From 6e32c03ed87e5dfd3857013e909e48b5e61564c1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Aug 2016 00:35:05 +0200
Subject: [PATCH] nss-mymachines: avoid connecting to dbus from inside
 dbus-daemon

Inspired from the new logic in nss-systemd let's make sure we don't end up
deadlocking in nss-mymachines either in case dbus-daemon tries to a look up a
name and we want to connect to the bus.

This case is much simpler though, as there's no point in resolving virtual
machine UIDs by dbus-daemon as those should never be able to connect to the
host's busses.
---
 src/nss-mymachines/nss-mymachines.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c
index 8d57b26cbc..895f61c462 100644
--- a/src/nss-mymachines/nss-mymachines.c
+++ b/src/nss-mymachines/nss-mymachines.c
@@ -25,6 +25,7 @@
 
 #include "alloc-util.h"
 #include "bus-common-errors.h"
+#include "env-util.h"
 #include "hostname-util.h"
 #include "in-addr-util.h"
 #include "macro.h"
@@ -434,6 +435,12 @@ enum nss_status _nss_mymachines_getpwnam_r(
         if (!machine_name_is_valid(machine))
                 goto not_found;
 
+        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+                /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
+                 * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
+                 * running on the host. */
+                goto not_found;
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -514,6 +521,9 @@ enum nss_status _nss_mymachines_getpwuid_r(
         if (uid < HOST_UID_LIMIT)
                 goto not_found;
 
+        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+                goto not_found;
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -605,6 +615,9 @@ enum nss_status _nss_mymachines_getgrnam_r(
         if (!machine_name_is_valid(machine))
                 goto not_found;
 
+        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+                goto not_found;
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;
@@ -682,6 +695,9 @@ enum nss_status _nss_mymachines_getgrgid_r(
         if (gid < HOST_GID_LIMIT)
                 goto not_found;
 
+        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0)
+                goto not_found;
+
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 goto fail;