Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   polyinstation and removable media (http://www.linux-archive.org/fedora-selinux-support/111007-polyinstation-removable-media.html)

Stefan Schulze Frielinghaus 06-21-2008 05:42 PM

polyinstation and removable media
 
Something strange happens when /tmp and /var/tmp are polyinstantiated
for all of my users except root and adm.

/etc/security/namespace.conf:

/tmp tmpfs tmpfs root,adm
/var/tmp tmpfs tmpfs root,adm

When the user logs into a GDM session using GNOME and plugs in a
USB-Stick, DVD or whatever the device is _not_ mounted. Everything else
works fine. The directory in /media is created and everything is setup
correctly but the final mount command is not issued.

The logfiles don't speak that much but maybe this is a little hint.

Jun 21 19:20:19 test kernel: sd 0:0:0:0: [sda] Attached SCSI removable
disk
Jun 21 19:20:19 test console-kit-daemon[1629]: WARNING: Couldn't
read /proc/2766/environ: Error reading file '/proc/2766/environ': No
such process
Jun 21 19:20:20 test hald: mounted /dev/sda1 on behalf of uid 500
Jun 21 19:20:20 test gnome-keyring-daemon[2647]: adding removable
location: volume_uuid_47DB_BAD8 at /media/blub

And here is a logfile without polyinstantiation:

Jun 21 19:25:00 test kernel: sd 1:0:0:0: [sda] Attached SCSI removable
disk
Jun 21 19:25:00 test kernel: sd 1:0:0:0: Attached scsi generic sg0 type
0
Jun 21 19:25:01 test gnome-keyring-daemon[3746]: adding removable
location: volume_uuid_47DB_BAD8 at /media/blub
Jun 21 19:25:01 test hald: mounted /dev/sda1 on behalf of uid 500

Both logs say that the media was mounted but that's not true if
polyinstantiated. Maybe something related to the ´╗┐console-kit-daemon
warning message?

Does someone has an idea or can confirm this?

Best regards
Stefan

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Tomas Mraz 06-23-2008 11:47 AM

polyinstation and removable media
 
On Sat, 2008-06-21 at 19:42 +0200, Stefan Schulze Frielinghaus wrote:
> Something strange happens when /tmp and /var/tmp are polyinstantiated
> for all of my users except root and adm.
>
> /etc/security/namespace.conf:
>
> /tmp tmpfs tmpfs root,adm
> /var/tmp tmpfs tmpfs root,adm
>
> When the user logs into a GDM session using GNOME and plugs in a
> USB-Stick, DVD or whatever the device is _not_ mounted. Everything else
> works fine. The directory in /media is created and everything is setup
> correctly but the final mount command is not issued.
....
> Both logs say that the media was mounted but that's not true if
> polyinstantiated. Maybe something related to the ´╗┐console-kit-daemon
> warning message?
>
> Does someone has an idea or can confirm this?

The pam_namespace unshares the mount namespaces between parent (system)
and child (user shell) processes. By default all the mount points are
marked as private in kernel, that means the changes on the mount points
are not visible among the unshared namespaces.

You have to mark the /media directory as rshared mount point somewhere
in the system startup scripts.
mount --bind /media /media
mount --make-rshared /media

Or you can do it the other way around as Russell Coker suggests - that
means make everything shared except the tmp directories.

mount --make-shared /
mount --bind /tmp /tmp
mount --make-private /tmp
mount --bind /var/tmp /var/tmp
mount --make-private /var/tmp

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 08:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.