From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id cK+fBDb1XV9+ewAA0tVLHw (envelope-from ) for ; Sun, 13 Sep 2020 10:32:22 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id gOx7OjX1XV8PDgAAB5/wlQ (envelope-from ) for ; Sun, 13 Sep 2020 10:32:21 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 494E594042A for ; Sun, 13 Sep 2020 10:32:21 +0000 (UTC) Received: from localhost ([::1]:36086 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kHPIy-0003NC-6M for larch@yhetil.org; Sun, 13 Sep 2020 06:32:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33012) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kHPIg-0003MG-Hr for guix-patches@gnu.org; Sun, 13 Sep 2020 06:32:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38002) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kHPIf-0005KF-S3 for guix-patches@gnu.org; Sun, 13 Sep 2020 06:32:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kHPIf-00082b-OH for guix-patches@gnu.org; Sun, 13 Sep 2020 06:32:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43371] [PATCH] doc: prevent host/container nscd mismatch Resent-From: edk@beaver-labs.com Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 13 Sep 2020 10:32:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 43371 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 43371@debbugs.gnu.org Cc: 41575@debbugs.gnu.org, conjaroy X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159999307730848 (code B ref -1); Sun, 13 Sep 2020 10:32:01 +0000 Received: (at submit) by debbugs.gnu.org; 13 Sep 2020 10:31:17 +0000 Received: from localhost ([127.0.0.1]:49546 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kHPHx-00081T-HW for submit@debbugs.gnu.org; Sun, 13 Sep 2020 06:31:17 -0400 Received: from lists.gnu.org ([209.51.188.17]:57558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kHPHv-00081H-Tt for submit@debbugs.gnu.org; Sun, 13 Sep 2020 06:31:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60978) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kHPHv-0002km-IJ for guix-patches@gnu.org; Sun, 13 Sep 2020 06:31:15 -0400 Received: from sender4-op-o11.zoho.com ([136.143.188.11]:17106) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kHPHt-0005E1-IQ for guix-patches@gnu.org; Sun, 13 Sep 2020 06:31:15 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1599993068; cv=none; d=zohomail.com; s=zohoarc; b=NHP5KAbCst7ACD6Adr4aI6yNf9v2xtqTGzjOBZjVAB8w5RKlR2d/q+5pW+EagvPoHUIype3iy9CvPNr8qzX6YENz9H+b/dg/aNFaSLVcupA8C5U/8MGjFkE7W+Hc2evWV+Uxd4ae/72fQXygRNPmQ6J5jZBP38ZMQvKyIbZz2s0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599993068; h=Content-Type:Cc:Date:From:MIME-Version:Message-ID:Subject:To; bh=9/Eymdti+Bs5n1qz3AhHhnUk5I1CZZVyiiwiUfvPYdI=; b=n3At5lRyiNmdYW7RpJjhAoD45WDL0cPjswopzAorpMmrk5uRC875jQtufJ88/6IjJDpQ6ZntAolYbeJJw0IFU09FzkZBwoAxUFyBF2NMFoEc8FFm5rtLDuX3Yx0g8rrPoJPyheRHs29wE3a41Hz8nItW3Yh/o80/ag47WHdyGHc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=beaver-labs.com; spf=pass smtp.mailfrom=edk@beaver-labs.com; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1599993068; s=zoho; d=beaver-labs.com; i=edk@beaver-labs.com; h=From:To:Cc:Cc:Subject:Message-ID:Date:MIME-Version:Content-Type; bh=9/Eymdti+Bs5n1qz3AhHhnUk5I1CZZVyiiwiUfvPYdI=; b=OKneUkC/5OAMviHla2XfAPT3PsMkkDUth//fE//6cq21h/QlrKT0PBLC5hhmhDsi s0hagBXjCn+PeZ+/cOdKw+DGpCJ+3Ip3imclowtpnjM6xqyOkuI9vj3CRNGBD5A7anN okuNJkkgl4uJUPxG5YrVS2LjcB2zVBBCDPZcnWWI= Received: from Rasoir (lfbn-idf3-1-1319-142.w92-170.abo.wanadoo.fr [92.170.248.142]) by mx.zohomail.com with SMTPS id 159999306668558.51591308873799; Sun, 13 Sep 2020 03:31:06 -0700 (PDT) User-agent: mu4e 1.4.4; emacs 27.1 From: edk@beaver-labs.com Message-ID: <87lfhet1d2.fsf@rdklein.fr> Date: Sun, 13 Sep 2020 12:30:49 +0200 MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.11; envelope-from=edk@beaver-labs.com; helo=sender4-op-o11.zoho.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/13 06:31:10 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.4 (--) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none (invalid DKIM record) header.d=beaver-labs.com header.s=zoho header.b=OKneUkC/; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 0.99 X-TUID: 1CXW7YNit5og doc/guix.texi: (Name Service Switch) add a workaround for bug #41575 --- doc/guix.texi | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index a6e14ea177..a9472e680e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1706,6 +1706,20 @@ this binary incompatibility problem because those @code{libnss_*.so} files are loaded in the @command{nscd} process, not in applications themselves. +For applications running in containers (@pxref{Invokin guix container}), +however, @code{nscd} may leak information from the host to the container. +If there is a configuration mismatch between the two ---e.g., the host +has no @code{sshd} user while the container needs one--- then it may be +worthwhile to limit which kind of information the host's @code{nscd} +daemon may give to the container by adding the following to +@code{/etc/nscd.conf}. + +@example + enable-cache passwd no + enable-cache group no + enable-cache netgroup no +@end example + @subsection X11 Fonts @cindex fonts @@ -27582,7 +27596,7 @@ that should be preferably killed. @item @code{avoid-regexp} (default: @code{#f}) A regular expression (as a string) to match the names of the processes -that should @emph{not} be killed. +that should @emph{not} be kcoilled. @item @code{memory-report-interval} (default: @code{0}) The interval in seconds at which a memory report is printed. It is -- 2.28.0