Re: [PATCH 0/3] New system call, unshare

[Janak Desai]

serue@xxxxxxxxxx wrote:
> Quoting Florian Weimer (fw@xxxxxxxxxxxxx):
>
> > * Janak Desai:
> >
> >
> > > With unshare, namespace setup can be done using PAM session
> > > management functions without patching individual commands.
> >
> > I don't think it's a good idea to use security-critical code well
>
>
> Note that this patch is not removing the CAP_SYS_ADMIN requirement,
> just allowing the operation to happen outside of clone().  Unlike
> domain transitions in selinux, which should be tied to exec() so
> as to tie them to known code, I don't see what clone() would provide
> in terms of safety which we are losing.
>
>
> > without its original specification.  Clearly the current situation
> > sucks, but this is mainly a lack of PAM functionality, IMHO.
>
>
> I'm not sure this is to do with PAM functionality, rather than
> just its design.  Is there a way of "fixing" pam so that we don't
> need unshare()?

I have been trying to narrow down the problem since Alan's post
about using clone() instead of unshare. The problem comes down to
parent, on _exit(), clobbering controlling tty. I have tried, from
the child, to close and open the tty stored in PAM but that has
not helped.

-Janak

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/