2:56 p.m.
The attached patch fixes another bug found in pam_namespace by Anders
Blomdell. If there are processes that are running in the private
namespace left after the pam_session_close() is called, they will see
the original polyinstantiated directories contents as the bind mounts
will be unmounted (at least for directories that are not currently in
use by the processes). There is actually no need to do the unmounts. It
would be useful only in case there are multiple pam_open/close_session
calls called in sequence from a single process. I do not even know of
any service that would do this, because it is not fully supported by
other modules as well (the state of the process might be quite different
from the original state before the first pam_open_session call). However
I kept the unmounting code and call it only when unmount_on_close option
is used.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
5:29 p.m.
On Tue, Jan 24, 2012 at 09:56:21PM +0100, Tomas Mraz wrote:
The attached patch fixes another bug found in pam_namespace by
Anders
Blomdell. If there are processes that are running in the private
namespace left after the pam_session_close() is called, they will see
the original polyinstantiated directories contents as the bind mounts
will be unmounted (at least for directories that are not currently in
use by the processes). There is actually no need to do the unmounts. It
would be useful only in case there are multiple pam_open/close_session
calls called in sequence from a single process. I do not even know of
any service that would do this, because it is not fully supported by
other modules as well (the state of the process might be quite different
from the original state before the first pam_open_session call). However
I kept the unmounting code and call it only when unmount_on_close option
is used.
OK to commit?
OK for me.
P.S. NAMESPACE_PROTECT_DATA seems to be unused:
pam_namespace$ git grep NAMESPACE_PROTECT_DATA
pam_namespace.c: } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA,
idata->protect_dirs,
pam_namespace.c: pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.c: pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.h:#define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data"
I see no pam_get_data() calls with NAMESPACE_PROTECT_DATA argument.
--
ldv
2:03 a.m.
On Wed, 2012-01-25 at 03:29 +0400, Dmitry V. Levin wrote:
On Tue, Jan 24, 2012 at 09:56:21PM +0100, Tomas Mraz wrote:
> The attached patch fixes another bug found in pam_namespace by Anders
> Blomdell. If there are processes that are running in the private
> namespace left after the pam_session_close() is called, they will see
> the original polyinstantiated directories contents as the bind mounts
> will be unmounted (at least for directories that are not currently in
> use by the processes). There is actually no need to do the unmounts. It
> would be useful only in case there are multiple pam_open/close_session
> calls called in sequence from a single process. I do not even know of
> any service that would do this, because it is not fully supported by
> other modules as well (the state of the process might be quite different
> from the original state before the first pam_open_session call). However
> I kept the unmounting code and call it only when unmount_on_close option
> is used.
>
> OK to commit?
OK for me.
P.S. NAMESPACE_PROTECT_DATA seems to be unused:
pam_namespace$ git grep NAMESPACE_PROTECT_DATA
pam_namespace.c: } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA,
idata->protect_dirs,
pam_namespace.c: pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.c: pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
pam_namespace.h:#define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data"
I see no pam_get_data() calls with NAMESPACE_PROTECT_DATA argument.
This data is there purely for the cleanup() function call when the data
is set to NULL. It will unmount the protect bind mounts. However
normally these unmounts will not be performed because inside these bind
mounts there are the polyinstantiation directory bind mounts which will
prevent this. In case the unmount_on_close is set it should work.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
4480
days inactive
4481
days old
pam-developers@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Dmitry V. Levin -
Tomas Mraz