systemd-homed accounts are unusable with nscd
My main user account is managed by systemd-homed. When I enable AppArmor and have nscd running, I get inconsistent behavior with my user account - sometimes I can't log in, sometimes I can log in but not use sudo
, etc.
This is the output of getent passwd
:
$ getent passwd
root:x:0:0::/root:/usr/bin/zsh
bin:x:1:1::/:/sbin/nologin
daemon:x:2:2::/:/sbin/nologin
mail:x:8:12::/var/spool/mail:/sbin/nologin
ftp:x:14:11::/srv/ftp:/sbin/nologin
http:x:33:33::/srv/http:/sbin/nologin
nobody:x:65534:65534:Nobody:/:/sbin/nologin
dbus:x:81:81:System Message Bus:/:/sbin/nologin
[...]
rose:x:1000:1000:Rose Kunkel:/home/rose:/usr/bin/zsh
But getent passwd rose
and getent passwd 1000
both return no output.
Stopping nscd.service
fixes these problems. Checking the apparmor logs, I noticed that nscd was denied access to /etc/machine-id
. Allowing access to that file seems to have fixed the issue, I've attached a patch:
Fix-nscd-conflict-with-systemd-homed.patch
This is on Arch Linux, kernel 5.10.7.a-1-hardened, systemd 247 (247.2-1-arch), nscd (GNU libc) 2.32.