[PATCH] fill_user_info: fake user info for 'root' if it can not be found

Tom Gundersen teg at jklm.no
Tue Feb 26 15:44:49 PST 2013

On Tue, Feb 26, 2013 at 10:13 PM, Thiago Macieira <thiago at kde.org> wrote:
> On terça-feira, 26 de fevereiro de 2013 21.17.11, Lennart Poettering wrote:
>> As a side note: we currently have a similar special casing for NSS for
>> the root user in systemd, because we want to avoid NSS calls as much as
>> possible if we can avoid them, since they might block and involve
>> network communication. And as most system daemons, especially in early
>> boot run as root, this more or less us to reduce the number of NSS calls
>> of the "systemd" binary itself to a value next to zero.
>> > Alternatively, have you considered using a NSS module that "knows who
>> > root is", analogous to nss-myhostname?
>> Hmm, i'd claim that most software wouldn't gain anything from special
>> casing NSS for the root user. This is only beneficial to the very
>> special early boot stuff we have like systemd and dbus.
> That's an argument I can accept. Instead of trying to work around a broken
> system that is almost never going to be seen in the wild, improving boot-timer
> performance by avoiding the NSS dependency is very welcome.

Cool. Avoiding the hard-dependency on NSS was my main aim.

> However, you need to show that it is avoiding the dependency. If the system
> daemon needs to get information about more users anyway because of the
> configuration files, there was no gain.

Well, systemd and dbus+patch both work without NSS installed (i.e.,
the systemd-based initramfs I'm working on does not include nss). I
could respin the patch in the same style as what is done in systemd:
rather than create a fallback 'root' entry, just don't look up user
credentials at all in case of uid==0, that would avoid calls to
getpwnam even when nss is configured. Would that make more sense?

It is worth noting that while this removes PID1's dependency on NSS,
NSS is still a soft dependency of other systemd components (such as
udevd and journald) as they want to look up non-root users, so it will
be called eventually after we leave the initrd. That said, I'd think
pulling it in once is still better than pulling it in twice (and not
doing it from PID1 seems worth-while).

What do you think?



More information about the dbus mailing list