[systemd-devel] New pam module to start a session.
Stef Bon
stefbon at gmail.com
Sat Oct 15 06:35:25 PDT 2011
No I didn't. I will post it on the pam maillist, see what they think of it.
Stef
2011/10/14 Daniel J Walsh <dwalsh at redhat.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/14/2011 04:34 AM, Stef Bon wrote:
>> Hi,
>>
>> I've rewritten an existing pam module pam_script. What it does:
>>
>> . runs a script . unshare the mount namespace (if configured,
>> default yes)
>>
>> if the directory to chroot to is specfied it does also:
>>
>> . mount all the required directories like bin, lib, usr etcetera. .
>> chroot to this directory
>>
>> See:
>>
>> git clone git://gitorious.org/pam_script/pam_script.git pam_script
>> cd pam_script
>>
>>
>> Please some comments. Especially the starting of a session, is
>> this enough? If you look to the code you'll see that I've copied
>> from nspawn.c the check is_os_tree and mount_all functions, and
>> adjusted them a bit(is this ok?)
>>
>> In nspawn a lot more is done but I'm not that familiar with these
>> "low level" operations. So please comment on this.
>>
>> Stef _______________________________________________ systemd-devel
>> mailing list systemd-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
> Did you look at extending pam_namespace?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk6YL2IACgkQrlYvE4MpobPL9gCeJ4/aKVMKiGoAjD+K5cD7paZR
> xocAoJfTC3bYV/0Irzkp34eIwqClDCc4
> =yZh7
> -----END PGP SIGNATURE-----
>
More information about the systemd-devel
mailing list