This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Statically linked binary & NSS


>>>>> Lionel Cons writes:

 > I would like to create a statically linked binary but it seems that
 > the -static flag is not enough. The problem seems to come from glibc
 > dynamically loading some libnss_* libraries, depending on the contents
 > of /etc/nsswitch.conf.

 > ...
 > open("/etc/nsswitch.conf", O_RDONLY)    = 3
 > ...
 > open("/lib/libnss_files.so.1", O_RDONLY) = 3

 > And this fails in a chroot jail:
So just copy those files into you chroot environment!

 > # mkdir -p /tmp/jail/etc
 > # cp /etc/passwd /tmp/jail/etc
 > # cp /etc/nsswitch.conf /tmp/jail/etc
 > # cp test /tmp/jail
 > # chroot /tmp/jail /test
 > no root!
 > # strace chroot /tmp/jail /test
 > ...
 > open("/etc/nsswitch.conf", O_RDONLY)    = 3
 > ...
 > open("/lib/libnss_files.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
 > ...

 > So, how can I create a really static binary? Are there some other
 > libraries dynamically loading files like this?
No, libnss_* are the only ones used.

 > If this matters, I'm using Red Hat 5.1, glibc 2.0.7 and egcs 1.1.

You're lucky that you're running Linux and not Solaris.  Under Solaris 
(which also uses NSS) it's impossible to link static at all.  With
glibc you're linking static programs which are not really static.

glibc 2.1 will contain a solution.  But I don't encourage you to use
it;-).  I'm appending a FAQ entry from 2.1 for the details.  Please
note that 2.1 isn't released yet, only test releases are available.

Andreas


2.22.	Even statically linked programs need some shared libraries
	which is not acceptable for me.  What can I do?

{AJ} NSS (for details just type `info libc "Name Service Switch"') won't
work properly without shared libraries.  NSS allows using different services
(e.g. NIS, files, db, hesiod) by just changing one configuration file
(/etc/nsswitch.conf) without relinking any programs.  The only disadvantage
is that now static libraries need to access shared libraries.  This is
handled transparently by the GNU C library.

A solution is to configure glibc with --enable-static-nss.  In this case you
can create a static binary that will use only the services dns and files
(change /etc/nsswitch.conf for this).  You need to link explicitly against
all these services. For example:

  gcc -static test-netdb.c -o test-netdb.c \
    -lc -lnss_files -lnss_dns -lresolv

The problem with this approach is that you've got to link every static
program that uses NSS routines with all those libraries.

{UD} In fact, one cannot say anymore that a libc compiled with this
option is using NSS.  There is no switch anymore.  Therefore it is
*highly* recommended *not* to use --enable-static-nss since this makes
the behaviour of the programs on the system inconsistent.




-- 
 Andreas Jaeger   aj@arthur.rhein-neckar.de    jaeger@informatik.uni-kl.de
  for pgp-key finger ajaeger@aixd1.rhrk.uni-kl.de


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]