/etc/nsswitch.conf lacks mdns name resolution settings

[dsvensson]

Seems like lookup via zeroconf is not enabled in the sandbox, not sure if this is the repo for this, but it's my best guess. What I expect to see in /etc/nsswitch.conf is something similar to that of F22:

hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname

And I guess this will require http://0pointer.de/lennart/projects/nss-mdns/?

[alexlarsson]

Hmm, nss support in general is a bit tricky. Like, do we want to pick up a ldap or sssd server configured in nsswitch.conf outside the sandbox?

I' m not 100% everyone wants zeroconf enabled either, so do we want to always enable it?

[dsvensson]

Both OS X, Debian, Ubuntu, Fedora have zeroconf lookups enabled by default, so that's pretty close to 100% already for regular applications (well.. not considering Wintendo, not sure how it works there). The alternative is ofc to do the resolution in the application, normally via avahi on Linux which is the platform here. In my case I'm using my own mdns implementation since I would have to have to depend on different libraries on different platforms otherwise, it's mostly out of laziness I haven't implemented support for exposing the IPv4/IPv6-addresses via the APIs, the records are there, so perhaps I should just do that and we can close this issue. Still, I think that it's such a ubiquitous feature these days and I'm sure you will come across other applications that would want mdns based name resolution in the future. At least one example on the top of my head is Vinagre, by not having mdns based name resolution you will have to press find, rather than just entering the name of the target, but maybe it's a flaw in Vinagre that it doesn't try to resolve any non-found domain via avahi as a fallback method, guess it depends on what your views are of what constitutes a platform.

[alexlarsson]

Yeah, I think having zeroconf is probably safe (its not like apps couldn't do it themselves anyway) and I got it on my todo list. But in general the nss configuration is a complex thing. If the site has e.g. sssd set up we should probably bind mount the sssd socket in there and make the app use that (if the app is allowed).

[dsvensson]

On a side note, where does nsswitch.conf come from in my sandbox? Anywhere from this git repo, or somewhere else?

[alexlarsson]

It comes from the yocto base.

[dsvensson]

Getting really OT, but somewhat related as it touches the subject of local services, perhaps it would be valuable with something like --allow=internet mode, that doesn't have access to reserved private networks, like I want some app to access Facebook, but not my NAS, nor my TV.