GitLab

My main user account is managed by systemd-homed. When I enable AppArmor and have nscd running, I get inconsistent behavior with my user account - sometimes I can't log in, sometimes I can log in but not use sudo, etc.

This is the output of getent passwd:

$ getent passwd
root:x:0:0::/root:/usr/bin/zsh
bin:x:1:1::/:/sbin/nologin
daemon:x:2:2::/:/sbin/nologin
mail:x:8:12::/var/spool/mail:/sbin/nologin
ftp:x:14:11::/srv/ftp:/sbin/nologin
http:x:33:33::/srv/http:/sbin/nologin
nobody:x:65534:65534:Nobody:/:/sbin/nologin
dbus:x:81:81:System Message Bus:/:/sbin/nologin
[...]
rose:x:1000:1000:Rose Kunkel:/home/rose:/usr/bin/zsh

But getent passwd rose and getent passwd 1000 both return no output.

Stopping nscd.service fixes these problems. Checking the apparmor logs, I noticed that nscd was denied access to /etc/machine-id. Allowing access to that file seems to have fixed the issue, I've attached a patch: Fix-nscd-conflict-with-systemd-homed.patch

This is on Arch Linux, kernel 5.10.7.a-1-hardened, systemd 247 (247.2-1-arch), nscd (GNU libc) 2.32.