No I didn't. I will post it on the pam maillist, see what they think of it.
Stef
2011/10/14 Daniel J Walsh dwa...@redhat.com:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2011 04:34 AM, Stef Bon wrote:
Hi,
I've rewritten an existing pam module pam_script. What it does:
. runs a script . unshare the mount namespace (if configured,
default yes)
if the directory to chroot to is specfied it does also:
. mount all the required directories like bin, lib, usr etcetera. .
chroot to this directory
See:
git clone git://gitorious.org/pam_script/pam_script.git pam_script
cd pam_script
Please some comments. Especially the starting of a session, is
this enough? If you look to the code you'll see that I've copied
from nspawn.c the check is_os_tree and mount_all functions, and
adjusted them a bit(is this ok?)
In nspawn a lot more is done but I'm not that familiar with these
low level operations. So please comment on this.
Stef ___ systemd-devel
mailing list systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Did you look at extending pam_namespace?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6YL2IACgkQrlYvE4MpobPL9gCeJ4/aKVMKiGoAjD+K5cD7paZR
xocAoJfTC3bYV/0Irzkp34eIwqClDCc4
=yZh7
-END PGP SIGNATURE-
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
