Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768366 - sys-libs/glibc: Add nss-systemd into /etc/nsswitch.conf
Summary: sys-libs/glibc: Add nss-systemd into /etc/nsswitch.conf
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-02 14:40 UTC by Mikle Kolyada
Modified: 2021-02-28 16:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2021-02-02 14:40:13 UTC
Hello, as systemd-homed[1] got turned on gentoo it would be nice to add a systemd-nss module to the /etc/nsswitch.conf file by default, as it is needed by multiple systemd-services[2]. I would like to have it shipped within glibc itself not to modify the file via pambase's pkg_*.

Thanks!

[1] - https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
[2] - https://www.freedesktop.org/software/systemd/man/nss-systemd.html
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-04 19:19:53 UTC
Currently gentoo uses upstream nsswitch.conf as is. We can do some amendments based on glibc's USE flags if needed (or unconditionally enable the feature if feasible).

Today config-protected nsswitch.conf owned by glibc package. Users can tweak it but other packages should not touch it.
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2021-02-04 20:27:30 UTC
(In reply to Sergei Trofimovich from comment #1)
> Currently gentoo uses upstream nsswitch.conf as is. 

That is a problem as I see it.

>We can do some
> amendments based on glibc's USE flags if needed (or unconditionally enable
> the feature if feasible).

This is possible, but do we really need a USE flag here for changing a single file? It would cause only needless rebuilds. My points are:

1. systemd-homed was designed for "human" accounts (i.e. for accounts with UID/GID >= 1000), "system" services are still managed by the traditional (well, if we can call shadow traditional) approach.

2. nss-systemd lookups are only get activated as soon as you enable somewhat systemd-specific that requires it (systemd-homed/systemd-machined/etc), otherwise it does not bother anyone.

3. even if nss-systemd is present in the lookups chain, shadow users will not be
affected, as shodow's search attempts halt exactly at 'files' (which is the first in the chain in anyway).

4. last but not least, in my experience lots of users are able to crash their systems making even trivial changes to basic configurations, so I think we want people to steer clear of nsswitch.conf as much as possible by providing more common defaults. 

> 
> Today config-protected nsswitch.conf owned by glibc package. Users can tweak
> it but other packages should not touch it.
Comment 3 Larry the Git Cow gentoo-dev 2021-02-27 19:18:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d446edfec1019a14aa3d2bbdbdfb79845b053b0c

commit d446edfec1019a14aa3d2bbdbdfb79845b053b0c
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-02-27 19:17:04 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-02-27 19:18:01 +0000

    sys-libs/glibc: Bump to 2.32 patchlevel 8
    
    Bug: https://bugs.gentoo.org/767718
    Bug: https://bugs.gentoo.org/768366
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    1 +
 sys-libs/glibc/glibc-2.32-r8.ebuild | 1513 +++++++++++++++++++++++++++++++++++
 2 files changed, 1514 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2021-02-27 20:31:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5046391eafbd8adbad9a0f9f7c77f0a991efa6d

commit e5046391eafbd8adbad9a0f9f7c77f0a991efa6d
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-02-27 20:30:09 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-02-27 20:30:55 +0000

    sys-libs/glibc: Bump to 2.33 patchlevel 2
    
    Bug: https://bugs.gentoo.org/768366
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest          | 2 +-
 sys-libs/glibc/glibc-2.33.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2021-02-27 20:51:07 UTC
Fixed in 2.32-r8 and later