Comment # 2 on bug 1207698 from 
(In reply to Christian Boltz from comment #1)
> OK, that means
> 
> /{etc,run,run/host,/usr/lib}/userdb/ r,
> /{etc,run,run/host,/usr/lib}/userdb/*.user r,
> 
> One question before I submit a patch: Are all files in these directories
> named *.user, or should reading more (or even all) files in these
> directories be allowed?

After checking systemd code and doc (see
https://www.freedesktop.org/software/systemd/man/nss-systemd.html ),

files allowed should be *.user, *.group, *.user-privileged, *.group-privileged,
as well as symlinks (same naming convention).

You are receiving this mail because: