提交 0333142e 编写于 作者: jia zhang's avatar jia zhang

rune/libenclave: Initialize nss libraries in Glibc

So that the dynamic libraries are loaded in the host. The fix refers
to https://github.com/moby/moby/pull/39612/commits/a316b10dab79d9298b02c7930958ed52e0ccf4e4Signed-off-by: jia zhang's avatarJia Zhang <zhang.jia@linux.alibaba.com>
上级 f822dc13
...@@ -3,6 +3,8 @@ package libenclave // import "github.com/opencontainers/runc/libenclave" ...@@ -3,6 +3,8 @@ package libenclave // import "github.com/opencontainers/runc/libenclave"
import ( import (
"github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libenclave/intelsgx" "github.com/opencontainers/runc/libenclave/intelsgx"
"net"
"os/user"
) )
var ( var (
...@@ -31,6 +33,11 @@ func IsEnclaveHwEnabled(etype string) bool { ...@@ -31,6 +33,11 @@ func IsEnclaveHwEnabled(etype string) bool {
} }
func init() { func init() {
// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
// environment not in the chroot from untrusted files.
_, _ = user.Lookup("")
_, _ = net.LookupHost("")
if intelsgx.IsSgxSupported() { if intelsgx.IsSgxSupported() {
enclaveHwType = configs.EnclaveHwIntelSgx enclaveHwType = configs.EnclaveHwIntelSgx
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册