[redhat-lspp] Comments on Pam-Namspace
Daniel J Walsh
dwalsh at redhat.com
Thu Feb 23 16:11:10 UTC 2006
I now have pam_namespace working with MLS policy, for the /tmp and
/var/tmp directory
We need to change the namespace.conf file to be
/tmp /tmp/.inst-$USER- both root,adm
/var/tmp/.inst-$USER- both root,adm
#$HOME $HOME/.inst- context
Why have the first two commented out? I think you put pam_namespace in
the /etc/pam.d file you get /tmp and /var/tmp automatically.
Also by default for the instance directory should be a subdirectory of
the parent.
As far as the polyinstantiation of the home dir. Shouldn't this only
happen on none SystemLow contexts?
I turned it on and my homedir disappeared which seems strange.
Why do we still use the MD5sum for the directory name. Why not just use
the level? Would make it easier to figure out what is going on.
Dan
More information about the redhat-lspp
mailing list