diff options
Diffstat (limited to 'src/grp-machine/nss-mymachines')
| -rw-r--r-- | src/grp-machine/nss-mymachines/Makefile | 2 | ||||
| -rw-r--r-- | src/grp-machine/nss-mymachines/nss-mymachines.c | 16 | ||||
| -rw-r--r-- | src/grp-machine/nss-mymachines/nss-mymachines.xml | 7 |
3 files changed, 21 insertions, 4 deletions
diff --git a/src/grp-machine/nss-mymachines/Makefile b/src/grp-machine/nss-mymachines/Makefile index 5e3d878b23..5f8898b1a0 100644 --- a/src/grp-machine/nss-mymachines/Makefile +++ b/src/grp-machine/nss-mymachines/Makefile @@ -39,7 +39,7 @@ libnss_mymachines_la_LIBADD = \ libsystemd-internal.la \ libsystemd-basic.la -lib_LTLIBRARIES += \ +rootlib_LTLIBRARIES += \ libnss_mymachines.la include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/grp-machine/nss-mymachines/nss-mymachines.c b/src/grp-machine/nss-mymachines/nss-mymachines.c index 4299dd7a0b..18de097746 100644 --- a/src/grp-machine/nss-mymachines/nss-mymachines.c +++ b/src/grp-machine/nss-mymachines/nss-mymachines.c @@ -25,6 +25,7 @@ #include "sd-bus/bus-common-errors.h" #include "systemd-basic/alloc-util.h" +#include "systemd-basic/env-util.h" #include "systemd-basic/hostname-util.h" #include "systemd-basic/in-addr-util.h" #include "systemd-basic/macro.h" @@ -434,6 +435,12 @@ enum nss_status _nss_mymachines_getpwnam_r( if (!machine_name_is_valid(machine)) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve + * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus + * running on the host. */ + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -514,6 +521,9 @@ enum nss_status _nss_mymachines_getpwuid_r( if (uid < HOST_UID_LIMIT) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -605,6 +615,9 @@ enum nss_status _nss_mymachines_getgrnam_r( if (!machine_name_is_valid(machine)) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; @@ -682,6 +695,9 @@ enum nss_status _nss_mymachines_getgrgid_r( if (gid < HOST_GID_LIMIT) goto not_found; + if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) + goto not_found; + r = sd_bus_open_system(&bus); if (r < 0) goto fail; diff --git a/src/grp-machine/nss-mymachines/nss-mymachines.xml b/src/grp-machine/nss-mymachines/nss-mymachines.xml index ec047449bf..00bcc53ec0 100644 --- a/src/grp-machine/nss-mymachines/nss-mymachines.xml +++ b/src/grp-machine/nss-mymachines/nss-mymachines.xml @@ -82,11 +82,11 @@ <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables <command>nss-mymachines</command> correctly:</para> - <programlisting>passwd: compat <command>mymachines</command> -group: compat <command>mymachines</command> + <programlisting>passwd: compat <command>mymachines</command> systemd +group: compat <command>mymachines</command> systemd shadow: compat -hosts: files <command>mymachines</command> resolve myhostname +hosts: files <command>mymachines</command> resolve [!UNAVAIL=return] dns myhostname networks: files protocols: db files @@ -103,6 +103,7 @@ netgroup: nis</programlisting> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |