[systemd-devel] Howto unshare when user session starts.
Adrian Vovk
adrianvovk at gmail.com
Wed Feb 21 20:18:29 UTC 2024
On 2/21/24 15:09, Stef Bon wrote:
> Hi,
>
> I know that I can use a session file, and I know I can use a pamfile
> (I've written one myself) but what I want to know is how can I use
> systemd for that? Systemd handles the system, sessions and containers,
> so is it for example possible to set some parameters and make the pam
> module of systemd do this?
I'm almost certain that you can't, no
Plus I'm pretty sure entering a namespace from a PAM module is unsafe
(the process the PAM module is loaded into might be multithreaded, which
namespaces have trouble with).I mean if it works, it works, but a PAM
module can't safely assume that it will always work
> Stef
More information about the systemd-devel
mailing list