add support for explicit marking of the polydir mount private (#623522)

This commit is contained in:
Tomas Mraz 2011-06-02 22:23:52 +02:00
parent 20d38d82f9
commit 6a48d1491e
2 changed files with 136 additions and 1 deletions

View File

@ -0,0 +1,130 @@
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
index 0433f0f..f0ebe2c 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
@@ -52,6 +52,9 @@
<arg choice="opt">
use_default_context
</arg>
+ <arg choice="opt">
+ mount_private
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -234,6 +237,21 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>mount_private</option>
+ </term>
+ <listitem>
+ <para>
+ This option should be used on systems where the / mount point and
+ its submounts are made shared (for example with a
+ <command>mount --make-rshared /</command> command).
+ The module will make the polyinstantiated directory mount points
+ private.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index c47599e..d5a2d78 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1003,7 +1003,7 @@ static int protect_mount(int dfd, const char *path, struct instance_data *idata)
return 0;
}
-static int protect_dir(const char *path, mode_t mode, int do_mkdir,
+static int protect_dir(const char *path, mode_t mode, int do_mkdir, int always,
struct instance_data *idata)
{
char *p = strdup(path);
@@ -1082,7 +1082,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir,
}
}
- if (flags & O_NOFOLLOW) {
+ if ((flags & O_NOFOLLOW) || always) {
/* we are inside user-owned dir - protect */
if (protect_mount(rv, p, idata) == -1) {
save_errno = errno;
@@ -1124,7 +1124,7 @@ static int check_inst_parent(char *ipath, struct instance_data *idata)
if (trailing_slash)
*trailing_slash = '\0';
- dfd = protect_dir(inst_parent, 0, 1, idata);
+ dfd = protect_dir(inst_parent, 0, 1, 0, idata);
if (dfd == -1 || fstat(dfd, &instpbuf) < 0) {
pam_syslog(idata->pamh, LOG_ERR,
@@ -1259,7 +1259,7 @@ static int create_polydir(struct polydir_s *polyptr,
}
#endif
- rc = protect_dir(dir, mode, 1, idata);
+ rc = protect_dir(dir, mode, 1, idata->flags & PAMNS_MOUNT_PRIVATE, idata);
if (rc == -1) {
pam_syslog(idata->pamh, LOG_ERR,
"Error creating directory %s: %m", dir);
@@ -1447,7 +1447,7 @@ static int ns_setup(struct polydir_s *polyptr,
pam_syslog(idata->pamh, LOG_DEBUG,
"Set namespace for directory %s", polyptr->dir);
- retval = protect_dir(polyptr->dir, 0, 0, idata);
+ retval = protect_dir(polyptr->dir, 0, 0, idata->flags & PAMNS_MOUNT_PRIVATE, idata);
if (retval < 0 && errno != ENOENT) {
pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m",
@@ -1534,6 +1534,22 @@ static int ns_setup(struct polydir_s *polyptr,
goto error_out;
}
+ if (idata->flags & PAMNS_MOUNT_PRIVATE) {
+ /*
+ * Make the polyinstantiated dir private mount. This depends
+ * on making the dir a mount point in the protect_dir call.
+ */
+ if (mount(polyptr->dir, polyptr->dir, NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
+ pam_syslog(idata->pamh, LOG_ERR, "Error making %s a private mount, %m",
+ polyptr->dir);
+ goto error_out;
+ }
+ if (idata->flags & PAMNS_DEBUG)
+ pam_syslog(idata->pamh, LOG_DEBUG,
+ "Polyinstantiated directory %s made as private mount", polyptr->dir);
+
+ }
+
/*
* Bind mount instance directory on top of the polyinstantiated
* directory to provide an instance of polyinstantiated directory
@@ -1964,6 +1980,9 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
idata.flags |= PAMNS_USE_DEFAULT_CONTEXT;
idata.flags |= PAMNS_CTXT_BASED_INST;
}
+ if (strcmp(argv[i], "mount_private") == 0) {
+ idata.flags |= PAMNS_MOUNT_PRIVATE;
+ }
if (strcmp(argv[i], "unmnt_remnt") == 0)
unmnt = UNMNT_REMNT;
if (strcmp(argv[i], "unmnt_only") == 0)
diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
index da21bd7..7b39068 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -96,6 +96,7 @@
#define PAMNS_NO_UNMOUNT_ON_CLOSE 0x00010000 /* no unmount at session close */
#define PAMNS_USE_CURRENT_CONTEXT 0x00020000 /* use getcon instead of getexeccon */
#define PAMNS_USE_DEFAULT_CONTEXT 0x00040000 /* use get_default_context instead of getexeccon */
+#define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */
/* polydir flags */
#define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstatiate exclusively for override uids */

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.3 Version: 1.1.3
Release: 8%{?dist} Release: 9%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+ License: BSD and GPLv2+
@ -39,6 +39,7 @@ Patch30: pam-1.1.3-securetty-console.patch
Patch31: pam-1.1.3-limits-nosetreuid.patch Patch31: pam-1.1.3-limits-nosetreuid.patch
Patch32: pam-1.1.3-limits-range.patch Patch32: pam-1.1.3-limits-range.patch
Patch33: pam-1.1.3-pwhistory-incomplete.patch Patch33: pam-1.1.3-pwhistory-incomplete.patch
Patch34: pam-1.1.3-namespace-private.patch
%define _sbindir /sbin %define _sbindir /sbin
%define _moduledir /%{_lib}/security %define _moduledir /%{_lib}/security
@ -113,6 +114,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch31 -p1 -b .nosetreuid %patch31 -p1 -b .nosetreuid
%patch32 -p0 -b .range %patch32 -p0 -b .range
%patch33 -p1 -b .incomplete %patch33 -p1 -b .incomplete
%patch34 -p1 -b .private
libtoolize -f libtoolize -f
autoreconf autoreconf
@ -367,6 +369,9 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Thu Jun 2 2011 Tomas Mraz <tmraz@redhat.com> 1.1.3-9
- add support for explicit marking of the polydir mount private (#623522)
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.3-8 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild