On Sat, Feb 24, 2001 at 03:10:13PM -0500, Hank Leininger wrote:
> > > Can somebody give any pointers why gethostbyname might be failing
> > > (it works fine w/out the chroot).
>
> > If this is glibc-2.1+, then its NSS uses dynamic linking even when
> > you statically-link the binary against libc. You probably need to
> > copy /lib/libnss_dns{-2.*.so,.so.2} into the chroot jail as well.
>
> Yup (actually I thought glibc-2.0.x had the same issue). Issues I've had
> with that are, libnss_*.so themselves apparently want to find a
> dynamically-linked libc.so available, so just putting them in the jail with
> a statically linked binary may still not work until you copy libc over
> too... :(

Doesn't happen for me (postfix, named 4.9.8-ow1 on glibc 2.1.3).

> Or, you can rebuild glibc with --enable-static-nss then you will have
> libnss_*.a files (as well as the .so's) so that they can be statically
> linked in when building a static binary. Unfortunately I don't know of any
> distros which do this (I believe the Slackware folks are or will be
> shipping libnss*.a in slackware-current, but not in a release version yet).
> Hrm, Solar something for Openwall? :-P

(You probably meant our distribution, Owl.)

Unfortunately, this not only enables the building of *.a's, but also
defeats the purpose of NSS and requires that the *.a's be listed
explicitly when statically-linking (this may require changes to some
existing Makefile's). This is explained in the glibc FAQ.

Something the FAQ entry doesn't say, is whether building glibc in
this way will cause NSS to not work in dynamically-linked programs as
well. Does anyone on this list know the answer?

If this allows for static linking at the cost of only breaking a few
Makefile's which use static linking, then this may be acceptable.

-- 
/sd

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]