94 lines
4.4 KiB
Diff
94 lines
4.4 KiB
Diff
|
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
|
||
|
index 6ec3ad2..f0f80d3 100644
|
||
|
--- a/modules/pam_namespace/pam_namespace.8.xml
|
||
|
+++ b/modules/pam_namespace/pam_namespace.8.xml
|
||
|
@@ -44,7 +44,7 @@
|
||
|
ignore_instance_parent_mode
|
||
|
</arg>
|
||
|
<arg choice="opt">
|
||
|
- no_unmount_on_close
|
||
|
+ unmount_on_close
|
||
|
</arg>
|
||
|
<arg choice="opt">
|
||
|
use_current_context
|
||
|
@@ -195,16 +195,17 @@
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>
|
||
|
- <option>no_unmount_on_close</option>
|
||
|
+ <option>unmount_on_close</option>
|
||
|
</term>
|
||
|
<listitem>
|
||
|
<para>
|
||
|
- For certain trusted programs such as newrole, open session
|
||
|
- is called from a child process while the parent performs
|
||
|
- close session and pam end functions. For these commands
|
||
|
- use this option to instruct pam_close_session to not
|
||
|
- unmount the bind mounted polyinstantiated directory in the
|
||
|
- parent.
|
||
|
+ Explicitly unmount the polyinstantiated directories instead
|
||
|
+ of relying on automatic namespace destruction after the last
|
||
|
+ process in a namespace exits. This option should be used
|
||
|
+ only in case it is ensured by other means that there cannot be
|
||
|
+ any processes running in the private namespace left after the
|
||
|
+ session close. It is also useful only in case there are
|
||
|
+ multiple pam session calls in sequence from the same process.
|
||
|
</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
|
||
|
index 470f493..a40f05e 100644
|
||
|
--- a/modules/pam_namespace/pam_namespace.c
|
||
|
+++ b/modules/pam_namespace/pam_namespace.c
|
||
|
@@ -2108,24 +2108,26 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
|
||
|
idata.flags |= PAMNS_DEBUG;
|
||
|
if (strcmp(argv[i], "ignore_config_error") == 0)
|
||
|
idata.flags |= PAMNS_IGN_CONFIG_ERR;
|
||
|
- if (strcmp(argv[i], "no_unmount_on_close") == 0)
|
||
|
- idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
|
||
|
+ if (strcmp(argv[i], "unmount_on_close") == 0)
|
||
|
+ idata.flags |= PAMNS_UNMOUNT_ON_CLOSE;
|
||
|
}
|
||
|
|
||
|
if (idata.flags & PAMNS_DEBUG)
|
||
|
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
|
||
|
|
||
|
/*
|
||
|
- * For certain trusted programs such as newrole, open session
|
||
|
- * is called from a child process while the parent perfoms
|
||
|
- * close session and pam end functions. For these commands
|
||
|
- * pam_close_session should not perform the unmount of the
|
||
|
- * polyinstantiatied directory because it will result in
|
||
|
- * undoing of parents polyinstantiatiaion. These commands
|
||
|
- * will invoke pam_namespace with the "no_unmount_on_close"
|
||
|
- * argument.
|
||
|
+ * Normally the unmount is implicitly done when the last
|
||
|
+ * process in the private namespace exits.
|
||
|
+ * If it is ensured that there are no child processes left in
|
||
|
+ * the private namespace by other means and if there are
|
||
|
+ * multiple sessions opened and closed sequentially by the
|
||
|
+ * same process, the "unmount_on_close" option might be
|
||
|
+ * used to unmount the polydirs explicitly.
|
||
|
*/
|
||
|
- if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
|
||
|
+ if (!(idata.flags & PAMNS_UNMOUNT_ON_CLOSE)) {
|
||
|
+ pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL);
|
||
|
+ pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
|
||
|
+
|
||
|
if (idata.flags & PAMNS_DEBUG)
|
||
|
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
|
||
|
return PAM_SUCCESS;
|
||
|
diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
|
||
|
index 6bca31c..1d0c11c 100644
|
||
|
--- a/modules/pam_namespace/pam_namespace.h
|
||
|
+++ b/modules/pam_namespace/pam_namespace.h
|
||
|
@@ -101,7 +101,7 @@
|
||
|
#define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */
|
||
|
#define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */
|
||
|
#define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */
|
||
|
-#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */
|
||
|
+#define PAMNS_UNMOUNT_ON_CLOSE 0x00010000 /* Unmount at session close */
|
||
|
#define PAMNS_USE_CURRENT_CONTEXT 0x00020000 /* use getcon instead of getexeccon */
|
||
|
#define PAMNS_USE_DEFAULT_CONTEXT 0x00040000 /* use get_default_context instead of getexeccon */
|
||
|
#define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */
|