On Mon, Oct 29, 2007 at 01:00:17PM +0000, Darren J Moffat wrote: > 2. PAM - what if we could run PAM in the global zone > > This could work and might have other uses. The idea would be > to have libpam use doors to talk to a global zone process. > The advantage here is it "fixes" more than just sshd in a > labeled zone. It also means the authentication happens in > the Trusted Path.
PAM could almost be made into a libpamproxy and PAM daemon, almost... There are modules that assume they are running in the context of the process that is making the PAM calls, pam_unix_cred(5) specifically, but others may exist as well. So the library and daemon would have to cooperate to make sure that changes made by pam_unix_cred to the caller are propagated to the real calling process. > 3. sshd - make it label aware. > > It would be wise to make this configurable (ie we could still > deploy as we do today). However I think this is potentially > quite complex and there are possible issues with the fact that > ssh can have multiple channels open at different times in the > lifecycle of the connection. I think this is the best option: sshd should run in the global zone, and the child of the monitor should zone_enter() the correct label for the user. Nico --
