client: protect user lookups with global lock (#14742)

* client: protect user lookups with global lock This PR updates Nomad client to always do user lookups while holding a global process lock. This is to prevent concurrency unsafe implementations of NSS, but still enabling NSS lookups of users (i.e. cannot not use osusergo). * cl: add cl
2026-01-06 18:35:44 +03:00 · 2022-09-29 09:30:13 -05:00
parent 0eb711925e
commit e4e5bc5cef
8 changed files with 105 additions and 16 deletions
--- a/client/allocrunner/taskrunner/template/template_test.go
+++ b/client/allocrunner/taskrunner/template/template_test.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"os/user"
 	"path/filepath"
 	"reflect"
 	"regexp"
@@ -28,6 +27,7 @@ import (
 	clienttestutil "github.com/hashicorp/nomad/client/testutil"
 	"github.com/hashicorp/nomad/helper/pointer"
 	"github.com/hashicorp/nomad/helper/testlog"
+	"github.com/hashicorp/nomad/helper/users"
 	"github.com/hashicorp/nomad/helper/uuid"
 	"github.com/hashicorp/nomad/nomad/mock"
 	"github.com/hashicorp/nomad/nomad/structs"
@@ -2391,10 +2391,10 @@ func TestTaskTemplateManager_writeToFile(t *testing.T) {

 	ci.Parallel(t)

-	cu, err := user.Current()
+	cu, err := users.Current()
 	require.NoError(t, err)

-	cg, err := user.LookupGroupId(cu.Gid)
+	cg, err := users.LookupGroupId(cu.Gid)
 	require.NoError(t, err)

 	file := "my.tmpl"