[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#43371] [PATCH] doc: prevent host/container nscd mismatch

From: edk
Subject: [bug#43371] [PATCH] doc: prevent host/container nscd mismatch
Date: Sun, 13 Sep 2020 12:30:49 +0200
User-agent: mu4e 1.4.4; emacs 27.1

doc/guix.texi: (Name Service Switch) add a workaround for bug #41575
 doc/guix.texi | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index a6e14ea177..a9472e680e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1706,6 +1706,20 @@ this binary incompatibility problem because those 
 files are loaded in the @command{nscd} process, not in applications
+For applications running in containers (@pxref{Invokin guix container}),
+however, @code{nscd} may leak information from the host to the container.
+If there is a configuration mismatch between the two ---e.g., the host
+has no @code{sshd} user while the container needs one--- then it may be
+worthwhile to limit which kind of information the host's @code{nscd}
+daemon may give to the container by adding the following to
+        enable-cache            passwd          no
+        enable-cache            group           no
+        enable-cache            netgroup        no
+@end example
 @subsection X11 Fonts
 @cindex fonts
@@ -27582,7 +27596,7 @@ that should be preferably killed.
 @item @code{avoid-regexp} (default: @code{#f})
 A regular expression (as a string) to match the names of the processes
-that should @emph{not} be killed.
+that should @emph{not} be kcoilled.
 @item @code{memory-report-interval} (default: @code{0})
 The interval in seconds at which a memory report is printed.  It is

reply via email to

[Prev in Thread] Current Thread [Next in Thread]