Comment # 23 on bug 1160995 from Fabian Vogt

I assume any use of NIS spawns a thread which keeps running in the background,
which complicates things.

It dies because of a FD leak, leading to open failing with EMFILE and
eventually a crash.

open("/var/yp/binding/ddi.3", O_RDONLY|O_CLOEXEC) = 37
fstat(37, {st_mode=S_IFREG|0644, st_size=144, ...}) = 0
read(37, "\0\0\0\1\0\0\0\3udp\0\0\0\0\1\0\0\0\1\0\0\0\4inet\0\0\0\3"..., 4096)
= 144
open("/etc/services", O_RDONLY|O_CLOEXEC) = 38
...
close(38)                               = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 38
...
close(38)                               = 0
socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP) = -1 EPERM (Operation not permitted)
open("/etc/services", O_RDONLY|O_CLOEXEC) = 38
...
close(38)                               = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 38
...
close(38)                               = 0
open("/var/yp/binding/ddi.3", O_RDONLY|O_CLOEXEC) = 38

The fd 37 is never closed.

@kukuk: Which library causes those open calls and why?
kscreenlocker_greet does basically this:

getpwuid(geteuid());
seccomp(...); // Block open(..., O_WRONLY), socket(...), etc. 
getaddrinfo(...); // If something tries to access the network, has to be
blocked

Is this something which libnss_nis can't deal with by design or would it be
enough to fix the fd leak in whatever library causes it (libtirpc)?