External authentication fails between user-namespaces #345
Comments
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Dec 4, 2022
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Dec 4, 2022
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Dec 4, 2022
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Dec 4, 2022
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
|
already fixed in master in #264 |
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
Jan 2, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
guelfey
pushed a commit
to idleroamer/dbus
that referenced
this issue
Apr 9, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 13, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 13, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 13, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 13, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 13, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 14, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 21, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 21, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
idleroamer
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 22, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
guelfey
pushed a commit
to idleroamer/dbus
that referenced
this issue
May 22, 2023
Due to mismatch between UID in a user-namespace and out-of-band credential acquired by server on another user-namespace refrain from sending UID with external authentication by default to keep compatibility still fallback to sending UID if it fails godbus#345
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is not possible to connect to dbus bus running on host from within a user-namespace, a typical containers setup.
The "EXTERNAL authentication" mechansim fails to verify the UID credential passing via the message against the out-of-band credential, due mismatch in user-id crossing user-namespace.
Frameworks like sd-bus, gdbus has already switched to sending empty value instead of UID in DATA payload to fix the issue.
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2832
systemd/systemd@1ed4723
The text was updated successfully, but these errors were encountered: