Bug 242578

Summary: pam_namespace uses wrong users namespace
Product: Red Hat Enterprise Linux 5 Reporter: Ted X Toth <txtoth>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: 5.0CC: k.georgiou
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-04 14:16:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch
none
patch none

Description Ted X Toth 2007-06-04 21:35:59 UTC 
Description of problem:
The current implementation neglects to recognize that the pam requesting user
(PAM_RUSER) and the authenticating user (PAM_USER) can have different namespaces
by virtue of the use of $HOME or $USER in the namespace.conf file. This
oversight can among other things cause pam_namespace to attempt to unmount
directories that don't exist and weren't intended to be polyinstantiated. When
the unmount fails so does authentication.

Version-Release number of selected component (if applicable):


How reproducible:
Configure a user directories to be polyinstantiated using $HOME something like
$HOME/foo but override for user root. You will need the patch submitted for bug
237163 for this to work. Don't forget to create the instance directory in the
test users home directory ($HOME/foo.inst). Configure login and su to use
pam_namespace. Also use the debug option. For su use the unmnt_remnt option as
per the man page. Login in as a user and then try and su to root. In
/var/log/secure you should see a message to the effect that umount failed
because /root/foo doesn't exist and the su will fail.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Ted X Toth 2007-06-04 21:35:59 UTC 
Created attachment 156136 [details]
patch
Comment 2 Ted X Toth 2007-06-04 21:49:57 UTC 
Created attachment 156137 [details]
patch

Sorry the previous patch was bad.
Comment 3 Tomas Mraz 2008-04-04 14:16:31 UTC 
This bug is fixed in Linux-PAM-1.0 which will be included in the next release of
Red Hat Enterprise Linux.