Blame | Last modification | View Log | RSS feed
# /etc/security/namespace.conf## See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.## Uncommenting the following three lines will polyinstantiate# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will# be polyinstantiated based on the MLS level part of the security context as well as user# name, Polyinstantion will not be performed for user root and adm for directories# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.# The user name and context is appended to the instance prefix.## Note that instance directories do not have to reside inside the# polyinstantiated directory. In the examples below, instances of /tmp# will be created in /tmp-inst directory, where as instances of /var/tmp# and users home directories will reside within the directories that# are being polyinstantiated.## Instance parent directories must exist for the polyinstantiation# mechanism to work. By default, they should be created with the mode# of 000. pam_namespace module will enforce this mode unless it# is explicitly called with an argument to ignore the mode of the# instance parent. System administrators should use this argument with# caution, as it will reduce security and isolation achieved by# polyinstantiation.##/tmp /tmp-inst/ level root,adm#/var/tmp /var/tmp/tmp-inst/ level root,adm#$HOME $HOME/$USER.inst/ level