When the container runs a different native architecture than the host we shouldn't attempt to load the container's NSS modules with the host's libc. Instead, resolve UID/GID by invoking /usr/bin/getent in the container. The tool should be fairly universally available and allows us to do resolving of the UID/GID with the container's libc in a parsable format.
0cb9fbc nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process
src/nspawn/nspawn.c | 332 ++++++++++++++++++++++++++++++++++++++++++---------
src/shared/mkdir.c | 4 +-
2 files changed, 276 insertions(+), 60 deletions(-)