Control: tag -1 + patch Control: forwarded -1 https://github.com/dex4er/fakechroot/issues/97
With the help of the glibc developer Adhemerval Zanella I managed to find a solution for this problem. The attached patch wraps __nss_files_fopen from glibc.
--- a/configure.ac +++ b/configure.ac @@ -165,6 +165,7 @@ AC_CHECK_FUNCS(m4_normalize([ __getwd_chk __lxstat __lxstat64 + __nss_files_fopen __open __open_2 __open64 --- /dev/null +++ b/src/__nss_files_fopen.c @@ -0,0 +1,60 @@ +/* + libfakechroot -- fake chroot environment + Copyright (c) 2010, 2013 Piotr Roszatycki <dex...@debian.org> + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + + +#include <config.h> + +/* + * Starting with glibc 2.32 the compat nss module for getpwnam calls + * __nss_files_fopen (which is a GLIBC_PRIVATE symbol provided by glibc) + * instead of fopen (see 299210c1fa67e2dfb564475986fce11cd33db9ad). This + * leads to getpwnam calls accessing /etc/passwd from *outside* the chroot + * and as a result programs like adduser do not work correctly anymore + * under fakechroot. + * + * Adhemerval Zanella (azanella) argued on IRC: + * + * > But another problem is the ship has sailed, so there are nss modules that + * > will bind to an external symbol. And there is not much we can do about + * > it. And since nss modules are most compat, I am not sure community will + * > be willing to move back. I think it will be better to add the interpose + * > logic of private symbols on fakechroot instead, it is ugly but it is + * > better than messing even more with the nss interface. + * + * Thus, instead of changing glibc, we instead wrap __nss_files_fopen. + * + */ +#ifdef HAVE___NSS_FILES_FOPEN + +#include <stdio.h> +#include "libfakechroot.h" + + +wrapper(__nss_files_fopen, FILE *, (const char * path)) +{ + char fakechroot_abspath[FAKECHROOT_PATH_MAX]; + char fakechroot_buf[FAKECHROOT_PATH_MAX]; + debug("__nss_files_fopen(\"%s\")", path); + expand_chroot_path(path); + return nextcall(__nss_files_fopen)(path); +} + +#else +typedef int empty_translation_unit; +#endif --- a/src/Makefile.am +++ b/src/Makefile.am @@ -7,6 +7,7 @@ libfakechroot_la_SOURCES = \ __lxstat.c \ __lxstat64.c \ __lxstat64.h \ + __nss_files_fopen.c \ __open.c \ __open64.c \ __open64_2.c \
signature.asc
Description: signature