[redhat-lspp] some additional pam_namespace issues ..
LC Bruzenak
lenny at bruzenak.com
Thu Feb 16 17:29:42 UTC 2006
Janak,
What is the behavior of concurrent untrusted apps accessing /tmp during
the unmount time?
Thanks,
LCB.
On Thu, 2006-02-16 at 12:10 -0500, JANAK DESAI wrote:
...
>
> Current polyinst mechanism makes available the original /tmp
> directory from a protected alternate location (/.poly*), so trusted
> apps that wish to process un-polyinstantiated /tmp can do so.
> Trusted apps can use pam to figure out which directories are
> being polyinstantiated and how to locate their alternate location.
> A cleaner way (suggested by Dan Walsh and Al Viro) for a
> trusted app to access the original directory is to simply unmount
> the instance directory. So for example, when an a user logs
> in, /tmp/user-instance is bind mounted on top of /tmp. When
> that user executes a trusted app, the app can use pam_namespace,
> which can unshare namespace and unmount /tmp. That will
> will unmount the instance directory and expose the original
> /tmp. With this approach we won't need to create alternate
> location directory and bind mount the original /tmp there.
> I have unit tested this and it works well. Does anyone see any
> issues in getting to the original directory in this manner?
>
--
LC Bruzenak
lenny at bruzenak.com
More information about the redhat-lspp
mailing list