[PATCH] Initialize nss libraries in Glibc so that the dynamic libraries are loaded...

author Justin Cormack <justin.cormack@docker.com>

Thu, 25 Jul 2019 14:24:39 +0000 (15:24 +0100)

committer Felix Geyer <fgeyer@debian.org>

Sun, 21 Feb 2021 17:18:35 +0000 (17:18 +0000)
author Justin Cormack <justin.cormack@docker.com>
Thu, 25 Jul 2019 14:24:39 +0000 (15:24 +0100)
committer Felix Geyer <fgeyer@debian.org>
Sun, 21 Feb 2021 17:18:35 +0000 (17:18 +0000)
diff --git a/engine/pkg/chrootarchive/archive.go b/engine/pkg/chrootarchive/archive.go

index 6ff61e6a767af105d6584b4e5c60f75ed59f747b..83ed0c6b2feb7e77d0b4716b04c75a6dea75e5a8 100644 (file)
--- a/engine/pkg/chrootarchive/archive.go
+++ b/engine/pkg/chrootarchive/archive.go
@@ -4,13 +4,22 @@ import (
         "fmt"
         "io"
         "io/ioutil"
+       "net"
         "os"
+       "os/user"
         "path/filepath"
  
         "github.com/docker/docker/pkg/archive"
         "github.com/docker/docker/pkg/idtools"
  )
  
+func init() {
+       // initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
+       // environment not in the chroot from untrusted files.
+       _, _ = user.Lookup("docker")
+       _, _ = net.LookupHost("localhost")
+}
+
  // NewArchiver returns a new Archiver which uses chrootarchive.Untar
  func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
         if idMapping == nil {
author	Justin Cormack <justin.cormack@docker.com>
	Thu, 25 Jul 2019 14:24:39 +0000 (15:24 +0100)
committer	Felix Geyer <fgeyer@debian.org>
	Sun, 21 Feb 2021 17:18:35 +0000 (17:18 +0000)