pam/pam-1.1.5-namespace-no-unmount.patch

94 lines
4.4 KiB
Diff

diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
index 6ec3ad2..f0f80d3 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
@@ -44,7 +44,7 @@
ignore_instance_parent_mode
</arg>
<arg choice="opt">
- no_unmount_on_close
+ unmount_on_close
</arg>
<arg choice="opt">
use_current_context
@@ -195,16 +195,17 @@
<varlistentry>
<term>
- <option>no_unmount_on_close</option>
+ <option>unmount_on_close</option>
</term>
<listitem>
<para>
- For certain trusted programs such as newrole, open session
- is called from a child process while the parent performs
- close session and pam end functions. For these commands
- use this option to instruct pam_close_session to not
- unmount the bind mounted polyinstantiated directory in the
- parent.
+ Explicitly unmount the polyinstantiated directories instead
+ of relying on automatic namespace destruction after the last
+ process in a namespace exits. This option should be used
+ only in case it is ensured by other means that there cannot be
+ any processes running in the private namespace left after the
+ session close. It is also useful only in case there are
+ multiple pam session calls in sequence from the same process.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 470f493..a40f05e 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -2108,24 +2108,26 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
idata.flags |= PAMNS_DEBUG;
if (strcmp(argv[i], "ignore_config_error") == 0)
idata.flags |= PAMNS_IGN_CONFIG_ERR;
- if (strcmp(argv[i], "no_unmount_on_close") == 0)
- idata.flags |= PAMNS_NO_UNMOUNT_ON_CLOSE;
+ if (strcmp(argv[i], "unmount_on_close") == 0)
+ idata.flags |= PAMNS_UNMOUNT_ON_CLOSE;
}
if (idata.flags & PAMNS_DEBUG)
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
/*
- * For certain trusted programs such as newrole, open session
- * is called from a child process while the parent perfoms
- * close session and pam end functions. For these commands
- * pam_close_session should not perform the unmount of the
- * polyinstantiatied directory because it will result in
- * undoing of parents polyinstantiatiaion. These commands
- * will invoke pam_namespace with the "no_unmount_on_close"
- * argument.
+ * Normally the unmount is implicitly done when the last
+ * process in the private namespace exits.
+ * If it is ensured that there are no child processes left in
+ * the private namespace by other means and if there are
+ * multiple sessions opened and closed sequentially by the
+ * same process, the "unmount_on_close" option might be
+ * used to unmount the polydirs explicitly.
*/
- if (idata.flags & PAMNS_NO_UNMOUNT_ON_CLOSE) {
+ if (!(idata.flags & PAMNS_UNMOUNT_ON_CLOSE)) {
+ pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL);
+ pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
+
if (idata.flags & PAMNS_DEBUG)
pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
return PAM_SUCCESS;
diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
index 6bca31c..1d0c11c 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -101,7 +101,7 @@
#define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */
#define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */
#define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */
-#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */
+#define PAMNS_UNMOUNT_ON_CLOSE 0x00010000 /* Unmount at session close */
#define PAMNS_USE_CURRENT_CONTEXT 0x00020000 /* use getcon instead of getexeccon */
#define PAMNS_USE_DEFAULT_CONTEXT 0x00040000 /* use get_default_context instead of getexeccon */
#define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */