suggestion: decouple unshare from mounting in pam_namespace
Louis-Dominique Dubeau
ldd at lddubeau.com
Fri Sep 19 07:40:52 UTC 2008
Ok, following up on an old discussion (see below). I've submitted a patch to
the tracker to create a new module called pam_unshare which does what we
discussed here. I did not have our discussion at hand when I sent the patch
to the tracker so if I need to send a tarball instead of a patch please let me
know. Or if there is anything else I should do, let me know. I want as much
as possible to ensure a speedy inclusion of this patch to the mainline PAM.
I'm actively using pam_unshare right now so I'd rather see it be a standard
part of my distro rather than have to compile my own hacked PAM packages.
Thanks,
Louis
On Saturday 24 May 2008 02:31:05 Tomas Mraz wrote:
> On Fri, 2008-05-23 at 13:50 -0400, Louis-Dominique Dubeau wrote:
> > On Fri, 2008-05-23 at 10:24 -0400, Louis-Dominique Dubeau wrote:
> > > It makes sense somewhat. But with the KISS principle in mind - when you
> > > want just the unshare, why not create a new module called pam_unshare,
> > > which would just call unshare and not do anything else? I think we
> > > could accept such module into Linux-PAM.
> >
> > I have no problem with this approach. I just do not know pam well
> > enough to know whether this would have unforeseen consequences or not.
> >
> > What needs to be done to ensure the presence of pam_unshare in a future
> > version of pam?
>
> Just use some existing module as a template - for example remove all
> unnecessary code from pam_namespace + rename all the source files. Also
> rewrite the documentation. Then attach a tarball with the module into
> the issue tracker on PAM sourceforge.net page.
More information about the Pam-list
mailing list