[Rpm-maint] [PATCH] fix loading NSS libraries prior to chrooting

Panu Matilainen pmatilai at laiskiainen.org
Fri Apr 5 06:00:39 UTC 2013

On 04/04/2013 11:09 PM, Thierry Vignaud wrote:
> Hi
> rpm preloads NSS  libraries prior to chrooting in order to
> fix group lookup in the chroot (when installing in a chroot):
> lib/rpmrc.c-    /* Force preloading of dlopen()'ed libraries in case
> we go chrooting */
> lib/rpmrc.c:    (void) gethostbyname("localhost");
> However in some cases, this is not enough.
> See https://bugs.mageia.org/show_bug.cgi?id=9326
> Strace showed that in some case, it tries to load libnss*so
> after chrooting, way too late, resulting in borked installs.

Do you have a strace of such a situation still at hand / can you easily 
reproduce one? Just interested to see what's going on in such a case, 
not that I couldn't imagine things failing in some circumstances: for 
example if the system nsswitch.conf specifies hosts to come from a 
different source than passwd/group.

> The following patch makes rpm to really force preloading of
> dlopen()'ed libraries before chrooting
> Patches against master & rpm-4.11.x
> Please apply.

It probably should actually call getpwent() as well for full coverage 
against nsswitch.conf variants. And then the gethostbyname() call 
becomes unnecessary as we're not interested in hosts, the whole thing is 
nothing but a cheap trick that "works" most of the time.

However I seem to recall glibc caching the passwd and group contents, so 
if we force it to read passwd and group before chrooting, it might well 
end up using the values from the host system instead of what should go 
into the chroot. At the very least I'd think it should call endgrent() 
(and endpwent) as well.

	- Panu -

More information about the Rpm-maint mailing list