Re: [systemd-devel] Howto unshare when user session starts.
On 2/21/24 15:09, Stef Bon wrote: Hi, I know that I can use a session file, and I know I can use a pamfile (I've written one myself) but what I want to know is how can I use systemd for that? Systemd handles the system, sessions and containers, so is it for example possible to set some parameters and make the pam module of systemd do this? I'm almost certain that you can't, no Plus I'm pretty sure entering a namespace from a PAM module is unsafe (the process the PAM module is loaded into might be multithreaded, which namespaces have trouble with).I mean if it works, it works, but a PAM module can't safely assume that it will always work Stef
Re: [systemd-devel] Howto unshare when user session starts.
Hi, I know that I can use a session file, and I know I can use a pamfile (I've written one myself) but what I want to know is how can I use systemd for that? Systemd handles the system, sessions and containers, so is it for example possible to set some parameters and make the pam module of systemd do this? Stef
Re: [systemd-devel] Howto unshare when user session starts.
On 2/21/24 12:57, Stef Bon wrote:
Hi,
maybe this is a question simple to answer.
I want the user sessions to start in a {mount,user} namespace. How can
I do this? I know there is the command systemd-nspawn. But to use this
I have to adjust the first command to start a session. Or is it
possible by setting parameters in logind?
You may want to look at adjusting the command executed by
/usr/share/{x,wayland-}sessions/*.desktop
Your display manager picks one of those files (depending on what you
select @ login time) and runs whatever command is in there.
So for example, you should copy
/usr/share/wayland-sessions/gnome.desktop to
/usr/share/wayland-sessions/my-namespace.desktop. Then edit the Name
setting in the .desktop entry (so it appears in the list on your login
screen), and the Exec setting to change what command it executes
Stef
the Netherlands
Best,
Adrian
Re: [systemd-devel] Howto unshare when user session starts.
Use pam_namespace for mount namespacing (part of Linux-PAM, not systemd). I
don't think it handles user namespaces yet, but that would probably be a
fairly small change.
On Wed, Feb 21, 2024 at 7:57 PM Stef Bon wrote:
> Hi,
>
> maybe this is a question simple to answer.
>
> I want the user sessions to start in a {mount,user} namespace. How can
> I do this? I know there is the command systemd-nspawn. But to use this
> I have to adjust the first command to start a session. Or is it
> possible by setting parameters in logind?
>
> Stef
> the Netherlands
>
--
Mantas Mikulėnas
[systemd-devel] Howto unshare when user session starts.
Hi,
maybe this is a question simple to answer.
I want the user sessions to start in a {mount,user} namespace. How can
I do this? I know there is the command systemd-nspawn. But to use this
I have to adjust the first command to start a session. Or is it
possible by setting parameters in logind?
Stef
the Netherlands
