[systemd-devel] New pam module to start a session.
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 14 05:47:30 PDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/14/2011 04:34 AM, Stef Bon wrote:
> Hi,
>
> I've rewritten an existing pam module pam_script. What it does:
>
> . runs a script . unshare the mount namespace (if configured,
> default yes)
>
> if the directory to chroot to is specfied it does also:
>
> . mount all the required directories like bin, lib, usr etcetera. .
> chroot to this directory
>
> See:
>
> git clone git://gitorious.org/pam_script/pam_script.git pam_script
> cd pam_script
>
>
> Please some comments. Especially the starting of a session, is
> this enough? If you look to the code you'll see that I've copied
> from nspawn.c the check is_os_tree and mount_all functions, and
> adjusted them a bit(is this ok?)
>
> In nspawn a lot more is done but I'm not that familiar with these
> "low level" operations. So please comment on this.
>
> Stef _______________________________________________ systemd-devel
> mailing list systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Did you look at extending pam_namespace?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6YL2IACgkQrlYvE4MpobPL9gCeJ4/aKVMKiGoAjD+K5cD7paZR
xocAoJfTC3bYV/0Irzkp34eIwqClDCc4
=yZh7
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list