10 +822,11 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name, */ pm = polyptr->method; - if (pm == LEVEL || pm == USER) { + if (pm == LEVEL || pm == CONTEXT) #ifdef WITH_SELINUX - if (!(idata->flags & PAMNS_CTXT_BASED_INST)) + if (!(idata->flags & PAMNS_CTXT_BASED_INST)) { #else + { pam_syslog(idata->pamh, LOG_NOTICE, "Context and level methods not available, using user method"); #endif @@ -1528,13 +1529,18 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { enum unmnt_op dir_unmnt = unmnt; - if (ns_override(pptr, idata, idata->uid)) { - if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { - continue; + + if (ns_override(pptr, idata, idata->ruid)) { + dir_unmnt = NO_UNMNT; + } + if (ns_override(pptr, idata, idata->uid)) { + if (dir_unmnt == NO_UNMNT) { + continue; } else { dir_unmnt = UNMNT_ONLY; } } + if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Setting poly ns for user %d for dir %s", -- cgit v1.2.3