The attached patch fixes another bug found in pam_namespace by Anders
Blomdell. If there are processes that are running in the private
namespace left after the pam_session_close() is called, they will see
the original polyinstantiated directories contents as the bind mounts
will be unmounted (at least for directories that are not currently in
use by the processes). There is actually no need to do the unmounts. It
would be useful only in case there are multiple pam_open/close_session
calls called in sequence from a single process. I do not even know of
any service that would do this, because it is not fully supported by
other modules as well (the state of the process might be quite different
from the original state before the first pam_open_session call). However
I kept the unmounting code and call it only when unmount_on_close option
is used.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
Show replies by date