[systemd-devel] systemd-nspawn should not require getent initgroups

[Lennart Poettering]

On Sun, 14.09.14 13:44, Marco d'Itri (md at Linux.IT) wrote:

> It was implemented in glibc 2.15, so it is not available in Debian 
> stable and RHEL 6 at least, and systemd-nspawn --user does not work.

I think I mentioned this elsewhere, but I'd be happy to merge a patch
that downgrades failure of "getent initgroups" to a warning and simply
doesn't initialize the auxiliary group list on such old containers to
anything but the empty list.

In most cases the getent initgroups feature probably returns the empty
lost, hence skipping this with a warning sounds pretty OK.

That said, if anybody has an idea how we can query the same
information without requiring getent's initgroups command i'd be all
ears. However, since lookup up users requires NSS we must exec some
binary of the container, we cannot just do this with our own code.

Lennart

-- 
Lennart Poettering, Red Hat