Something strange happens when /tmp and /var/tmp are polyinstantiated for all of my users except root and adm.
/etc/security/namespace.conf:
/tmp tmpfs tmpfs root,adm /var/tmp tmpfs tmpfs root,adm
When the user logs into a GDM session using GNOME and plugs in a USB-Stick, DVD or whatever the device is _not_ mounted. Everything else works fine. The directory in /media is created and everything is setup correctly but the final mount command is not issued.
The logfiles don't speak that much but maybe this is a little hint.
Jun 21 19:20:19 test kernel: sd 0:0:0:0: [sda] Attached SCSI removable disk Jun 21 19:20:19 test console-kit-daemon[1629]: WARNING: Couldn't read /proc/2766/environ: Error reading file '/proc/2766/environ': No such process Jun 21 19:20:20 test hald: mounted /dev/sda1 on behalf of uid 500 Jun 21 19:20:20 test gnome-keyring-daemon[2647]: adding removable location: volume_uuid_47DB_BAD8 at /media/blub
And here is a logfile without polyinstantiation:
Jun 21 19:25:00 test kernel: sd 1:0:0:0: [sda] Attached SCSI removable disk Jun 21 19:25:00 test kernel: sd 1:0:0:0: Attached scsi generic sg0 type 0 Jun 21 19:25:01 test gnome-keyring-daemon[3746]: adding removable location: volume_uuid_47DB_BAD8 at /media/blub Jun 21 19:25:01 test hald: mounted /dev/sda1 on behalf of uid 500
Both logs say that the media was mounted but that's not true if polyinstantiated. Maybe something related to the console-kit-daemon warning message?
Does someone has an idea or can confirm this?
Best regards Stefan
On Sat, 2008-06-21 at 19:42 +0200, Stefan Schulze Frielinghaus wrote:
Something strange happens when /tmp and /var/tmp are polyinstantiated for all of my users except root and adm.
/etc/security/namespace.conf:
/tmp tmpfs tmpfs root,adm /var/tmp tmpfs tmpfs root,adm
When the user logs into a GDM session using GNOME and plugs in a USB-Stick, DVD or whatever the device is _not_ mounted. Everything else works fine. The directory in /media is created and everything is setup correctly but the final mount command is not issued.
....
Both logs say that the media was mounted but that's not true if polyinstantiated. Maybe something related to the console-kit-daemon warning message?
Does someone has an idea or can confirm this?
The pam_namespace unshares the mount namespaces between parent (system) and child (user shell) processes. By default all the mount points are marked as private in kernel, that means the changes on the mount points are not visible among the unshared namespaces.
You have to mark the /media directory as rshared mount point somewhere in the system startup scripts. mount --bind /media /media mount --make-rshared /media
Or you can do it the other way around as Russell Coker suggests - that means make everything shared except the tmp directories.
mount --make-shared / mount --bind /tmp /tmp mount --make-private /tmp mount --bind /var/tmp /var/tmp mount --make-private /var/tmp
selinux@lists.fedoraproject.org