Question howto communication between child and parent.
Stef Bon
stefbon at gmail.com
Mon Oct 10 10:10:19 UTC 2011
Hi,
I'm rewriting an existing pam module pam_script.so. Till now it was
able to run scripts, and exposing some variables.
I want to add the ability to unshare the namespace, and chroot. The
things in order it will do:
a. unshare
b. forking and let child run scripts
c. wait for child to finish and chroot
The purpose is that the whole new environment (=mounts) is set up by
the external scripts at step b. These scripts are reading various
configuration settings, and doing the right mounts.
It's also possible that for the user logging in no chroot is done by
these configuration settings.
The directory to chroot to is set in phase 2 by the external scripts,
and has to be known by the chroot command in phase c. What is a good
way to communicate between the child and the parent to send this
directory?
Right know I'm using a temporary file in
/var/run/pam-script-info-"parentpid". This file is set in the
environment of the child:
PAM_SCRIPT_INFO=/var/run/pam-script-info-29796
the external scripts can write to this file the value:
CHROOTDIR=...
which the parent will read when the child has finished.
If found than a chroot to this dir is done, if not no chroot.
This will work, I havent fully tested it yet, but are there other ways
to do this??
Stef
More information about the Pam-list
mailing list