From mboxrd@z Thu Jan 1 00:00:00 1970 From: Janak Desai Subject: Re: [PATCH 0/3] New system call, unshare Date: Wed, 10 Aug 2005 11:05:47 -0400 Message-ID: <42FA17CB.1020702@us.ibm.com> References: <878xz9dgv4.fsf@mid.deneb.enyo.de> <20050810141849.GA5639@serge.austin.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Florian Weimer , viro@parcelfarce.linux.theplanet.co.uk, sds@tycho.nsa.gov, linuxram@us.ibm.com, ericvh@gmail.com, dwalsh@redhat.com, jmorris@redhat.com, akpm@osdl.org, torvalds@osdl.org, gh@us.ibm.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Return-path: Received: from e33.co.us.ibm.com ([32.97.110.131]:11966 "EHLO e33.co.us.ibm.com") by vger.kernel.org with ESMTP id S965146AbVHJPGC (ORCPT ); Wed, 10 Aug 2005 11:06:02 -0400 To: serue@us.ibm.com In-Reply-To: <20050810141849.GA5639@serge.austin.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org serue@us.ibm.com wrote: > Quoting Florian Weimer (fw@deneb.enyo.de): > >>* Janak Desai: >> >> >>>With unshare, namespace setup can be done using PAM session >>>management functions without patching individual commands. >> >>I don't think it's a good idea to use security-critical code well > > > Note that this patch is not removing the CAP_SYS_ADMIN requirement, > just allowing the operation to happen outside of clone(). Unlike > domain transitions in selinux, which should be tied to exec() so > as to tie them to known code, I don't see what clone() would provide > in terms of safety which we are losing. > > >>without its original specification. Clearly the current situation >>sucks, but this is mainly a lack of PAM functionality, IMHO. > > > I'm not sure this is to do with PAM functionality, rather than > just its design. Is there a way of "fixing" pam so that we don't > need unshare()? > I have been trying to narrow down the problem since Alan's post about using clone() instead of unshare. The problem comes down to parent, on _exit(), clobbering controlling tty. I have tried, from the child, to close and open the tty stored in PAM but that has not helped. -Janak