Issue: podman with "--userns=keep-id" failes.

Is there an existing issue for this?

[X] I have searched the existing issues and found none that matched mine

Describe the issue

Seems like the ownership for the filesystem get spoofed when using podman with "--userns=keep-id"

in the logfile i get aad_auth[7954]: nss_aad: database error: invalid ownership for /var/lib/aad/cache/passwd.db, expected 0:0 but got 65534:65534 where "7954" equals the PID of podman (non-root)

I can fix this by doing the following changes to nss/src/cache/mod.rs (line 369):

            // skip ownership check if detected owned by nobody.
            if stat.uid() != 65534 {
                // Checks ownership
                if stat.uid() != file.expected_uid || stat.gid() != file.expected_gid {
                    return Err(CacheError::DatabaseError(format!(
                        "invalid ownership for {}, expected {}:{} but got {}:{}",
                        file.path.to_str().unwrap(),
                        file.expected_uid,
                        file.expected_gid,
                        stat.uid(),
                        stat.gid()
                    )));
                }
            }

Steps to reproduce it

make sure you have subuid and subgid added for the entraid user in /etc/subuid and /etc/subgid. example: user@tenant.onmicrosoft.com:165536:65536
login with the entraid user.
run example: podman run --rm -it --userns=keep-id ubuntu:latest bash you will get error: Error: error creating temporary passwd file for container {CONTAINERID}: failed to get current user: user: unknown userid {USERID}

Ubuntu users: System information and logs

journalctl -f | grep "_aad" aad_auth[7954]: nss_aad: database error: invalid ownership for /var/lib/aad/cache/passwd.db, expected 0:0 but got 65534:65534

Non Ubuntu users: System information and logs

im using ubuntu

Relevant information

No response

Double check your logs

[X] I have redacted any sensitive information from the logs

ubuntu / aad-auth