| 12345678910111213141516171819202122232425262728293031 |
- # /etc/security/namespace.conf
- #
- # See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
- #
- # Uncommenting the following three lines will polyinstantiate
- # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
- # be polyinstantiated based on the MLS level part of the security context as well as user
- # name, Polyinstantion will not be performed for user root and adm for directories
- # /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
- # The user name and context is appended to the instance prefix.
- #
- # Note that instance directories do not have to reside inside the
- # polyinstantiated directory. In the examples below, instances of /tmp
- # will be created in /tmp-inst directory, where as instances of /var/tmp
- # and users home directories will reside within the directories that
- # are being polyinstantiated.
- #
- # Instance parent directories must exist for the polyinstantiation
- # mechanism to work. By default, they should be created with the mode
- # of 000. pam_namespace module will enforce this mode unless it
- # is explicitly called with an argument to ignore the mode of the
- # instance parent. System administrators should use this argument with
- # caution, as it will reduce security and isolation achieved by
- # polyinstantiation. The parent directories (except $HOME) are created
- # at boot by pam_namespace_helper, but in a live system, system
- # administrators should create the parent directories before enabling
- # them here.
- #
- #/tmp /tmp-inst/ level root,adm
- #/var/tmp /var/tmp/tmp-inst/ level root,adm
- #$HOME $HOME/$USER.inst/ level
|
