From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 623FD398D043; Wed, 10 Feb 2021 08:19:18 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 623FD398D043 From: "sjon at hortensius dot net" To: glibc-bugs@sourceware.org Subject: [Bug network/27389] New: getaddrinfo in chroot broken by added dlopen block Date: Wed, 10 Feb 2021 08:19:18 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Version: 2.33 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sjon at hortensius dot net X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2021 08:19:18 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27389 Bug ID: 27389 Summary: getaddrinfo in chroot broken by added dlopen block Product: glibc Version: 2.33 Status: UNCONFIRMED Severity: normal Priority: P2 Component: network Assignee: unassigned at sourceware dot org Reporter: sjon at hortensius dot net Target Milestone: --- I have an issue that I suspect is caused by a recent glibc change, but I haven't 100% ruled out another cause, so this report might be bogus. I use PHP-FPM [1] with chroots enabled. Since upgrading glibc, name resolvi= ng (via DNS) fails with "getaddrinfo failed: System error" in my chroot and I'm pretty sure it is caused by the recently added "Block attempts to dlopen any module we haven't already opened" [2] What seems to happen is that the PHP-FPM master process only loads libnss_files.so.2 and libnss_systemd.so.2 because it uses that to resolve t= he username (it matches nsswitch which contains: "passwd: files systemd") If any of the FPM workers then attempts to perform dns resolving, that fails because libnss_dns.so.2 has not been loaded yet (even though I made it available in the chroot), and due to the recent change, it won't be loaded either. I have confirmed I can "fix" it by forcing the fpm master to load the dns module by modifying nsswitch.conf outside of the chroot to contains "passwd: dns files systemd", this fixes it 1. https://www.php.net/manual/en/install.fpm.php 2. https://github.com/bminor/glibc/commit/429029a73ec2dba7f808f69ec8b9e3d84e13= e804#diff-9305f1992144bc8c923a840d44827642f1c3f57e3df85a69357fff2fe7370fb8R= 352 --=20 You are receiving this mail because: You are on the CC list for the bug.=