On Срд, 13 жні 2025, Thomas Boroske via FreeIPA-users wrote:
On 2025-08-13 08:28, Alexander Bokovoy wrote:
What does strace tell when you run getsubids?
$ strace -e trace=file getsubids dockeruser
This is the outpput
execve("/usr/bin/getsubids", ["getsubids", "dockeruser"],
0x7ffd7ee20628 /* 13 vars */) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (Datei oder
Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=124575, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsubid.so.4",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=158128, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libaudit.so.1",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=128952, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libselinux.so.1",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=174312, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsemanage.so.2",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=270424, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libcrypt.so.1",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=206776, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpam.so.0",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=67584, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpam_misc.so.0",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=14432, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libcap-ng.so.0",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=30704, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpcre2-8.so.0",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=629384, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsepol.so.2",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=764192, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libbz2.so.1.0",
O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=74688, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY) = 3
statfs("/sys/fs/selinux", 0x7ffe551b5750) = -1 ENOENT (Datei oder
Verzeichnis nicht gefunden)
statfs("/selinux", 0x7ffe551b5750) = -1 ENOENT (Datei oder
Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0444, st_size=0, ...},
AT_EMPTY_PATH) = 0
access("/etc/selinux/config", F_OK) = -1 ENOENT (Datei oder
Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY) = 3
Here where libsubid.so was supposed to parse /etc/nsswitch.conf to
find 'subid: sss' entry. It clearly didn't parse it as expected because
it switches to use the internal (/etc/subuid + /etc/subgid) implementation.
Can you attach your nsswitch.conf?
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=637, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/etc/subuid",
O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=21, ...},
AT_EMPTY_PATH) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644,
st_size=637, ...}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...},
0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=637, ...},
AT_EMPTY_PATH) = 0
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=637, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=2661, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=124575, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_systemd.so.2",
O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=325904, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libcap.so.2",
O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=47288, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6",
O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=911904, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/run/systemd/userdb/",
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=60, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/proc/sys/kernel/random/boot_id",
O_RDONLY|O_NOCTTY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "etc", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=12288, ...},
AT_EMPTY_PATH) = 0
openat(5, "userdb", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "run", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=1220, ...},
AT_EMPTY_PATH) = 0
openat(5, "userdb", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "run", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=1220, ...},
AT_EMPTY_PATH) = 0
openat(5, "host", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "usr", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(5, "local", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(4, "lib", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(5, "userdb", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "usr", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(5, "lib", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(4, "userdb", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/", O_RDONLY|O_CLOEXEC|O_PATH|O_DIRECTORY) = 4
openat(4, "lib", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFLNK|0777, st_size=7, ...},
AT_EMPTY_PATH) = 0
readlinkat(4, "lib", "usr/lib", 4096) = 7
openat(4, "usr", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(5, "lib", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=4096, ...},
AT_EMPTY_PATH) = 0
openat(4, "userdb", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = -1 ENOENT
(Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/etc/userdb/dockeruser.user", O_RDONLY|O_CLOEXEC) =
-1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/run/userdb/dockeruser.user", O_RDONLY|O_CLOEXEC) =
-1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/run/host/userdb/dockeruser.user",
O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht
gefunden)
openat(AT_FDCWD, "/usr/local/lib/userdb/dockeruser.user",
O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht
gefunden)
openat(AT_FDCWD, "/usr/lib/userdb/dockeruser.user",
O_RDONLY|O_CLOEXEC) = -1 ENOENT (Datei oder Verzeichnis nicht
gefunden)
openat(AT_FDCWD, "/lib/userdb/dockeruser.user", O_RDONLY|O_CLOEXEC) =
-1 ENOENT (Datei oder Verzeichnis nicht gefunden)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=124575, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_sss.so.2",
O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=47872, ...},
AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = 4
newfstatat(4, "", {st_mode=S_IFREG|0664, st_size=9253600, ...},
AT_EMPTY_PATH) = 0
newfstatat(4, "", {st_mode=S_IFREG|0664, st_size=9253600, ...},
AT_EMPTY_PATH) = 0
Error fetching ranges
+++ exited with 1 +++
--
Dipl. Inf. Thomas Boroske
Institut für Datentechnik und Kommunikationsnetze
TU Braunschweig
Hans-Sommer-Str. 66, D-38106 Braunschweig, Germany
www.ida.ing.tu-bs.de
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
