[lxc-devel] lxc-attach: NSS handling

Serge Hallyn serge.hallyn at ubuntu.com
Mon Mar 4 20:56:48 UTC 2013


Quoting Christian Seiler (christian at iwakd.de):
> Hi there,
> 
> I've run into the problem multiple times now that lxc-attach can't
> detect the default shell of my current user properly, since the NSS
> implementations of host and container are incompatible.
> 
> One of the patches I just sent to the list mitigates that by having a
> fallback - use /bin/sh. The only trouble is that calling any modern
> shell as /bin/sh will usually not result in a very user-friendly interface.
> 
> So my idea would actually be to introduce an additional fallback: glibc
> comes with an additional binary getent(1) that allows one to query the
> NSS directly. If getpwuid() doesn't work directly, lxc-attach could
> spawn "getent passwd %d" and parse the output to figure out the correct
> login shell of the user. That will also not work in all cases, but then
> we may still fall back on /bin/sh as a last resort.
> 
> Do you think implementing that is worthwhile?

Yes.

So if you resend the patchset, I'd suggest this patch first, the
/bin/sh as default one second, setuids ones next...

(Btw, do you have a github tree?  Reviewing/acking patches is easier
on the list, but for actually pushing patches to staging, going from
github tree is much nicer)

-serge




More information about the lxc-devel mailing list