[systemd-devel] New pam module to start a session.

Stef Bon stefbon at gmail.com
Fri Oct 14 01:34:09 PDT 2011


Hi,

I've rewritten an existing pam module pam_script. What it does:

. runs a script
. unshare the mount namespace (if configured, default yes)

if the directory to chroot to is specfied it does also:

. mount all the required directories like bin, lib, usr etcetera.
. chroot to this directory

See:

git clone git://gitorious.org/pam_script/pam_script.git pam_script
cd pam_script


Please some comments. Especially the starting of a session, is this
enough? If you look to the code you'll see that
I've copied from nspawn.c the check is_os_tree and mount_all
functions, and adjusted them a bit(is this ok?)

In nspawn a lot more is done but I'm not that familiar with these "low
level" operations. So please comment on this.

Stef


More information about the systemd-devel mailing list