[systemd-devel] [PATCH] nspawn: allow -EEXIST on mkdir_safe /home/${uid}

[Lennart Poettering]

On Thu, 13.03.14 15:37, Brandon Philips (brandon at ifup.co) wrote:

> Also, in commit aca07 my Debian Wheezy container broke because
> /usr/bin/getent doesn't understand initgroups. Is there a way to
> workaround this?

Oh yikes. I assumed getent with all its verb had been around since a
long time.

Hmm, so to resolve UIDs and GIDs properly we need some way in the
container to do NSS queries, from a binary that links against the
container's libc. "getent" is quite good for that as it has parsable
output, and given that it is component of glibc we can pretty much
assume that it is installed on any interesting container
guest...

Now, I am not sure how else we can correctly resolve the auxiliary gids
list, other than with "getent initgroups". I don't think there's any
other nice command for that with parsable output that is ubiquitously
installed... Or is there? ideas?

IIUC then the the first part of the user transition works correctly
though, i.e. the "getent passwd" part? If so, maybe we can try the
initgroups part and if it fails simply print a wrning and proceed
without setting the auxiliary groups. Would that be enough for you?

Lennart

-- 
Lennart Poettering, Red Hat