Hi Michael, On 2021-09-13 19:13, Michael Biebl wrote: > Hi Aurelien, > > thanks for the bug report > > On Thu, 9 Sep 2021 18:48:42 +0200 Aurelien Jarno <aure...@debian.org> wrote: > > > One way to workaround the issue would be to force systemd-logind to do a > > NSS lookup, just like it it s already the case when a user log onto the > > system. > > Before the upgrade, I assume, i.e. in libc6.preinst?
Yes, exactly. > Have you already tested this? If so, what did you use? > Should we construct something based on systemd-run maybe? Unfortunately it's not easy. loginctl is doing a lot of checks before calling systemd-logind, and systemd-logind is doing a lot of tests before doing a call to NSS functions. Most notably, it needs to be a real login associated with a seat, so faking a login is not possible. The only thing I have found is to ask systemd-logind to enable or disable lingering. To avoid actually changing the configuration, the two following options works: - running the operation on an existing user, but without the associated permission. For instance running "loginctl enable-linger root" as user nobody. - running the operation on a non-existing user, but as loginctl does a check that the user exists, it has to be done directly with the dbus API, for instance "gdbus call --system --dest org.freedesktop.login1 --object-path /org/freedesktop/login1 --method org.freedesktop.login1.Manager.SetUserLinger 12345678 true true" The latest is more a bit more complex to do (especially that libglib2.0-bin is not necessarily installed on the system), but has the advantage of exercising all configured NSS modules. In any case we can probably check if the above trick is needed by running something like "grep -E 'libnss_(compat|db|files)' /proc/$(systemctl show --property MainPID --value systemd-logind.service)/maps" I haven't test the full pattern by including this in the preinst, but so far I have been running the above snippet before doing the upgrade, and I has worked. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
signature.asc
Description: PGP signature
