[redhat-lspp] Comments on Pam-Namspace
Janak Desai
janak at us.ibm.com
Thu Feb 23 22:13:26 UTC 2006
Daniel J Walsh wrote:
> Janak Desai wrote:
>
>> Daniel J Walsh wrote:
>>
>>> I now have pam_namespace working with MLS policy, for the /tmp and
>>> /var/tmp directory
>>>
>>> We need to change the namespace.conf file to be
>>>
>>> /tmp /tmp/.inst-$USER- both root,adm
>>> /var/tmp/.inst-$USER- both root,adm
>>> #$HOME $HOME/.inst- context
>>>
>>> Why have the first two commented out? I think you put pam_namespace
>>> in the /etc/pam.d file you get /tmp and /var/tmp automatically.
>>>
>> Ok, I will change the conf file accordingly.
>>
>>> Also by default for the instance directory should be a subdirectory
>>> of the parent.
>>
>>
>> Agreed. I will update the config file and the README appropriately.
>>
>>>
>>> As far as the polyinstantiation of the home dir. Shouldn't this
>>> only happen on none SystemLow contexts?
>>>
>>> I turned it on and my homedir disappeared which seems strange.
>>>
>> This is under the control of the policy. The namespace module calls
>> security_compute_member library
>> function and expects the policy to return appropriate member
>> directory context. This member directory
>> context is then used for instance directory.
>
> But how do we in policy tell it to do nothing?
The current implementation always creates an instance directory, even if
the context returned by the
security_compute_member() returns the same context as that of the
directory to polyinstantiate. By "do
nothing" do you mean that we should not create an instance if the
security_compute_member() returns
the same context as the directory to polyinstantiate? It makes sense to
add that optimization. I will add
that to my list of things to do.
-Janak
>>
>>> Why do we still use the MD5sum for the directory name. Why not just
>>> use the level? Would make it easier to figure out what is going on.
>>>
>> I was using MD5 hashes to try and obscure the directory name.
>> However, now that I know that if
>> someone really wants to figure out the context, they can, even if the
>> name is hashed. So I can
>> remove the use of hash or make it configurable (if anyone still sees
>> any benefit of using it).
>>
>> Will make these changes after I return from the symposium ..
>>
>> -Janak
>>
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>
More information about the redhat-lspp
mailing list