polyinstantiation of the /tmp dir
Tomas Mraz
tmraz at redhat.com
Thu Sep 6 13:50:11 UTC 2007
On Wed, 2007-09-05 at 13:06 -0700, Clarkson, Mike R (US SSA) wrote:
> I'm trying to set up polyinstantiation of the /tmp directory using
> RHEL5. The /etc/security/namespace.conf file shows the following line as
> needing to be uncommented out:
> /tmp /tmp-inst/ level root,adm
>
> The /usr/share/doc/pam-0.99.6.2/txts/README.pam_namespace file describes
> the format of the /etc/security/namespace.conf file, and the allowable
> values. For the <method> entry it lists the following valid values:
> "user", "context", "both". It doesn't list "level" as a valid value.
> However, "level" is the only value that I can get to work. With "user",
> "context", or "both", I get the following error when I attempt to use
> newrole to change the level of my shell:
> "pam_open_session failed with Cannot make/remove an entry for
> the specified session"
>
> Any ideas as to why?
There can be various reasons. Use the 'debug' option of pam_namespace to
get some debug messages in /var/log/secure which may give some more
insight on this.
> And what other values are valid other than "level"
The documentation is a little bit outdated. The valid values are "user",
"context" and "level".
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-selinux-list
mailing list