1 # /etc/security/namespace.conf
3 # See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
5 # Uncommenting the following three lines will polyinstantiate
6 # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
7 # be polyinstantiated based on the MLS level part of the security context as well as user
8 # name, Polyinstantion will not be performed for user root and adm for directories
9 # /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
10 # The user name and context is appended to the instance prefix.
12 # Note that instance directories do not have to reside inside the
13 # polyinstantiated directory. In the examples below, instances of /tmp
14 # will be created in /tmp-inst directory, where as instances of /var/tmp
15 # and users home directories will reside within the directories that
16 # are being polyinstantiated.
18 # Instance parent directories must exist for the polyinstantiation
19 # mechanism to work. By default, they should be created with the mode
20 # of 000. pam_namespace module will enforce this mode unless it
21 # is explicitly called with an argument to ignore the mode of the
22 # instance parent. System administrators should use this argument with
23 # caution, as it will reduce security and isolation achieved by
26 #/tmp /tmp-inst/ level root,adm
27 #/var/tmp /var/tmp/tmp-inst/ level root,adm
28 #$HOME $HOME/$USER.inst/ level