diff options
Diffstat (limited to 'src/grp-machine/nss-mymachines/nss-mymachines.c')
-rw-r--r-- | src/grp-machine/nss-mymachines/nss-mymachines.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/grp-machine/nss-mymachines/nss-mymachines.c b/src/grp-machine/nss-mymachines/nss-mymachines.c index 4299dd7a0b..18de097746 100644 --- a/src/grp-machine/nss-mymachines/nss-mymachines.c +++ b/src/grp-machine/nss-mymachines/nss-mymachines.c @@ -25,6 +25,7 @@ #include "sd-bus/bus-common-errors.h" #include "systemd-basic/alloc-util.h" +#include "systemd-basic/env-util.h" #include "systemd-basic/hostname-util.h" #include "systemd-basic/in-addr-util.h" #include "systemd-basic/macro.h" @@ -434,6 +435,12 @@ enum nss_status _nss_mymachines_getpwnam_r( if (!machine_name_is_valid(machine)) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve + * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus + * running on the host. */ + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -514,6 +521,9 @@ enum nss_status _nss_mymachines_getpwuid_r( if (uid < HOST_UID_LIMIT) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -605,6 +615,9 @@ enum nss_status _nss_mymachines_getgrnam_r( if (!machine_name_is_valid(machine)) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -682,6 +695,9 @@ enum nss_status _nss_mymachines_getgrgid_r( if (gid < HOST_GID_LIMIT) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; |