On Wed, 2012-01-25 at 03:29 +0400, Dmitry V. Levin wrote:
On Tue, Jan 24, 2012 at 09:56:21PM +0100, Tomas Mraz wrote:
> The attached patch fixes another bug found in pam_namespace by Anders
> Blomdell. If there are processes that are running in the private
> namespace left after the pam_session_close() is called, they will see
> the original polyinstantiated directories contents as the bind mounts
> will be unmounted (at least for directories that are not currently in
> use by the processes). There is actually no need to do the unmounts. It
> would be useful only in case there are multiple pam_open/close_session
> calls called in sequence from a single process. I do not even know of
> any service that would do this, because it is not fully supported by
> other modules as well (the state of the process might be quite different
> from the original state before the first pam_open_session call). However
> I kept the unmounting code and call it only when unmount_on_close option
> is used.
>
> OK to commit?
OK for me.
P.S. NAMESPACE_PROTECT_DATA seems to be unused:
pam_namespace$ git grep NAMESPACE_PROTECT_DATA
pam_namespace.c: } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA,
idata->protect_dirs,
pam_namespace.c: pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.c: pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.h:#define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data"
I see no pam_get_data() calls with NAMESPACE_PROTECT_DATA argument.
This data is there purely for the cleanup() function call when the data
is set to NULL. It will unmount the protect bind mounts. However
normally these unmounts will not be performed because inside these bind
mounts there are the polyinstantiation directory bind mounts which will
prevent this. In case the unmount_on_close is set it should work.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb