nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process

System Internals / systemd - Lennart Poettering [poettering.net] - 10 March 2014 20:41 UTC

When the container runs a different native architecture than the host we shouldn't attempt to load the container's NSS modules with the host's libc. Instead, resolve UID/GID by invoking /usr/bin/getent in the container. The tool should be fairly universally available and allows us to do resolving of the UID/GID with the container's libc in a parsable format.

https://bugs.freedesktop.org/show_bug.cgi?id=75733

0cb9fbc nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process
src/nspawn/nspawn.c | 332 ++++++++++++++++++++++++++++++++++++++++++---------
src/shared/mkdir.c | 4 +-
2 files changed, 276 insertions(+), 60 deletions(-)

Upstream: github.com

Related systemd Activity

nspawn: fix exit code for --help and --version (#4609)
Martin Pitt

nspawn: make nspawn robust to container failure
Djalal Harouni

Recent systemd Activity

hwdb: add Medion Akoya E2228T MD61900 (#18317)
corvusnix

varlink: make 'userdata' pointer inheritance from varlink server to connection optional
Lennart Poettering

udev: use DEFINE_MAIN_FUNCTION in cdrom_id
Dan Streetman

network: add support to RoutingPolicyRule lookup table name
Susant Sahani

resolved: fix use-after-free with queries hitting the cache
Zbigniew Jędrzejewski-Szmek

nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process

System Internals / systemd - Lennart Poettering [poettering.net] - 10 March 2014 20:41 UTC

Related systemd Activity

Share

Recent systemd Activity