On 2020-04-11 9:04 p.m., Simon Déziel wrote: > On 2020-04-10 1:16 p.m., Jamie Strandboge wrote: >> The abstraction is meant to cover the client, not systemd internal >> specifics. A client simply accessing that DBus API won't need it and a >> client simply accessing those sockets won't need it. It very well might >> be that a profiled application is using some *ctl command from systemd >> that would need it, but in that case said command would need to be added >> to the policy and the boot-id could be added at that time. > > I don't know as squid, named and samba (to name a few) generate many > denials trying to read /proc/sys/kernel/random/boot_id. None of those > are explicitly trying to use the DynamicUser feature. Could it be just a > side effect of how nsswitch.conf is setup by default? > > $ grep systemd /etc/nsswitch.conf > passwd: files systemd > group: files systemd
This is indeed due to having systemd in the default nsswitch.conf. I've report the problem in LP: #1872564 Simon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1869024 Title: add support for DynamicUser feature of systemd To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1869024/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
