Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Bug#1032990: podman unshare sults in chown: Invalid argument

301 views

Skip to first unread message

Simon Kobyda

unread,

Mar 15, 2023, 7:30:04 AM3/15/23

Package: podman

Version: 4.3.1.

System information:

Distributor ID: Debian
Description: Debian GNU/Linux bookworm/sid
Release: testing
Codename: bookworm

Description: "podman unshare chown 1:1 ~/somefile" fails

Steps to reproduce:

1. touch ~/somefile

2. podman unshare chown 1:1 ~/somefile

Actual result:

chown: changing ownership of '/home/admin/somefile': Invalid argument

Expected result:

podman unshare runs successfully

Additional information:

$ id

uid=1002(admin) gid=1003(admin) groups=1003(admin),27(sudo)

$ cat /etc/subuid
debian:165536:65536
admin:100000:65536

$ cat /etc/subgid
debian:165536:65536
admin:100000:65536

strace:

touch ~/somefile; podman unshare strace -fvvs1024 chown 1:1 ~/somefile
execve("/usr/bin/chown", ["chown", "1:1", "/home/admin/somefile"], ["SHELL=/bin/bash", "SSH_AUTH_SOCK=/tmp/ssh-XXXXXX1LfLTb/agent.2335", "SSH_AGENT_PID=2336", "PWD=/home/admin", "XDG_SESSION_TYPE=web", "COCKPIT_REMOTE_PEER=::ffff:172.27.0.2", "HOME=/home/admin", "LANG=C.UTF-8", "LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*."..., "XDG_SESSION_CLASS=user", "TERM=xterm-256color", "USER=admin", "SHLVL=1", "XDG_SESSION_ID=4", "XDG_RUNTIME_DIR=/run/user/1002", "GSETTINGS_BACKEND=memory", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1002/bus", "_=/usr/bin/podman", "_CONTAINERS_ROOTLESS_UID=1002", "_CONTAINERS_ROOTLESS_GID=1003", "XDG_CONFIG_HOME=/home/admin/.config", "TMPDIR=/var/tmp", "_CONTAINERS_USERNS_CONFIGURED=done", "CONTAINERS_GRAPHROOT=/home/admin/.local/share/containers/storage", "CONTAINERS_RUNROOT=/run/user/1002/containers"]) = 0
brk(NULL) = 0x562be050c000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f71192ff000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=4564, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=112, st_size=54706, st_atime=1678811270 /* 2023-03-14T16:27:50.480000000+0000 */, st_atime_nsec=480000000, st_mtime=1678724869 /* 2023-03-13T16:27:49.420145979+0000 */, st_mtime_nsec=420145979, st_ctime=1678724869 /* 2023-03-13T16:27:49.420145979+0000 */, st_ctime_nsec=420145979}, AT_EMPTY_PATH) = 0
mmap(NULL, 54706, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f1000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Ps\2\0\0\0\0\0@\0\0\0\0\0\0\0XD\35\0\0\0\0\0\0\0\0\0@\08\0\16\0@\0@\0?\0\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\20\3\0\0\0\0\0\0\20\3\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\08S\2\0\0\0\0\08S\2\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\274L\25\0\0\0\0\0\274L\25\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0.+\5\0\0\0\0\0.+\5\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\6\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\230O\0\0\0\0\0\0\200&\1\0\0\0\0\0\0\20\0\0\0\0\0\0\2\0\0\0\6\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\20\0\0\0\0\0\0\0\220\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0S\345td\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\ft\0\0\0\0\0\0\ft\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\00007\0\0\0\0\0\0", 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\20\3\0\0\0\0\0\0\20\3\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\08S\2\0\0\0\0\08S\2\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\274L\25\0\0\0\0\0\274L\25\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0.+\5\0\0\0\0\0.+\5\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\6\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\230O\0\0\0\0\0\0\200&\1\0\0\0\0\0\0\20\0\0\0\0\0\0\2\0\0\0\6\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\20\0\0\0\0\0\0\0\220\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0S\345td\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\ft\0\0\0\0\0\0\ft\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\00007\0\0\0\0\0\00007\0\0\0\0\0\0\1\0\0\0\0\0\0\0", 784, 64) = 784
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=13123, st_mode=S_IFREG|0755, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=3760, st_size=1922136, st_atime=1678810567 /* 2023-03-14T16:16:07.828000000+0000 */, st_atime_nsec=828000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.001330828+0000 */, st_ctime_nsec=1330828}, AT_EMPTY_PATH) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\20\3\0\0\0\0\0\0\20\3\0\0\0\0\0\0\10\0\0\0\0\0\0\0\3\0\0\0\4\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\220\n\32\0\0\0\0\0\34\0\0\0\0\0\0\0\34\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\08S\2\0\0\0\0\08S\2\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\0`\2\0\0\0\0\0\274L\25\0\0\0\0\0\274L\25\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0\0\260\27\0\0\0\0\0.+\5\0\0\0\0\0.+\5\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\6\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\230O\0\0\0\0\0\0\200&\1\0\0\0\0\0\0\20\0\0\0\0\0\0\2\0\0\0\6\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0`\33\35\0\0\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0p\3\0\0\0\0\0\0D\0\0\0\0\0\0\0D\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\20\0\0\0\0\0\0\0\220\0\0\0\0\0\0\0\10\0\0\0\0\0\0\0S\345td\4\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0P\3\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0\10\0\0\0\0\0\0\0P\345td\4\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\254\n\32\0\0\0\0\0\ft\0\0\0\0\0\0\ft\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\0\320\350\34\0\0\0\0\00007\0\0\0\0\0\00007\0\0\0\0\0\0\1\0\0\0\0\0\0\0", 784, 64) = 784
mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7119110000
mmap(0x7f7119136000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f7119136000
mmap(0x7f711928b000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7f711928b000
mmap(0x7f71192de000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7f71192de000
mmap(0x7f71192e4000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f71192e4000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f711910d000
arch_prctl(ARCH_SET_FS, 0x7f711910d740) = 0
set_tid_address(0x7f711910da10) = 19809
set_robust_list(0x7f711910da20, 24) = 0
rseq(0x7f711910e060, 0x20, 0, 0x53053053) = 0
mprotect(0x7f71192de000, 16384, PROT_READ) = 0
mprotect(0x562bdf8f5000, 4096, PROT_READ) = 0
mprotect(0x7f7119331000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f71192f1000, 54706) = 0
getrandom("\x3e\xba\xc9\x60\x8f\x85\xb4\x10", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x562be050c000
brk(0x562be052d000) = 0x562be052d000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=13064, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=2996, st_atime=1678810578 /* 2023-03-14T16:16:18.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724170 /* 2023-03-13T16:16:10.376145979+0000 */, st_ctime_nsec=376145979}, AT_EMPTY_PATH) = 0
read(3, "# Locale name alias data base.\n# Copyright (C) 1996-2022 Free Software Foundation, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2, or (at your option)\n# any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, see <https://www.gnu.org/licenses/>.\n\n# The format of this file is the same as for the corresponding file of\n# the X Window System, which normally can be found in\n#\t/usr/lib/X11/locale/locale.alias\n# A single line contains two fields: an alias and a substitution value.\n# All entries are case independent.\n\n# Note: This file is obsolete and is kept aro"..., 4096) = 2996
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131123, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=258, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 258, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192fe000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=13403, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=56, st_size=27028, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.025330828+0000 */, st_ctime_nsec=25330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 27028, PROT_READ, MAP_SHARED, 3, 0) = 0x7f71192f7000
close(3) = 0
futex(0x7f71192e3a4c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131124, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=23, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f6000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131131, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=47, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 47, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f5000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131120, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=127, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 127, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f4000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131128, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=62, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 62, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f3000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131130, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=34, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f2000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131125, st_mode=S_IFDIR|0755, st_nlink=2, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=1678724167 /* 2023-03-13T16:16:07+0000 */, st_atime_nsec=0, st_mtime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_mtime_nsec=741330828, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131126, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=48, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 48, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71192f1000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131127, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=270, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 270, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f711910c000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131121, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=1406, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 1406, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f711910b000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131132, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=3360, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 3360, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f711910a000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131129, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=50, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 50, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7119109000
close(3) = 0
openat(AT_FDCWD, "/usr/lib/locale/C.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/locale/C.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=131122, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=696, st_size=353616, st_atime=1678810567 /* 2023-03-14T16:16:07.832000000+0000 */, st_atime_nsec=832000000, st_mtime=1673090989 /* 2023-01-07T11:29:49+0000 */, st_mtime_nsec=0, st_ctime=1678724167 /* 2023-03-13T16:16:07.741330828+0000 */, st_ctime_nsec=741330828}, AT_EMPTY_PATH) = 0
mmap(NULL, 353616, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71190b2000
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_dev=makedev(0xfe, 0x1), st_ino=26055, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=564, st_atime=1678811102 /* 2023-03-14T16:25:02.112000000+0000 */, st_atime_nsec=112000000, st_mtime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_mtime_nsec=716145979, st_ctime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_ctime_nsec=716145979}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_dev=makedev(0xfe, 0x1), st_ino=2, st_mode=S_IFDIR|0755, st_nlink=18, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=1678808273 /* 2023-03-14T15:37:53.484000000+0000 */, st_atime_nsec=484000000, st_mtime=1678724934 /* 2023-03-13T16:28:54.232000000+0000 */, st_mtime_nsec=232000000, st_ctime=1678724934 /* 2023-03-13T16:28:54.232000000+0000 */, st_ctime_nsec=232000000}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=26055, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=564, st_atime=1678811102 /* 2023-03-14T16:25:02.112000000+0000 */, st_atime_nsec=112000000, st_mtime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_mtime_nsec=716145979, st_ctime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_ctime_nsec=716145979}, AT_EMPTY_PATH) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example configuration of GNU Name Service Switch functionality.\n# If you have the `glibc-doc-reference' and `info' packages installed, try:\n# `info libc \"Name Service Switch\"' for information about this file.\n\npasswd: files sss\ngroup: files sss\nshadow: files sss\ngshadow: files\n\nhosts: files dns myhostname mymachines\nnetworks: files\n\nprotocols: db files\nservices: db files sss\nethers: db files\nrpc: db files\n\nnetgroup: nis sss\nautomount: sss\nsubid: sss\n", 4096) = 564
read(3, "", 4096) = 0
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=26055, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=564, st_atime=1678811102 /* 2023-03-14T16:25:02.112000000+0000 */, st_atime_nsec=112000000, st_mtime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_mtime_nsec=716145979, st_ctime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_ctime_nsec=716145979}, AT_EMPTY_PATH) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=31092, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=2426, st_atime=1678811102 /* 2023-03-14T16:25:02.116000000+0000 */, st_atime_nsec=116000000, st_mtime=1678724617 /* 2023-03-13T16:23:37.604145979+0000 */, st_mtime_nsec=604145979, st_ctime=1678724617 /* 2023-03-13T16:23:37.604145979+0000 */, st_ctime_nsec=604145979}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nologin\nwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\nbackup:x:34:34:backup:/var/backups:/usr/sbin/nologin\nlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\nirc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin\nnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n_apt:x:100:65534::/nonexistent:/usr/sbin/nologin\nsystemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin\nsystemd-resolve"..., 4096) = 2426
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=4564, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=112, st_size=54706, st_atime=1678811270 /* 2023-03-14T16:27:50.480000000+0000 */, st_atime_nsec=480000000, st_mtime=1678724869 /* 2023-03-13T16:27:49.420145979+0000 */, st_mtime_nsec=420145979, st_ctime=1678724869 /* 2023-03-13T16:27:49.420145979+0000 */, st_ctime_nsec=420145979}, AT_EMPTY_PATH) = 0
mmap(NULL, 54706, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f71190a4000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_sss.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\300\263\0\0\0\0\0\0\0\0\0\0@\08\0\n\0@\0\35\0\34\0\1\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\27\0\0\0\0\0\0\20\27\0\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\5\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0yi\0\0\0\0\0\0yi\0\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\4\0\0\0\0\220\0\0\0\0\0\0\0\220\0\0\0\0\0\0\0\220\0\0\0\0\0\0\340\27\0\0\0\0\0\0\340\27\0\0\0\0\0\0\0\20\0\0\0\0\0\0\1\0\0\0\6\0\0\0\220\255\0\0\0\0\0\0\220\275\0\0\0\0\0\0\220\275\0\0\0\0\0\0\370\4\0\0\0\0\0\0\230\6\0\0\0\0\0\0\0\20\0\0\0\0\0\0\2\0\0\0\6\0\0\0\270\255\0\0\0\0\0\0\270\275\0\0\0\0\0\0\270\275\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\2\0\0\0\0\0\0\10\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0$\0\0\0\0\0\0\0$\0\0\0\0\0\0\0\4\0\0\0\0\0\0\0\7\0\0\0\4\0\0\0\220\255\0\0\0\0\0\0\220\275\0\0\0\0\0\0\220\275\0\0\0\0\0\0\4\0\0\0\0\0\0\0X\1\0\0\0\0\0\0\20\0\0\0\0\0\0\0P\345td\4\0\0\0\200\222\0\0\0\0\0\0\200\222\0\0\0\0\0\0\200\222\0\0\0\0\0\0\304\2\0\0\0\0\0\0\304\2\0\0\0\0\0\0\4\0\0\0\0\0\0\0Q\345td\6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\20\0\0\0\0\0\0\0R\345td\4\0\0\0\220\255\0\0\0\0\0\0\220\275\0\0\0\0\0\0\220\275\0\0\0\0\0\0p\2\0\0\0\0\0\0p\2\0\0\0\0\0\0\1\0\0\0\0\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\340\244\335\310\274\356\264\341FYB\251\33\312\322,\5\211\316l\0\0\0\0\21\0\0\0001\0\0\0\4\0\0\0\10\0\0\0e:\1\254\226\0\20O\2`\0\4\0\2\20\4@b\0@\0\0\21\21\215 \240@\tCP\2021\0\0\0003\0\0\0007\0\0\08\0\0\0\0\0\0\09\0\0\0:\0\0\0\0\0\0\0<\0\0\0?\0\0\0B\0\0\0D\0\0\0F\0\0\0H\0\0\0I\0\0\0L\0\0\0N\0\0\0\324\251m\233\v\273\372-\2~\1\345t:\301\324\342\266\26a\303\227\343[\1\f\322\232\357\371G[\358\365B\32\332q'5\220\374D\214\236\207v\10\200f\\", 832) = 832
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=25983, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=96, st_size=47872, st_atime=1678811102 /* 2023-03-14T16:25:02.116000000+0000 */, st_atime_nsec=116000000, st_mtime=1677422148 /* 2023-02-26T14:35:48+0000 */, st_mtime_nsec=0, st_ctime=1678724350 /* 2023-03-13T16:19:10.888145979+0000 */, st_ctime_nsec=888145979}, AT_EMPTY_PATH) = 0
mmap(NULL, 50216, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7119097000
mmap(0x7f7119099000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7119099000
mmap(0x7f71190a0000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f71190a0000
mmap(0x7f71190a2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f71190a2000
close(3) = 0
mprotect(0x7f71190a2000, 4096, PROT_READ) = 0
munmap(0x7f71190a4000, 54706) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
futex(0x7f71190a3370, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
getpid() = 19809
getpid() = 19809
socket(AF_UNIX, SOCK_STREAM, 0) = 3
futex(0x7f71190a3374, FUTEX_WAKE_PRIVATE, 2147483647) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_dev=makedev(0xfe, 0x1), st_ino=26055, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=564, st_atime=1678811102 /* 2023-03-14T16:25:02.112000000+0000 */, st_atime_nsec=112000000, st_mtime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_mtime_nsec=716145979, st_ctime=1678724489 /* 2023-03-13T16:21:29.716145979+0000 */, st_ctime_nsec=716145979}, 0) = 0
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_dev=makedev(0xfe, 0x1), st_ino=30623, st_mode=S_IFREG|0644, st_nlink=1, st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=8, st_size=1041, st_atime=1678811102 /* 2023-03-14T16:25:02.116000000+0000 */, st_atime_nsec=116000000, st_mtime=1678724617 /* 2023-03-13T16:23:37.576145979+0000 */, st_mtime_nsec=576145979, st_ctime=1678724617 /* 2023-03-13T16:23:37.576145979+0000 */, st_ctime_nsec=576145979}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET) = 0
read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\nsys:x:3:\nadm:x:4:debian\ntty:x:5:\ndisk:x:6:\nlp:x:7:\nmail:x:8:\nnews:x:9:\nuucp:x:10:\nman:x:12:\nproxy:x:13:\nkmem:x:15:\ndialout:x:20:debian\nfax:x:21:\nvoice:x:22:\ncdrom:x:24:debian\nfloppy:x:25:debian\ntape:x:26:\nsudo:x:27:debian,admin\naudio:x:29:debian\ndip:x:30:debian\nwww-data:x:33:\nbackup:x:34:\noperator:x:37:\nlist:x:38:\nirc:x:39:\nsrc:x:40:\ngnats:x:41:\nshadow:x:42:\nutmp:x:43:\nvideo:x:44:debian\nsasl:x:45:\nplugdev:x:46:debian\nstaff:x:50:\ngames:x:60:\nusers:x:100:\nnogroup:x:65534:\nsystemd-journal:x:101:\nsystemd-network:x:102:\nsystemd-resolve:x:103:\nmessagebus:x:104:\ninput:x:105:\nkvm:x:106:\nrender:x:107:\nuuidd:x:108:\ncrontab:x:109:\ntcpdump:x:110:\n_chrony:x:112:\nnetdev:x:113:debian\nsystemd-timesync:x:999:\nsystemd-coredump:x:998:\nwheel:x:1000:\ndebian:x:1002:\nadmin:x:1003:\nsgx:x:114:\nrdma:x:115:\n_ssh:x:111:\nDebian-exim:x:116:\nredis:x:117:\n_tang:x:118:\npcp:x:997:\nsssd:x:119:\ntss:x:120:\npolkitd:x:996:\nlibvirt:x:121:\nlibvirt-qemu:x:64055:libvirt-qemu\nlibvirtdbus:x:122:\ncockpit-ws:x:123:\ncockpit-w"..., 4096) = 1041
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/group", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/var/lib/sss/mc/group", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
getpid() = 19809
socket(AF_UNIX, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
newfstatat(AT_FDCWD, "/home/admin/somefile", {st_dev=makedev(0xfe, 0x1), st_ino=3825, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_size=0, st_atime=1678839532 /* 2023-03-15T00:18:52.112000000+0000 */, st_atime_nsec=112000000, st_mtime=1678839532 /* 2023-03-15T00:18:52.112000000+0000 */, st_mtime_nsec=112000000, st_ctime=1678839532 /* 2023-03-15T00:18:52.112000000+0000 */, st_ctime_nsec=112000000}, AT_SYMLINK_NOFOLLOW) = 0
fchownat(AT_FDCWD, "/home/admin/somefile", 1, 1, 0) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/usr/share/locale/C.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "chown: ", 7chown: ) = 7
write(2, "changing ownership of '/home/admin/somefile'", 44changing ownership of '/home/admin/somefile') = 44
openat(AT_FDCWD, "/usr/share/locale/C.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/C/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Invalid argument", 18: Invalid argument) = 18
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++

Matej Marusak

unread,

Apr 3, 2023, 10:10:04 AM4/3/23

Package: podman
Version: 4.3.1+ds1-6
Followup-For: Bug #1032990
X-Debbugs-Cc: mmar...@redhat.com

Dear Maintainer,

The original reproducer was not clear how important this failure is. It
efectively means that rootless podman is unusable on any system with
sssd.

This is easily reproducible by:
- Download newest image, e.g. https://cloud.debian.org/images/cloud/bullseye/daily/20230403-1339/debian-11-genericcloud-amd64-daily-20230403-1339.qcow2
- Install podman and sssd-tools and sssd-dbus. It works fine without sssd
- Login as 'admin' user
- podman pull debian

This command fails with:
ERRO[0004] While applying layer: ApplyLayer stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run podman-system-migrate: lchown /etc/gshadow: invalid argument exit status 1
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:3e440a7045683e27f8e2fa04000e0e078d8dfac0c971358ae0f8c65c13321c8e": ApplyLayer stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run podman-system-migrate: lchown /etc/gshadow: invalid argument exit status 1

It worked with some previos version. It is now broken, here is what has
changed since the working version:

Removed:
liblua5.3-0:amd64 (5.3.6-2)
libmpdec3:amd64 (2.5.1-2)
libossp-uuid-perl (1.6.2-1.5+b11)
libossp-uuid16:amd64 (1.6.2-1.5+b11)
linux-image-6.1.0-3-cloud-amd64 (6.1.8-1)
ncat (7.93+dfsg1-1)

Added:
libdigest-md5-file-perl (0.08-1.1)
libswitch-perl (2.17-3)
linux-image-6.1.0-7-cloud-amd64 (6.1.20-1)

Changed:
apparmor (3.0.8-2+b1 -> 3.0.8-3)
apt (2.5.6 -> 2.6.0)
apt-utils (2.5.6 -> 2.6.0)
autopoint (0.21-11 -> 0.21-12)
base-files (12.3 -> 12.4)
bind9-dnsutils (1:9.18.11-2 -> 1:9.18.12-1)
bind9-host (1:9.18.11-2 -> 1:9.18.12-1)
bind9-libs:amd64 (1:9.18.11-2 -> 1:9.18.12-1)
bsdextrautils (2.38.1-4 -> 2.38.1-5+b1)
bsdutils (1:2.38.1-4 -> 1:2.38.1-5+b1)
buildah (1.28.2+ds1-1+b1 -> 1.28.2+ds1-1+b2)
busybox (1:1.35.0-4+b1 -> 1:1.35.0-4+b2)
ca-certificates (20211016 -> 20230311)
cloud-initramfs-growroot (0.18.debian11 -> 0.18.debian12)
cockpit (284-1 -> 287-1)
cockpit-bridge (284-1 -> 287-1)
cockpit-system (284-1 -> 287-1)
cockpit-ws (284-1 -> 287-1)
conmon (2.1.3+ds1-1 -> 2.1.6+ds1-1)
containernetworking-plugins (1.1.1+ds1-3+b2 -> 1.1.1+ds1-3+b3)
cron (3.0pl1-156 -> 3.0pl1-162)
cron-daemon-common (3.0pl1-156 -> 3.0pl1-162)
crun (1.8-1 -> 1.8.1-1)
cryptsetup (2:2.6.1-1 -> 2:2.6.1-3~deb12u1)
cryptsetup-bin (2:2.6.1-1 -> 2:2.6.1-3~deb12u1)
curl (7.87.0-2 -> 7.88.1-7)
debian-archive-keyring (2021.1.1 -> 2023.2)
devscripts (2.22.2 -> 2.23.2)
dirmngr (2.2.40-1 -> 2.2.40-1.1)
distro-info-data (0.56 -> 0.57)
dpkg (1.21.20 -> 1.21.21)
dpkg-dev (1.21.20 -> 1.21.21)
eject (2.38.1-4 -> 2.38.1-5+b1)
fakeroot (1.29-1 -> 1.31-1.1)
fdisk (2.38.1-4 -> 2.38.1-5+b1)
fonts-dejavu-core (2.37-2 -> 2.37-6)
fuse3 (3.13.0-2 -> 3.14.0-2)
gawk (1:5.1.0-1 -> 1:5.2.1-2)
gdb (12.1-4+b1 -> 13.1-2)
gettext (0.21-11 -> 0.21-12)
gettext-base (0.21-11 -> 0.21-12)
git (1:2.39.1-0.1 -> 1:2.39.2-1.1)
git-man (1:2.39.1-0.1 -> 1:2.39.2-1.1)
glib-networking-common (2.74.0-2 -> 2.74.0-4)
glib-networking-services (2.74.0-2 -> 2.74.0-4)
glib-networking:amd64 (2.74.0-2 -> 2.74.0-4)
gnupg (2.2.40-1 -> 2.2.40-1.1)
gnupg-l10n (2.2.40-1 -> 2.2.40-1.1)
gnupg-utils (2.2.40-1 -> 2.2.40-1.1)
gnutls-bin (3.7.8-5 -> 3.7.9-1)
gpg (2.2.40-1 -> 2.2.40-1.1)
gpg-agent (2.2.40-1 -> 2.2.40-1.1)
gpg-wks-client (2.2.40-1 -> 2.2.40-1.1)
gpg-wks-server (2.2.40-1 -> 2.2.40-1.1)
gpgconf (2.2.40-1 -> 2.2.40-1.1)
gpgsm (2.2.40-1 -> 2.2.40-1.1)
gpgv (2.2.40-1 -> 2.2.40-1.1)
groff-base (1.22.4-9 -> 1.22.4-10)
gstreamer1.0-plugins-good:amd64 (1.22.0-4 -> 1.22.0-5)
gtk-update-icon-cache (3.24.36-3 -> 3.24.37-2)
intel-media-va-driver:amd64 (23.1.0+dfsg1-1 -> 23.1.1+dfsg1-1)
iproute2 (6.1.0-1 -> 6.1.0-2)
ipset (7.15-1+b1 -> 7.17-1)
iso-codes (4.12.0-1 -> 4.13.0-1)
klibc-utils (2.0.11-1 -> 2.0.12-1)
less (590-1.1 -> 590-1.2)
libann0 (1.1.2+doc-9 -> 1.1.2+doc-9+b1)
libaom3:amd64 (3.5.0-1 -> 3.6.0-1)
libapparmor1:amd64 (3.0.8-2+b1 -> 3.0.8-3)
libapt-pkg6.0:amd64 (2.5.6 -> 2.6.0)
libass9:amd64 (1:0.17.0-2 -> 1:0.17.1-1)
libavahi-client3:amd64 (0.8-8 -> 0.8-9)
libavahi-common-data:amd64 (0.8-8 -> 0.8-9)
libavahi-common3:amd64 (0.8-8 -> 0.8-9)
libavcodec59:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libavfilter8:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libavformat59:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libavutil57:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libblkid1:amd64 (2.38.1-4 -> 2.38.1-5+b1)
libc-ares2:amd64 (1.18.1-1+b2 -> 1.18.1-2)
libcolord2:amd64 (1.4.6-2.1 -> 1.4.6-2.2)
libcpanel-json-xs-perl:amd64 (4.32-1+b1 -> 4.35-1)
libcpupower1 (6.1.8-1 -> 6.1.20-1)
libcryptsetup12:amd64 (2:2.6.1-1 -> 2:2.6.1-3~deb12u1)
libcups2:amd64 (2.4.2-1+b2 -> 2.4.2-2)
libcurl3-gnutls:amd64 (7.87.0-2 -> 7.88.1-7)
libcurl4:amd64 (7.87.0-2 -> 7.88.1-7)
libdaxctl1:amd64 (75-1 -> 76.1-1)
libdpkg-perl (1.21.20 -> 1.21.21)
libdrm-amdgpu1:amd64 (2.4.114-1 -> 2.4.114-1+b1)
libdrm-intel1:amd64 (2.4.114-1 -> 2.4.114-1+b1)
libdrm-nouveau2:amd64 (2.4.114-1 -> 2.4.114-1+b1)
libdrm-radeon1:amd64 (2.4.114-1 -> 2.4.114-1+b1)
libdrm2:amd64 (2.4.114-1 -> 2.4.114-1+b1)
libduktape207:amd64 (2.7.0-1+b1 -> 2.7.0-2)
libegl-mesa0:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
libevent-2.1-7:amd64 (2.1.12-stable-5+b1 -> 2.1.12-stable-8)
libevent-core-2.1-7:amd64 (2.1.12-stable-5+b1 -> 2.1.12-stable-8)
libfakeroot:amd64 (1.29-1 -> 1.31-1.1)
libfdisk1:amd64 (2.38.1-4 -> 2.38.1-5+b1)
libfido2-1:amd64 (1.12.0-2 -> 1.12.0-2+b1)
libfuse2:amd64 (2.9.9-6 -> 2.9.9-6+b1)
libfuse3-3:amd64 (3.13.0-2 -> 3.14.0-2)
libgbm1:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
libgitlab-api-v4-perl (0.26-2 -> 0.26-3)
libgl1-mesa-dri:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
libglapi-mesa:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
libglib2.0-0-dbgsym:amd64 (2.74.5-1 -> 2.74.6-1)
libglib2.0-0:amd64 (2.74.5-1 -> 2.74.6-1)
libglib2.0-bin (2.74.5-1 -> 2.74.6-1)
libglib2.0-data (2.74.5-1 -> 2.74.6-1)
libglx-mesa0:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
libgnutls-dane0:amd64 (3.7.8-5 -> 3.7.9-1)
libgnutls30:amd64 (3.7.8-5 -> 3.7.9-1)
libgssapi-krb5-2:amd64 (1.20.1-1 -> 1.20.1-1+b1)
libgtk-3-0:amd64 (3.24.36-3 -> 3.24.37-2)
libgtk-3-bin (3.24.36-3 -> 3.24.37-2)
libgtk-3-common (3.24.36-3 -> 3.24.37-2)
libheif1:amd64 (1.14.2-1 -> 1.15.1-1)
libhtml-form-perl (6.10-1 -> 6.11-1)
libhttp-daemon-perl (6.14-2 -> 6.16-1)
libhwy1:amd64 (1.0.3-2 -> 1.0.3-3)
libiec61883-0:amd64 (1.2.0-6 -> 1.2.0-6+b1)
libio-socket-ssl-perl (2.078-1 -> 2.081-2)
libipa-hbac0 (2.8.1-2 -> 2.8.2-3)
libipset13:amd64 (7.15-1+b1 -> 7.17-1)
libk5crypto3:amd64 (1.20.1-1 -> 1.20.1-1+b1)
libklibc:amd64 (2.0.11-1 -> 2.0.12-1)
libkrb5-3:amd64 (1.20.1-1 -> 1.20.1-1+b1)
libkrb5support0:amd64 (1.20.1-1 -> 1.20.1-1+b1)
liblbfgsb0:amd64 (3.0+dfsg.3-11 -> 3.0+dfsg.4-1)
liblcms2-2:amd64 (2.14-1+b1 -> 2.14-2)
libldb2:amd64 (2:2.6.1+samba4.17.5+dfsg-2 -> 2:2.6.1+samba4.17.6+dfsg-1)
liblzma5:amd64 (5.4.1-0.1 -> 5.4.1-0.2)
libmariadb3:amd64 (1:10.6.11-2 -> 1:10.11.2-1)
libmount1:amd64 (2.38.1-4 -> 2.38.1-5+b1)
libndctl6:amd64 (75-1 -> 76.1-1)
libnghttp2-14:amd64 (1.51.0-1 -> 1.52.0-1)
libnss-myhostname:amd64 (252.5-2 -> 252.6-1)
libnss-mymachines:amd64 (252.5-2 -> 252.6-1)
libnss-sss:amd64 (2.8.1-2 -> 2.8.2-3)
libntfs-3g89:amd64 (1:2022.10.3-1 -> 1:2022.10.3-1+b1)
libopenmpt0:amd64 (0.6.8-1 -> 0.6.9-1)
libpam-sss:amd64 (2.8.1-2 -> 2.8.2-3)
libpam-systemd:amd64 (252.5-2 -> 252.6-1)
libpcp-archive1 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-gui2 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-import1 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-mmv1 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-pmda-perl (6.0.1-1+b1 -> 6.0.3-1)
libpcp-pmda3 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-trace2 (6.0.1-1+b1 -> 6.0.3-1)
libpcp-web1 (6.0.1-1+b1 -> 6.0.3-1)
libpcp3 (6.0.1-1+b1 -> 6.0.3-1)
libpfm4:amd64 (4.12.1+git6-g8aaaf17-1 -> 4.12.1+git12-g678bca9-1)
libphodav-3.0-0:amd64 (3.0-5 -> 3.0-8)
libphodav-3.0-common (3.0-5 -> 3.0-8)
libpostproc56:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libpq5:amd64 (15.2-1 -> 15.2-2)
libpsl5:amd64 (0.21.0-1.2 -> 0.21.2-1)
libpython3-all-dev:amd64 (3.11.1-3 -> 3.11.2-1)
libpython3-dev:amd64 (3.11.1-3 -> 3.11.2-1)
libpython3-stdlib:amd64 (3.11.1-3 -> 3.11.2-1)
libpython3.11-dev:amd64 (3.11.1-2 -> 3.11.2-6)
libpython3.11-minimal:amd64 (3.11.1-2 -> 3.11.2-6)
libpython3.11-stdlib:amd64 (3.11.1-2 -> 3.11.2-6)
libpython3.11:amd64 (3.11.1-2 -> 3.11.2-6)
librados2 (16.2.11+ds-1 -> 16.2.11+ds-2)
librbd1 (16.2.11+ds-1 -> 16.2.11+ds-2)
libsdl2-2.0-0:amd64 (2.26.2+dfsg-1 -> 2.26.4+dfsg-1)
libslang2:amd64 (2.3.3-2 -> 2.3.3-3)
libsmartcols1:amd64 (2.38.1-4 -> 2.38.1-5+b1)
libsmbclient:amd64 (2:4.17.5+dfsg-2 -> 2:4.17.6+dfsg-1)
libsnappy1v5:amd64 (1.1.9-2 -> 1.1.9-3)
libsndio7.0:amd64 (1.9.0-0.3+b1 -> 1.9.0-0.3+b2)
libsoap-lite-perl (1.27-2 -> 1.27-3)
libsoup-3.0-0:amd64 (3.2.2-1 -> 3.2.2-2)
libsoup-3.0-common (3.2.2-1 -> 3.2.2-2)
libsource-highlight4v5:amd64 (3.1.9-4.2+b2 -> 3.1.9-4.2+b3)
libsphinxbase3:amd64 (0.8+5prealpha+1-15+b1 -> 0.8+5prealpha+1-16)
libspice-client-glib-2.0-8:amd64 (0.41-2 -> 0.42-1)
libspice-client-gtk-3.0-5:amd64 (0.41-2 -> 0.42-1)
libsqlite3-0:amd64 (3.40.1-1 -> 3.40.1-2)
libsss-certmap0 (2.8.1-2 -> 2.8.2-3)
libsss-idmap0 (2.8.1-2 -> 2.8.2-3)
libsss-nss-idmap0 (2.8.1-2 -> 2.8.2-3)
libsubid4:amd64 (1:4.13+dfsg1-1 -> 1:4.13+dfsg1-1+b1)
libswresample4:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libswscale6:amd64 (7:5.1.2-2 -> 7:5.1.2-3)
libsystemd-shared:amd64 (252.5-2 -> 252.6-1)
libsystemd0:amd64 (252.5-2 -> 252.6-1)
libtag1v5-vanilla:amd64 (1.13-1 -> 1.13-2)
libtag1v5:amd64 (1.13-1 -> 1.13-2)
libtheora0:amd64 (1.1.1+dfsg.1-16.1 -> 1.1.1+dfsg.1-16.1+b1)
libtiff6:amd64 (4.5.0-4 -> 4.5.0-5)
libtpms0:amd64 (0.9.2-3+b1 -> 0.9.2-3.1)
libudev1:amd64 (252.5-2 -> 252.6-1)
libutempter0:amd64 (1.2.1-2 -> 1.2.1-3)
libuuid1:amd64 (2.38.1-4 -> 2.38.1-5+b1)
libv4l-0:amd64 (1.22.1-5+b1 -> 1.22.1-5+b2)
libv4lconvert0:amd64 (1.22.1-5+b1 -> 1.22.1-5+b2)
libvirt-clients (9.0.0-1 -> 9.0.0-2)
libvirt-daemon (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-config-network (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-config-nwfilter (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-driver-lxc (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-driver-qemu (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-driver-vbox (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-driver-xen (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-system (9.0.0-1 -> 9.0.0-2)
libvirt-daemon-system-systemd (9.0.0-1 -> 9.0.0-2)
libvirt-l10n (9.0.0-1 -> 9.0.0-2)
libvirt0-dbgsym:amd64 (9.0.0-1 -> 9.0.0-2)
libvirt0:amd64 (9.0.0-1 -> 9.0.0-2)
libvte-2.91-0:amd64 (0.70.2-2 -> 0.70.3-1)
libvte-2.91-common (0.70.2-2 -> 0.70.3-1)
libwbclient0:amd64 (2:4.17.5+dfsg-2 -> 2:4.17.6+dfsg-1)
libwww-mechanize-perl (2.15-1 -> 2.16-1)
libwww-perl (6.67-1 -> 6.68-1)
libx11-6:amd64 (2:1.8.3-3 -> 2:1.8.4-2)
libx11-data (2:1.8.3-3 -> 2:1.8.4-2)
libx11-xcb1:amd64 (2:1.8.3-3 -> 2:1.8.4-2)
libxencall1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxendevicemodel1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxenevtchn1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxenforeignmemory1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxengnttab1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxenhypfs1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxenmisc4.17:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxenstore4:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxentoolcore1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxentoollog1:amd64 (4.17.0+24-g2f8851c37f-2 -> 4.17.0+46-gaaf74a532c-1)
libxs-parse-keyword-perl (0.32-1 -> 0.33-1)
libyuv0:amd64 (0.0~git20230104.6e4b0ac-1 -> 0.0~git20230123.b2528b0-1)
libzstd1:amd64 (1.5.2+dfsg2-3 -> 1.5.4+dfsg2-3)
linux-cpupower (6.1.8-1 -> 6.1.20-1)
linux-image-cloud-amd64 (6.1.8-1 -> 6.1.20-1)
linux-libc-dev:amd64 (6.1.8-1 -> 6.1.20-1)
login (1:4.13+dfsg1-1 -> 1:4.13+dfsg1-1+b1)
ltrace (0.7.3-6.3 -> 0.7.3-6.4)
man-db (2.11.2-1 -> 2.11.2-2)
manpages (6.02-1 -> 6.03-1)
manpages-dev (6.02-1 -> 6.03-1)
mariadb-common (1:10.6.11-2 -> 1:10.11.2-1)
mdadm (4.2-4+b1 -> 4.2-5)
media-types (8.0.0 -> 10.0.0)
mesa-va-drivers:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
mesa-vdpau-drivers:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
mesa-vulkan-drivers:amd64 (22.3.3-1 -> 22.3.6-1+deb12u1)
mount (2.38.1-4 -> 2.38.1-5+b1)
mysql-common (5.8+1.0.8 -> 5.8+1.1.0)
ntfs-3g (1:2022.10.3-1 -> 1:2022.10.3-1+b1)
ovmf (2022.11-2 -> 2022.11-6)
passwd (1:4.13+dfsg1-1 -> 1:4.13+dfsg1-1+b1)
pci.ids (0.0~2023.01.26-1 -> 0.0~2023.02.23-1)
pcp (6.0.1-1+b1 -> 6.0.3-1)
pcp-conf (6.0.1-1+b1 -> 6.0.3-1)
podman (4.3.1+ds1-5+b2 -> 4.3.1+ds1-6)
python-apt-common (2.5.2 -> 2.5.3)
python3 (3.11.1-3 -> 3.11.2-1)
python3-all (3.11.1-3 -> 3.11.2-1)
python3-all-dev (3.11.1-3 -> 3.11.2-1)
python3-apt (2.5.2+b1 -> 2.5.3)
python3-bs4 (4.11.2-1 -> 4.11.2-2)
python3-cryptography (38.0.4-2 -> 38.0.4-3)
python3-dev (3.11.1-3 -> 3.11.2-1)
python3-distutils (3.10.8-1 -> 3.11.2-2)
python3-lib2to3 (3.10.8-1 -> 3.11.2-2)
python3-minimal (3.11.1-3 -> 3.11.2-1)
python3-pcp (6.0.1-1+b1 -> 6.0.3-1)
python3-pycurl (7.45.2-2+b1 -> 7.45.2-3)
python3-scipy (1.10.0-4 -> 1.10.1-2)
python3-setools (4.4.1-1 -> 4.4.1-2)
python3-sss (2.8.1-2 -> 2.8.2-3)
python3-tk:amd64 (3.10.8-1 -> 3.11.2-2)
python3.11 (3.11.1-2 -> 3.11.2-6)
python3.11-dev (3.11.1-2 -> 3.11.2-6)
python3.11-minimal (3.11.1-2 -> 3.11.2-6)
qemu-block-extra (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
qemu-system-common (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
qemu-system-data (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
qemu-system-gui (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
qemu-system-x86 (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
qemu-utils (1:7.2+dfsg-3 -> 1:7.2+dfsg-5)
rsyslog (8.2212.0-1 -> 8.2302.0-1)
samba-libs:amd64 (2:4.17.5+dfsg-2 -> 2:4.17.6+dfsg-1)
setools (4.4.1-1 -> 4.4.1-2)
shim-helpers-amd64-signed (1+15.4+7 -> 1+15.7+1)
shim-signed-common (1.38+15.4-7 -> 1.39+15.7-1)
shim-signed:amd64 (1.38+15.4-7 -> 1.39+15.7-1)
shim-unsigned (15.4-7 -> 15.7-1)
spice-client-glib-usb-acl-helper (0.41-2 -> 0.42-1)
sssd (2.8.1-2 -> 2.8.2-3)
sssd-ad (2.8.1-2 -> 2.8.2-3)
sssd-ad-common (2.8.1-2 -> 2.8.2-3)
sssd-common (2.8.1-2 -> 2.8.2-3)
sssd-dbus (2.8.1-2 -> 2.8.2-3)
sssd-ipa (2.8.1-2 -> 2.8.2-3)
sssd-krb5 (2.8.1-2 -> 2.8.2-3)
sssd-krb5-common (2.8.1-2 -> 2.8.2-3)
sssd-ldap (2.8.1-2 -> 2.8.2-3)
sssd-proxy (2.8.1-2 -> 2.8.2-3)
sssd-tools (2.8.1-2 -> 2.8.2-3)
sudo (1.9.12p2-1 -> 1.9.13p3-1)
systemd (252.5-2 -> 252.6-1)
systemd-container (252.5-2 -> 252.6-1)
systemd-coredump (252.5-2 -> 252.6-1)
systemd-sysv (252.5-2 -> 252.6-1)
systemd-timesyncd (252.5-2 -> 252.6-1)
traceroute (1:2.1.1-1 -> 1:2.1.2-1)
tuned (2.19.0-1 -> 2.20.0-1)
tzdata (2022g-5 -> 2022g-7)
udev (252.5-2 -> 252.6-1)
uidmap (1:4.13+dfsg1-1 -> 1:4.13+dfsg1-1+b1)
unzip (6.0-27 -> 6.0-28)
util-linux (2.38.1-4 -> 2.38.1-5+b1)
util-linux-extra (2.38.1-4 -> 2.38.1-5+b1)
uuid-runtime (2.38.1-4 -> 2.38.1-5+b1)
wpasupplicant (2:2.10-11 -> 2:2.10-12)
xz-utils (5.4.1-0.1 -> 5.4.1-0.2)
zstd (1.5.2+dfsg2-3 -> 1.5.4+dfsg2-3)
zutty (0.13.4.20230114+dfsg1-1 -> 0.14.0.20230218+dfsg1-1)

-- System Information:
Debian Release: 12.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-cloud-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii conmon 2.1.6+ds1-1
ii crun 1.8.1-1
ii golang-github-containers-common 0.50.1+ds1-4
ii libc6 2.36-8
ii libdevmapper1.02.1 2:1.02.185-2
ii libgpgme11 1.18.0-3+b1
ii libseccomp2 2.5.4-1+b3
ii libsubid4 1:4.13+dfsg1-1+b1

Versions of packages podman recommends:
ii buildah 1.28.2+ds1-1+b2
ii catatonit 0.1.7-1+b1
ii dbus-user-session 1.14.6-1
ii fuse-overlayfs 1.10-1
ii slirp4netns 1.2.0-1
ii uidmap 1:4.13+dfsg1-1+b1

Versions of packages podman suggests:
pn containers-storage <none>
pn docker-compose <none>
ii iptables 1.8.9-2

-- no debconf information

Martin Pitt

unread,

Apr 4, 2023, 12:00:04 PM4/4/23

Control: retitle -1 podman: user containers are completely broken with sssd: insufficient UIDs or GIDs available in user namespace

Matej Marusak [2023-04-03 14:00 +0000]:

> The original reproducer was not clear how important this failure is. It
> efectively means that rootless podman is unusable on any system with
> sssd.

Thanks Matej, retitling accordingly to make this easier to find. The original
title is too obscure.

Martin

Martin Pitt

unread,

Apr 4, 2023, 3:00:04 PM4/4/23

Control: reassign -1 sssd-common 2.8.2-3
Control: affects -1 podman
Control: retitle -1 sssd-common" subids nsswitch.conf entry breaks user sub[ug]ids
Control: severity -1 serious

Matej Marusak [2023-04-03 14:00 +0000]:

> This is easily reproducible by:
> - Download newest image, e.g. https://cloud.debian.org/images/cloud/bullseye/daily/20230403-1339/debian-11-genericcloud-amd64-daily-20230403-1339.qcow2
> - Install podman and sssd-tools and sssd-dbus. It works fine without sssd
> - Login as 'admin' user
> - podman pull debian
>
> This command fails with:
> ERRO[0004] While applying layer: ApplyLayer stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run podman-system-migrate: lchown /etc/gshadow: invalid argument exit status 1
> Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:3e440a7045683e27f8e2fa04000e0e078d8dfac0c971358ae0f8c65c13321c8e": ApplyLayer stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run podman-system-migrate: lchown /etc/gshadow: invalid argument exit status 1

Indeed this is a regression in sssd-common. Its postinst now does

| # Automatically added by dh_installnss/1.7
| if [ "$1" = "configure" ] && [ -f "${DPKG_ROOT}/etc/nsswitch.conf.nss.${DPKG_MAINTSCRIPT_PACKAGE}-will-install" ] && [ -e "${DPKG_ROOT}/etc/nsswitch.conf" ] ; then
| if ! grep -q -E -e '^subid:[^#]*\s(sss)(\s|#|$)' "${DPKG_ROOT}/etc/nsswitch.conf" ; then
| # Installing subid/sss from sssd-common in position last
| sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^subid:\s[^#]*$/ s/$/ sss/' -e '/^subid:\s.*#/ s/#/ sss #/'
| fi
| rm "${DPKG_ROOT}/etc/nsswitch.conf.nss.${DPKG_MAINTSCRIPT_PACKAGE}-will-install"
| fi

Which the previous version didn't do. This causes this entry in
/etc/nsswitch.conf:

subid: sss

... which is broken:

# getsubids admin
Error fetching ranges

It works with "subuid: files sss" or with dropping that line altogether, so
that it goes back to reading /etc/sub[ug]id:

# getsubids admin
0: admin 100000 65536

Either this postinst snippet forgets to add "files" or it forgets to systemctl
enable whichever service is supposed to respond to the "sss" service for
"subid".

Raising to RC, as this breaks unrelated software, and this change happened
during freeze already.

Thanks,

Martin

0 new messages