On 07/09/2018 04:20 PM, Nicolas Iooss wrote: > Hello, > > While testing a systemd update on Arch Linux, I encountered the > following message (in a Vagrant virtual machine): > > # semanage fcontext -m -s sysadm_u -t user_home_t '/vagrant(/.*)?' > libsemanage.get_home_dirs: Error while fetching users. Returning list so far. > > A quick debugging of get_home_dirs() in > libsemanage/src/genhomedircon.c shows that the loop "while ((pwbuf = > getpwent()) != NULL)" stops with pwbuf=NULL and errno=2 (ENOENT). My > /etc/nsswitch.conf contains: > > passwd: files mymachines systemd > > If I remove "systemd" from this line, the error disappears. Therefore > it seems that systemd's NSS module returns a ENOENT error when > getpwent() is called. I have not found any clue in systemd's code [1] > about such an error and I have not got much time to debug this issue. > Does this occurs for someone else (using Fedora for example)?
Fedora ships with usepasswd=False in semanage.conf, so we'll never reach that code in a default configuration. Fedora nsswitch.conf has following for passwd: passwd: files sss systemd Removing usepasswd=False from semanage.conf, I see the same behavior with libsemanage 2.8, systemd 239, and glibc 2.27 on Fedora and it did not occur with systemd 238. systemd v239 does introduce support into nss-systemd for looking up dynamic users, so this seems to be the cause. Not sure yet whether this represents a bug in libsemanage or systemd, but it appears to just be a warning and not fatal to operation. > > For information, this issue occurs with SELinux release 2.8 (and git > master branch), systemd 239.0 and glibc 2.27, on a system with SELinux > in permissive mode. > > Best, > Nicolas > > [1] > https://github.com/systemd/systemd/blob/master/src/nss-systemd/nss-systemd.c _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
