#5: multiple pam_namespace unmount problems
-----------------------------+------------------------------
Reporter: andersblomdell | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords:
Blocked By: | Blocking:
-----------------------------+------------------------------
This is essentially a short version of the bug in:
http://bugzilla.redhat.com/show_bug.cgi?id=755216
Essentially pam_namespace (1.1.5) suffers the following problems:
1. The (bind) mounts done in the new namespace is visible in the
original namespace (Error "too many levels of symbolic links").
2. At pam_namespace exit, the original mounting is restored for any
remaining child processes (daemons), which is a security problem.
Patch is attached
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/5>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project