]>
Commit | Line | Data |
---|---|---|
bd9a1e0d JR |
1 | initialize homedirs in namespace init script |
2 | ||
3 | diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init | |
4 | --- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir 2007-08-24 10:40:46.000000000 +0200 | |
5 | +++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-08-24 15:33:52.000000000 +0200 | |
6 | @@ -1,9 +1,24 @@ | |
7 | #!/bin/sh -p | |
8 | -# This is only a boilerplate for the instance initialization script. | |
9 | # It receives polydir path as $1, the instance path as $2, | |
10 | # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, | |
11 | # and user name in $4. | |
12 | # | |
13 | +# The following section will copy the contents of /etc/skel if this is a | |
14 | +# newly created home directory. | |
15 | +if [ "$3" = 1 ]; then | |
16 | + user="$4" | |
17 | + passwd=$(getent passwd "$user") | |
18 | + homedir=$(echo "$passwd" | cut -f6 -d":") | |
19 | + if [ "$1" = "$homedir" ]; then | |
20 | + gid=$(echo "$passwd" | cut -f4 -d":") | |
21 | + cp -aT /etc/skel "$homedir" | |
22 | + [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" | |
23 | + chown -R "$user":"$gid" "$homedir" | |
24 | + mode=$(awk '/^UMASK/{gsub("#.*$", "", $2); printf "%o", and(0777,compl(strtonum("0" $2))); exit}' /etc/login.defs) | |
25 | + chmod ${mode:-700} "$homedir" | |
26 | + fi | |
27 | +fi | |
28 | +# | |
29 | # If you intend to polyinstantiate /tmp and you also want to use the X windows | |
30 | # environment, you will have to use this script to bind mount the socket that | |
31 | # is used by the X server to communicate with its clients. X server places | |
32 | diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.c.ns-init Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.c | |
33 | --- Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.c.ns-init 2007-08-06 13:57:56.000000000 +0200 | |
34 | +++ Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.c 2007-08-06 14:06:52.000000000 +0200 | |
35 | @@ -672,7 +672,7 @@ static int poly_name(const struct polydi | |
36 | hash = NULL; | |
37 | } else { | |
38 | char *newname; | |
39 | - if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-strlen(hash), | |
40 | + if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), | |
41 | *i_name, hash) < 0) { | |
42 | goto fail; | |
43 | } | |
44 | @@ -756,7 +756,7 @@ static int check_inst_parent(char *ipath | |
45 | * directory as arguments. | |
46 | */ | |
47 | static int inst_init(const struct polydir_s *polyptr, const char *ipath, | |
48 | - struct instance_data *idata) | |
49 | + struct instance_data *idata, int newdir) | |
50 | { | |
51 | pid_t rc, pid; | |
52 | sighandler_t osighand = NULL; | |
53 | @@ -786,7 +786,7 @@ static int inst_init(const struct polydi | |
54 | } | |
55 | #endif | |
56 | if (execl(NAMESPACE_INIT_SCRIPT, NAMESPACE_INIT_SCRIPT, | |
57 | - polyptr->dir, ipath, (char *)NULL) < 0) | |
58 | + polyptr->dir, ipath, newdir?"1":"0", idata->user, (char *)NULL) < 0) | |
59 | exit(1); | |
60 | } else if (pid > 0) { | |
61 | while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && | |
62 | @@ -831,6 +831,7 @@ static int create_dirs(struct polydir_s | |
63 | { | |
64 | struct stat statbuf, newstatbuf; | |
65 | int rc, fd; | |
66 | + int newdir = 0; | |
67 | ||
68 | /* | |
69 | * stat the directory to polyinstantiate, so its owner-group-mode | |
70 | @@ -884,6 +885,7 @@ static int create_dirs(struct polydir_s | |
71 | } | |
72 | } | |
73 | ||
74 | + newdir = 1; | |
75 | /* Open a descriptor to it to prevent races */ | |
76 | fd = open(ipath, O_DIRECTORY | O_RDONLY); | |
77 | if (fd < 0) { | |
78 | @@ -948,7 +950,7 @@ static int create_dirs(struct polydir_s | |
79 | */ | |
80 | ||
81 | inst_init: | |
82 | - rc = inst_init(polyptr, ipath, idata); | |
83 | + rc = inst_init(polyptr, ipath, idata, newdir); | |
84 | return rc; | |
85 | } | |
86 | ||
87 | @@ -981,7 +983,7 @@ static int ns_setup(struct polydir_s *po | |
88 | return PAM_SESSION_ERR; | |
89 | } | |
90 | /* we must call inst_init after the mount in this case */ | |
91 | - return inst_init(polyptr, "tmpfs", idata); | |
92 | + return inst_init(polyptr, "tmpfs", idata, 1); | |
93 | } | |
94 | ||
95 | /* | |
96 | diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.8.xml.ns-init Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.8.xml | |
97 | --- Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.8.xml.ns-init 2007-06-18 12:46:47.000000000 +0200 | |
98 | +++ Linux-PAM-0.99.8.1/modules/pam_namespace/pam_namespace.8.xml 2007-08-06 13:57:56.000000000 +0200 | |
99 | @@ -60,7 +60,9 @@ | |
100 | script <filename>/etc/security/namespace.init</filename> exists, it | |
101 | is used to initialize the namespace every time a new instance | |
102 | directory is setup. The script receives the polyinstantiated | |
103 | - directory path and the instance directory path as its arguments. | |
104 | + directory path, the instance directory path, flag whether the instance | |
105 | + directory was newly created (0 for no, 1 for yes), and the user name | |
106 | + as its arguments. | |
107 | </para> | |
108 | ||
109 | <para> | |
110 | diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.ns-init Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init | |
111 | --- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.ns-init 2007-06-18 12:46:47.000000000 +0200 | |
112 | +++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-08-06 13:57:56.000000000 +0200 | |
113 | @@ -1,6 +1,8 @@ | |
114 | #!/bin/sh -p | |
115 | # This is only a boilerplate for the instance initialization script. | |
116 | -# It receives polydir path as $1 and the instance path as $2. | |
117 | +# It receives polydir path as $1, the instance path as $2, | |
118 | +# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, | |
119 | +# and user name in $4. | |
120 | # | |
121 | # If you intend to polyinstantiate /tmp and you also want to use the X windows | |
122 | # environment, you will have to use this script to bind mount the socket that |