mirror of
https://github.com/Dasharo/systemd.git
synced 2026-03-06 15:02:31 -08:00
edd3d4d7c2
When starting a container with --user, the new uid will be resolved and switched to only in the inner child, at the end of the setup, by spawning getent. But the credentials are set up in the outer child, long before the user is resolvable, and the directories/files are made only readable by root and read-only, which means they cannot be changed later and made visible to the user. When this particular combination is specified, it is obvious the caller wants the single-process container to be able to use credentials, so make them world readable only in that specific case. Fixes https://github.com/systemd/systemd/issues/31794
115 KiB
115 KiB