{"description": "To setup a private namespace add the following line to <tt>/etc/pam.d/login</tt>:\n<pre>session    required     pam_namespace.so</pre>", "rationale": "The pam_namespace PAM module sets up a private namespace for a\nsession with polyinstantiated directories. A polyinstantiated directory\nprovides a different instance of itself based on user name, or when using\nSELinux, user name, security context or both. The polyinstatied directories\ncan be used to dedicate separate temporary directories to each account.", "severity": "low", "references": {"anssi": ["R55"]}, "control_references": {"anssi": ["R55"]}, "components": [], "identifiers": {}, "ocil_clause": "pam_namespace.so is not required or is commented out", "ocil": "To check if pam_namespace.so is required for user login, run the following command:\n<pre>$ grep pam_namespace.so /etc/pam.d/login</pre>\nThe output should return the following uncommented:\n<pre>session    required     pam_namespace.so</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[pam] and system_with_kernel", "platforms": ["package[pam] and system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["package_pam_and_system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Set Up a Private Namespace in PAM Configuration", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml", "template": null}