namespaces.conf looks really interesting. We can give users their own view of certain directories. e.g. we can add
/tmp /tmp-inst/ level root,adm
Which would show all users (except root and adm) only their own private /tmp which is really a copy of /tmp-inst/ that is mounted over /tmp for that user.
I can’t seem to enable the pam_namespace module to use this though.
Sounds great! Maybe then we won’t need pam-tmpdir (which has some issues during testing and needs bug reporting).
This doesn’t have to be just a private /tmp. We can do tons of other things like give them their own private view of /home or /var/tmp.
I tried this and failed. Enabled pam_namespace with debug in pam. Shows debug output. No errors. But also no private /tmp. Still shared among all users.