Fix nscd conflict with systemd-homed (!707) · Merge requests · AppArmor / apparmor

John Johansen requested to merge jjohansen/apparmor:fix-nscd into master Feb 12, 2021

My main user account is managed by systemd-homed. When I enable AppArmor and have nscd running, I get inconsistent behavior with my user account - sometimes I can't log in, sometimes I can log in but not use sudo, etc.

This is the output of getent passwd: $ getent passwd root:x:0:0::/root:/usr/bin/zsh bin:x:1:1::/:/sbin/nologin daemon:x:2:2::/:/sbin/nologin mail:x:8:12::/var/spool/mail:/sbin/nologin ftp:x:14:11::/srv/ftp:/sbin/nologin http:x:33:33::/srv/http:/sbin/nologin nobody:x:65534:65534:Nobody:/:/sbin/nologin dbus:x:81:81:System Message Bus:/:/sbin/nologin [...] rose:x:1000:1000:Rose Kunkel:/home/rose:/usr/bin/zsh

But getent passwd rose and getent passwd 1000 both return no output. Stopping nscd.service fixes these problems. Checking the apparmor logs, I noticed that nscd was denied access to /etc/machine-id. Allowing access to that file seems to have fixed the issue.

MR: Fixes: #145 (closed) Signed-off-by: John Johansen john.johansen@canonical.com

Fix nscd conflict with systemd-homed

Merge request reports