Support subid delegation via /etc/nsswitch.conf (!222) · Merge requests · Debian / sbuild

newuidmap / newgidmap consult /etc/nsswitch.conf to decide where to get information on allowed sbuids from. The /etc/subuid and /etc/subgid files are only used if the subid filed in /etc/nsswitch.conf is either unset or set to files (see subuid(5)). Otherwise the information is retrived by calling some function in a shared object file derived from the subid value in /etc/nsswitch.conf.

This will use the getsubids command to retrieve the subids that will also be used by newuidmap/newgidmap.

This does not create an additional package dependency as getsubids is included in the uidmap package, as is newuidmap / newgidmap.

Alternatives:

do ffi in perl to load and call the libsubid plugin

Test Plan: build a package with sbuild on a systems with subids managed by files and sssd using unshare mode.

Edited Jan 07, 2026 by Tobias Wiese

Support subid delegation via /etc/nsswitch.conf

Merge request reports