blob: c7305ffec1befb96bd6e5b5fd1893b638496390c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# /etc/security/namespace.conf
#
# See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
#
# Uncommenting the following three lines will polyinstantiate
# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
# be polyinstantiated based on both security context as well as user
# name, whereas home directory will be polyinstantiated based on
# security context only. Polyinstantion will not be performed for
# user root and adm for directories /tmp and /var/tmp, whereas home
# directories will be polyinstantiated for all users. The user name
# and/or context is appended to the instance prefix.
#
# Note that instance directories do not have to reside inside the
# polyinstantiated directory. In the examples below, instances of /tmp
# will be created in /tmp-inst directory, where as instances of /var/tmp
# and users home directories will reside within the directories that
# are being polyinstantiated.
#
# Instance parent directories must exist for the polyinstantiation
# mechanism to work. By default, they should be created with the mode
# of 000. pam_namespace module will enforce this mode unless it
# is explicitly called with an argument to ignore the mode of the
# instance parent. System administrators should use this argument with
# caution, as it will reduce security and isolation achieved by
# polyinstantiation.
#
#/tmp /tmp-inst/ both root,adm
#/var/tmp /var/tmp/tmp-inst/ both root,adm
#$HOME $HOME/$USER.inst/inst- context
|
