Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
  • apparmor apparmor
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 102
    • Issues 102
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 21
    • Merge requests 21
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab 15.0 has launched! Please visit Breaking changes in 15.0 and 15.0 Removals to see which breaking changes may impact your workflow.

  • AppArmor
  • apparmorapparmor
  • Issues
  • #145
Closed
Open
Created Jan 18, 2021 by Rose Kunkel@rosekunkel

systemd-homed accounts are unusable with nscd

My main user account is managed by systemd-homed. When I enable AppArmor and have nscd running, I get inconsistent behavior with my user account - sometimes I can't log in, sometimes I can log in but not use sudo, etc.

This is the output of getent passwd:

$ getent passwd
root:x:0:0::/root:/usr/bin/zsh
bin:x:1:1::/:/sbin/nologin
daemon:x:2:2::/:/sbin/nologin
mail:x:8:12::/var/spool/mail:/sbin/nologin
ftp:x:14:11::/srv/ftp:/sbin/nologin
http:x:33:33::/srv/http:/sbin/nologin
nobody:x:65534:65534:Nobody:/:/sbin/nologin
dbus:x:81:81:System Message Bus:/:/sbin/nologin
[...]
rose:x:1000:1000:Rose Kunkel:/home/rose:/usr/bin/zsh

But getent passwd rose and getent passwd 1000 both return no output.

Stopping nscd.service fixes these problems. Checking the apparmor logs, I noticed that nscd was denied access to /etc/machine-id. Allowing access to that file seems to have fixed the issue, I've attached a patch: Fix-nscd-conflict-with-systemd-homed.patch

This is on Arch Linux, kernel 5.10.7.a-1-hardened, systemd 247 (247.2-1-arch), nscd (GNU libc) 2.32.

Assignee
Assign to
Time tracking