FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-21-2008, 05:42 PM
Stefan Schulze Frielinghaus
 
Default polyinstation and removable media

Something strange happens when /tmp and /var/tmp are polyinstantiated
for all of my users except root and adm.

/etc/security/namespace.conf:

/tmp tmpfs tmpfs root,adm
/var/tmp tmpfs tmpfs root,adm

When the user logs into a GDM session using GNOME and plugs in a
USB-Stick, DVD or whatever the device is _not_ mounted. Everything else
works fine. The directory in /media is created and everything is setup
correctly but the final mount command is not issued.

The logfiles don't speak that much but maybe this is a little hint.

Jun 21 19:20:19 test kernel: sd 0:0:0:0: [sda] Attached SCSI removable
disk
Jun 21 19:20:19 test console-kit-daemon[1629]: WARNING: Couldn't
read /proc/2766/environ: Error reading file '/proc/2766/environ': No
such process
Jun 21 19:20:20 test hald: mounted /dev/sda1 on behalf of uid 500
Jun 21 19:20:20 test gnome-keyring-daemon[2647]: adding removable
location: volume_uuid_47DB_BAD8 at /media/blub

And here is a logfile without polyinstantiation:

Jun 21 19:25:00 test kernel: sd 1:0:0:0: [sda] Attached SCSI removable
disk
Jun 21 19:25:00 test kernel: sd 1:0:0:0: Attached scsi generic sg0 type
0
Jun 21 19:25:01 test gnome-keyring-daemon[3746]: adding removable
location: volume_uuid_47DB_BAD8 at /media/blub
Jun 21 19:25:01 test hald: mounted /dev/sda1 on behalf of uid 500

Both logs say that the media was mounted but that's not true if
polyinstantiated. Maybe something related to the ´╗┐console-kit-daemon
warning message?

Does someone has an idea or can confirm this?

Best regards
Stefan

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 06-23-2008, 11:47 AM
Tomas Mraz
 
Default polyinstation and removable media

On Sat, 2008-06-21 at 19:42 +0200, Stefan Schulze Frielinghaus wrote:
> Something strange happens when /tmp and /var/tmp are polyinstantiated
> for all of my users except root and adm.
>
> /etc/security/namespace.conf:
>
> /tmp tmpfs tmpfs root,adm
> /var/tmp tmpfs tmpfs root,adm
>
> When the user logs into a GDM session using GNOME and plugs in a
> USB-Stick, DVD or whatever the device is _not_ mounted. Everything else
> works fine. The directory in /media is created and everything is setup
> correctly but the final mount command is not issued.
....
> Both logs say that the media was mounted but that's not true if
> polyinstantiated. Maybe something related to the ´╗┐console-kit-daemon
> warning message?
>
> Does someone has an idea or can confirm this?

The pam_namespace unshares the mount namespaces between parent (system)
and child (user shell) processes. By default all the mount points are
marked as private in kernel, that means the changes on the mount points
are not visible among the unshared namespaces.

You have to mark the /media directory as rshared mount point somewhere
in the system startup scripts.
mount --bind /media /media
mount --make-rshared /media

Or you can do it the other way around as Russell Coker suggests - that
means make everything shared except the tmp directories.

mount --make-shared /
mount --bind /tmp /tmp
mount --make-private /tmp
mount --bind /var/tmp /var/tmp
mount --make-private /var/tmp

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org