suggestion: decouple unshare from mounting in pam_namespace
Tomas Mraz
tmraz at redhat.com
Fri May 23 18:31:05 UTC 2008
On Fri, 2008-05-23 at 13:50 -0400, Louis-Dominique Dubeau wrote:
> On Fri, 2008-05-23 at 10:24 -0400, Louis-Dominique Dubeau wrote:
> > It makes sense somewhat. But with the KISS principle in mind - when you
> > want just the unshare, why not create a new module called pam_unshare,
> > which would just call unshare and not do anything else? I think we could
> > accept such module into Linux-PAM.
>
> I have no problem with this approach. I just do not know pam well
> enough to know whether this would have unforeseen consequences or not.
>
> What needs to be done to ensure the presence of pam_unshare in a future
> version of pam?
Just use some existing module as a template - for example remove all
unnecessary code from pam_namespace + rename all the source files. Also
rewrite the documentation. Then attach a tarball with the module into
the issue tracker on PAM sourceforge.net page.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list