diff --git a/rune/libenclave/init.go b/rune/libenclave/init.go
index 9d6235b0bb108623ab2974dde23a3c229cde86b6..dc7e14abad1ac70c6162674580d1162ec4bb4f9c 100644
--- a/rune/libenclave/init.go
+++ b/rune/libenclave/init.go
@@ -3,6 +3,8 @@ package libenclave // import "github.com/opencontainers/runc/libenclave"
 import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libenclave/intelsgx"
+	"net"
+	"os/user"
 )
 
 var (
@@ -31,6 +33,11 @@ func IsEnclaveHwEnabled(etype string) bool {
 }
 
 func init() {
+	// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
+	// environment not in the chroot from untrusted files.
+	_, _ = user.Lookup("")
+	_, _ = net.LookupHost("")
+
 	if intelsgx.IsSgxSupported() {
 		enclaveHwType = configs.EnclaveHwIntelSgx
 	}