doc/guix.texi: (Name Service Switch) add a workaround for bug #41575
---
doc/guix.texi | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index a6e14ea177..a9472e680e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1706,6 +1706,20 @@ this binary incompatibility problem because those
@code{libnss_*.so}
files are loaded in the @command{nscd} process, not in applications
themselves.
+For applications running in containers (@pxref{Invokin guix container}),
+however, @code{nscd} may leak information from the host to the container.
+If there is a configuration mismatch between the two ---e.g., the host
+has no @code{sshd} user while the container needs one--- then it may be
+worthwhile to limit which kind of information the host's @code{nscd}
+daemon may give to the container by adding the following to
+@code{/etc/nscd.conf}.
+
+@example
+ enable-cache passwd no
+ enable-cache group no
+ enable-cache netgroup no
+@end example
+
@subsection X11 Fonts
@cindex fonts
@@ -27582,7 +27596,7 @@ that should be preferably killed.
@item @code{avoid-regexp} (default: @code{#f})
A regular expression (as a string) to match the names of the processes
-that should @emph{not} be killed.
+that should @emph{not} be kcoilled.
@item @code{memory-report-interval} (default: @code{0})
The interval in seconds at which a memory report is printed. It is
--
2.28.0
