nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process

System Internals / systemd - Lennart Poettering [poettering.net] - 10 March 2014 20:41 EDT

When the container runs a different native architecture than the host we shouldn't attempt to load the container's NSS modules with the host's libc. Instead, resolve UID/GID by invoking /usr/bin/getent in the container. The tool should be fairly universally available and allows us to do resolving of the UID/GID with the container's libc in a parsable format.

https://bugs.freedesktop.org/show_bug.cgi?id=75733

0cb9fbc nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process
src/nspawn/nspawn.c | 332 ++++++++++++++++++++++++++++++++++++++++++---------
src/shared/mkdir.c | 4 +-
2 files changed, 276 insertions(+), 60 deletions(-)

Upstream: github.com


  • Share