Nixpkgs version
Please select a version.
Describe the bug
After upgrading to systemd 258.3, bisected to systemd/systemd#40674, systemd-nspawn can no longer spawn containers with a specific user because it tries to run getent from the host PATH.
Steps to reproduce
{
lib,
buildEnv,
writeShellScriptBin,
bashInteractive,
dockerTools,
writeTextDir,
systemd,
}:
let
uid = "1000";
gid = "100";
passwd = writeTextDir "etc/passwd" ''
root:x:0:0:root:/root:/bin/bash
repro:x:${uid}:${gid}:repro:/home/repro:/bin/bash
'';
rootfs = buildEnv {
name = "repro-rootfs";
paths = [
passwd
dockerTools.binSh
bashInteractive
];
};
in
writeShellScriptBin "reproducer" ''
sudo ${systemd}/bin/systemd-nspawn \
-D ${rootfs} \
--volatile=overlay \
--bind-ro=/nix/store \
--user=repro \
--as-pid2 \
/bin/bash -c 'id'
''Results in "Failed to resolve user repro."
This works on systemd 258.3 but not systemd 258.5, assuming getent is not in the host path.
Expected behaviour
Should always work and not depend on getent in the host path.
Screenshots
No response
Relevant log output
Additional context
No response
System metadata
- system:
"x86_64-linux"
- host os:
Linux 6.12.80, NixOS, 25.11 (Xantusia), 25.11.20260410.54170c5
- multi-user?:
yes
- sandbox:
yes
- version:
nix-env (Lix, like Nix) 2.94.1 System type: x86_64-linux Additional system types: i686-linux, x86_64-v1-linux, x86_64-v2-linux, x86_64-v3-linux Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /home/yorick/.config/nix/nix.conf:/etc/xdg/nix/nix.conf:/home/yorick/.nix-profile/etc/xdg/nix/nix.conf:/nix/profile/etc/xdg/nix/nix.conf:/home/yorick/.local/state/nix/profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/yorick/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/jd0ybmdzi1vg721zrrzr4s8i8kgk2as1-lix-2.94.1/share
- channels(yorick):
""
- channels(root):
""
- nixpkgs:
/nix/store/m5dr0w2wb9lca77ar3idab31szd6mix7-source
Notify maintainers
@nikstur
Note for maintainers: Please tag this issue in your pull request description. (i.e. Resolves #ISSUE.)
I assert that this issue is relevant for Nixpkgs
Is this issue important to you?
Add a 👍 reaction to issues you find important.
Nixpkgs version
Please select a version.
Describe the bug
After upgrading to systemd 258.3, bisected to systemd/systemd#40674, systemd-nspawn can no longer spawn containers with a specific user because it tries to run
getentfrom the host PATH.Steps to reproduce
Results in "Failed to resolve user repro."
This works on systemd 258.3 but not systemd 258.5, assuming
getentis not in the host path.Expected behaviour
Should always work and not depend on
getentin the host path.Screenshots
No response
Relevant log output
Additional context
No response
System metadata
"x86_64-linux"Linux 6.12.80, NixOS, 25.11 (Xantusia), 25.11.20260410.54170c5yesyesnix-env (Lix, like Nix) 2.94.1 System type: x86_64-linux Additional system types: i686-linux, x86_64-v1-linux, x86_64-v2-linux, x86_64-v3-linux Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /home/yorick/.config/nix/nix.conf:/etc/xdg/nix/nix.conf:/home/yorick/.nix-profile/etc/xdg/nix/nix.conf:/nix/profile/etc/xdg/nix/nix.conf:/home/yorick/.local/state/nix/profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/yorick/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/jd0ybmdzi1vg721zrrzr4s8i8kgk2as1-lix-2.94.1/share""""/nix/store/m5dr0w2wb9lca77ar3idab31szd6mix7-sourceNotify maintainers
@nikstur
Note for maintainers: Please tag this issue in your pull request description. (i.e.
Resolves #ISSUE.)I assert that this issue is relevant for Nixpkgs
Is this issue important to you?
Add a 👍 reaction to issues you find important.