-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/initContainer: Simplify removing the user's password #1349
Conversation
Build failed. ❌ unit-test RETRY_LIMIT in 34s |
8284a84
to
7595fb6
Compare
Build failed. ❌ unit-test RETRY_LIMIT in 33s |
7595fb6
to
9eddf7d
Compare
Build failed. ❌ unit-test NODE_FAILURE Node request 200-0006306328 failed in 0s |
It's one less invocation of an external command, which is good because spawning a new process is generally expensive. One positive side-effect of this is that on some Active Directory set-ups, the entry point no longer fails with: Error: failed to remove password for user [email protected]: failed to invoke passwd(1) ... because of: # passwd --delete [email protected] passwd: Libuser error at line: 210 - name contains invalid char `@'. This is purely an accident, and isn't meant to be an intential change to support Active Directory. Tools like useradd(8) and usermod(8) from Shadow aren't meant to work with Active Directory users, and, hence, it can still break in other ways. For that, one option is to expose $USER from the host operating system to the Toolbx container through a Varlink interface that can be used by nss-systemd inside the container. Based on an idea from Si. containers#585
9eddf7d
to
b1b1d45
Compare
Build failed. ✔️ unit-test SUCCESS in 8m 26s |
There are still some test failures on Fedora Rawhide. For example:
I believe these are because of changes in various other components in Fedora 39, which we need to track down one by one and work out a fix. In the mean time, I am going to temporarily override these failures. |
It's one less invocation of an external command, which is good because
spawning a new process is generally expensive.
One positive side-effect of this is that on some Active Directory
set-ups, the entry point no longer fails with:
... because of:
This is purely an accident, and isn't meant to be an intential change to
support Active Directory. Tools like
useradd(8)
andusermod(8)
fromShadow aren't meant to work with Active Directory users, and, hence, it
can still break in other ways. For that, one option is to expose
$USER
from the host operating system to the Toolbx container through a Varlink
interface that can be used by nss-systemd inside the container.
Based on an idea from Si.
#585