[Bug 1774417] Re: systemd-logind: do_ypcall: clnt_call: RPC: Unable to send; errno = Operation not permitted

Dimitri John Ledkov launchpad at surgut.co.uk
Thu May 31 14:06:51 UTC 2018 

Well, on Ubuntu we do not have nss-nis package.

As libnss_nis is shipped in libc6, and thus available everywhere. Thus
adding a depends or a drop-in is a non-starter as well it would be
installed by default everywhere.

I'm not sure if we can somehow detect that it was enabled, and require
nscd installation at that point.

I'd rather not unsandbox logind.

** Also affects: glibc (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: nis (Ubuntu)
   Importance: Undecided
       Status: New

** No longer affects: glibc (Ubuntu)

** Bug watch added: Debian Bug tracker #878625
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878625

** Also affects: nis (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878625
   Importance: Unknown
       Status: Unknown

** Changed in: systemd (Ubuntu)
       Status: New => Won't Fix

** Changed in: nis (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1774417

Title:
  systemd-logind: do_ypcall: clnt_call: RPC: Unable to send; errno =
  Operation not permitted

Status in nis package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Won't Fix
Status in nis package in Debian:
  Unknown

Bug description:
  See upstream bug report 7074 (systemd-logind's IP sandbox breaks nss-
  nis and suchlike) [1]. Logging in takes a long time.

      May 30 13:26:25 ubuntu1804 systemd-logind[2993]: do_ypcall: clnt_call: RPC: Unable to send; errno = Operation not permitted
      May 30 13:26:50 ubuntu1804 sshd[3446]: pam_systemd(sshd:session): Failed to create session: Connection timed out

  Conclusion:

  > Please ask your downstream distribution to either:
  > 
  > 1.  include a systemd-logind.service.d/ snippet in your nss-nis package that turns off the IP firewalling logic for logind
  > 2.  or patching systemd-logind.service for everybody to disable it distro-wide (which I'd really not recommend though, compromising the security for everybody just because for compat of a nowadays pretty niche nss module that does some very questionnable things doesn't sound like the best way out to me)

  
  [1] https://github.com/systemd/systemd/issues/7074

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nis/+bug/1774417/+subscriptions

More information about the foundations-bugs mailing list