/tmp etc. separation through polyinstantiation by using namespaces.conf
Open, NormalPublic
Actions

Assigned To

None

Authored By

	Patrick
	Dec 23 2019, 1:09 PM

Description

http://forums.whonix.org/t/etc-security-hardening/8592/6

Quote @madaidan

namespaces.conf looks really interesting. We can give users their own view of certain directories. e.g. we can add
/tmp     /tmp-inst/       	level      root,adm
Which would show all users (except root and adm) only their own private /tmp which is really a copy of /tmp-inst/ that is mounted over /tmp for that user.

https://linux.die.net/man/5/namespace.conf

https://linux.die.net/man/8/pam_namespace

I can't seem to enable the pam_namespace module to use this though.

Needs research how to use this.

Details

Impact: Normal

Event Timeline

Patrick triaged this task as Normal priority.Dec 23 2019, 1:09 PM

Patrick created this task.

Herald added a project: Whonix. · View Herald TranscriptDec 23 2019, 1:09 PM

Herald added a subscriber: • entr0py. · View Herald Transcript

/tmp etc. separation through polyinstantiation by using namespaces.confOpen, NormalPublicActions

Description

Details

Event Timeline

/tmp etc. separation through polyinstantiation by using namespaces.conf
Open, NormalPublic
Actions