[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-list
Subject: Re: [patch] New method "static" for pam_namespace
From: Jan Kasprzak <kas () fi ! muni ! cz>
Date: 2007-09-26 15:19:09
Message-ID: 20070926151909.GP5904 () fi ! muni ! cz
[Download RAW message or body]
Jan Kasprzak wrote:
> I have found that this part (a new method which does not add anything
> to the <prefix> path and relies solely on the $USER and $HOME variable
> expansion, is pretty straightforward. Patch attached, please review and
> consider including in further releases.
Oops, forgot to include the pam_namespace.h part of the patch.
New patch attached:
--- Linux-PAM-0.99.7.1/modules/pam_namespace/pam_namespace.c.static 2007-09-26 \
15:27:36.000000000 +0200
+++ Linux-PAM-0.99.7.1/modules/pam_namespace/pam_namespace.c 2007-09-26 \
15:33:30.000000000 +0200 @@ -266,6 +266,9 @@
#endif
+ if (strcmp(method, "static") == 0)
+ poly.method = STATIC;
+
if ( poly.method == NONE) {
pam_syslog(idata->pamh, LOG_NOTICE, "Illegal method");
goto skipping;
@@ -603,6 +606,10 @@
goto fail;
}
break;
+ case STATIC:
+ if ((*i_name = strdup("")) == NULL)
+ goto fail;
+ break;
#ifdef WITH_SELINUX
case LEVEL:
--- Linux-PAM-0.99.7.1/modules/pam_namespace/pam_namespace.h.static 2007-09-26 \
17:17:14.000000000 +0200
+++ Linux-PAM-0.99.7.1/modules/pam_namespace/pam_namespace.h 2007-09-26 \
15:30:12.000000000 +0200 @@ -100,6 +100,7 @@
USER,
CONTEXT,
LEVEL,
+ STATIC,
};
/*
--- Linux-PAM-0.99.7.1/modules/pam_namespace/namespace.conf.5.xml.static 2007-09-26 \
16:45:40.000000000 +0200
+++ Linux-PAM-0.99.7.1/modules/pam_namespace/namespace.conf.5.xml 2007-09-26 \
17:18:21.000000000 +0200 @@ -71,10 +71,13 @@
<para>
The third field, <replaceable>method</replaceable>, is the method
- used for polyinstantiation. It can take 3 different values; "user"
+ used for polyinstantiation. It can take 4 different values; "user"
for polyinstantiation based on user name, "level" for
- polyinstantiation based on process MLS level and user name, and "context" for
- polyinstantiation based on process security context and user name
+ polyinstantiation based on process MLS level and user name, "context" for
+ polyinstantiation based on process security context and user name,
+ and "static" which uses the <instance_prefix> without adding
+ anything to it - this method relies solely on the $HOME and $USER
+ variables expansion.
Methods "context" and "level" are only available with SELinux. This
field cannot be blank.
</para>
@@ -124,6 +127,7 @@
/tmp /tmp-inst/ level root,adm
/var/tmp /var/tmp/tmp-inst/ level root,adm
$HOME $HOME/$USER.inst/inst- context
+ /myapp $HOME/myapp static root
</literallayout>
<para>
--
> Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
> GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
> http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
> So at least in some cases, I think we should "default to stupid, <
> but give users rope". --Linus Torvalds <
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic