Hi, I'm rewriting an existing pam module pam_script.so. Till now it was able to run scripts, and exposing some variables. I want to add the ability to unshare the namespace, and chroot. The things in order it will do: a. unshare b. forking and let child run scripts c. wait for child to finish and chroot The purpose is that the whole new environment (=mounts) is set up by the external scripts at step b. These scripts are reading various configuration settings, and doing the right mounts. It's also possible that for the user logging in no chroot is done by these configuration settings. The directory to chroot to is set in phase 2 by the external scripts, and has to be known by the chroot command in phase c. What is a good way to communicate between the child and the parent to send this directory? Right know I'm using a temporary file in /var/run/pam-script-info-"parentpid". This file is set in the environment of the child: PAM_SCRIPT_INFO=/var/run/pam-script-info-29796 the external scripts can write to this file the value: CHROOTDIR=... which the parent will read when the child has finished. If found than a chroot to this dir is done, if not no chroot. This will work, I havent fully tested it yet, but are there other ways to do this?? Stef _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
