On Sat, 2008-06-21 at 19:42 +0200, Stefan Schulze Frielinghaus wrote:
> Something strange happens when /tmp and /var/tmp are polyinstantiated
> for all of my users except root and adm.
>
> /etc/security/namespace.conf:
>
> /tmp tmpfs tmpfs root,adm
> /var/tmp tmpfs tmpfs root,adm
>
> When the user logs into a GDM session using GNOME and plugs in a
> USB-Stick, DVD or whatever the device is _not_ mounted. Everything else
> works fine. The directory in /media is created and everything is setup
> correctly but the final mount command is not issued.
....
> Both logs say that the media was mounted but that's not true if
> polyinstantiated. Maybe something related to the console-kit-daemon
> warning message?
>
> Does someone has an idea or can confirm this?
The pam_namespace unshares the mount namespaces between parent (system)
and child (user shell) processes. By default all the mount points are
marked as private in kernel, that means the changes on the mount points
are not visible among the unshared namespaces.
You have to mark the /media directory as rshared mount point somewhere
in the system startup scripts.
mount --bind /media /media
mount --make-rshared /media
Or you can do it the other way around as Russell Coker suggests - that
means make everything shared except the tmp directories.
mount --make-shared /
mount --bind /tmp /tmp
mount --make-private /tmp
mount --bind /var/tmp /var/tmp
mount --make-private /var/tmp
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
