From 0333142e218be687f7096ef20ce7d4a751f93108 Mon Sep 17 00:00:00 2001
From: Jia Zhang <zhang.jia@linux.alibaba.com>
Date: Mon, 29 Jun 2020 07:01:48 +0000
Subject: [PATCH] rune/libenclave: Initialize nss libraries in Glibc

So that the dynamic libraries are loaded in the host. The fix refers
to https://github.com/moby/moby/pull/39612/commits/a316b10dab79d9298b02c7930958ed52e0ccf4e4

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
 rune/libenclave/init.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/rune/libenclave/init.go b/rune/libenclave/init.go
index 9d6235b..dc7e14a 100644
--- a/rune/libenclave/init.go
+++ b/rune/libenclave/init.go
@@ -3,6 +3,8 @@ package libenclave // import "github.com/opencontainers/runc/libenclave"
 import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libenclave/intelsgx"
+	"net"
+	"os/user"
 )
 
 var (
@@ -31,6 +33,11 @@ func IsEnclaveHwEnabled(etype string) bool {
 }
 
 func init() {
+	// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
+	// environment not in the chroot from untrusted files.
+	_, _ = user.Lookup("")
+	_, _ = net.LookupHost("")
+
 	if intelsgx.IsSgxSupported() {
 		enclaveHwType = configs.EnclaveHwIntelSgx
 	}
-- 
GitLab