On Tue, 2006-09-19 at 13:06 -0400, Rosalie Hiebel wrote: > I have noticed that when I have polyinstantiation with the instance > directory contained in the base directory, then sshd fails. It > appears that sshd goes through pam_namespace (which creates/mounts > instance directories), and then launches another sshd process which > also goes through pam_namespace. The second sshd fails to stat the > instance directory. > > So, if my namespace.conf contains the following entry, > /var/poly /var/poly/poly-inst context adm > then when I ssh in as root, two sshd processes output pam_namespace > messages to /var/log/secure. The first sshd successfully mounts the > instance directory, but the second sshd is unsuccessful (since it's > already mounted). The second sshd outputs the following error: > pam_namespace(sshd:session): Error stating /var/poly/poly-inst, No > such file or directory > pam_namespace(sshd:session): Error mounting > /var/poly/poly-inst/root on /var/poly, No such file or directory > > When I change the instance directory not to be a subdir of the base, > then sshd works fine. Is this a problem with sshd or is my setup > incorrect ?
What happens if you put unmnt_remnt as an option after pam_namespace.so in your /etc/pam.d/sshd file? That is an option for programs like su and newrole that need to unmount and re-mount the instance directory, but may work in this situation (not sure). If that doesn't work either, then you might have to work around it by putting the instances outside of the base dir for now. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
