On Tue, 2008-02-26 at 15:23 -0700, Forrest Taylor wrote:
> Is there any way to allow polyinstantiation to give the same view to a
> number of users? For example, I want to give users in the adm group
> access to the same shared /tmp (really /tmp-adm) directory, users in the
> wheel group access to a different shared /tmp (really /tmp-wheel), and
> all other users access to their own individual /tmp. Is this possible?
>
> Of course, the more I think about this, the more I see reasons not to do
> it such as conflicts--what if a user were in the adm and wheel groups?
> For a single group, I can see excluding them from the polyinstantiated
> directory entirely, but with several groups I cannot think of a way to
> safely do this. Thoughts?
There isn't such method in pam_namespace yet. The question is how would
you resolve the conflicts. But in the pam-0.99.10.0 there is already
possibility to share a polyinstantiated directory among users (using the
shared flag). The directory would be polyinstantiated purely based on
the context (or level) so the users with the same context will get the
same instance.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
