[Haskell-cafe] Static executables in minimal Docker containers
Michael Snoyman
michael at snoyman.com
Tue Apr 14 06:25:22 UTC 2015
I have a bit more information about this. In particular: I'm able to
reproduce this using chroot (no Docker required), and it's reproducing with
a dynamically linked executable too. Steps I used to reproduce:
1. Write a minimal "foo.hs" containing `main = putStrLn "Hello World"`
2. Compile that executable and put it in an empty directory
3. Run `ldd` on it and copy all necessary libraries inside that directory
4. Run `sudo strace -o log.txt . /foo`
I've uploaded the logs to:
https://gist.github.com/snoyberg/095efb17e36acc1d6360
Note that, due to size of the output, I killed the process just a few
seconds after starting it, but when I let the output run much longer, I
didn't see any difference in the results. I'll continue poking at this a
bit, but most likely I'll open a GHC Trac ticket about it later today.
On Tue, Apr 14, 2015 at 12:39 AM Albert Y. C. Lai <trebla at vex.net> wrote:
> I wonder whether you already know the following, and whether it is
> relevant to begin with. (Plus, my knowledge is fairly sketchy.)
>
> Even though you statically link glibc, its code will, at run time,
> dlopen a certain part of glibc.
>
> Why: To provide a really uniform abstraction layer over user account
> queries, e.g., man 3 getpwnam, regardless of whether the accounts are
> from /etc/passwd, LDAP, or whatever.
>
> Therefore, during run time, glibc first reads some config files of the
> host to see what kind of user account database the host uses. If it's
> /etc/passwd, then dlopen the implementation of getpwnam and friends for
> /etc/passwd; else, if it's LDAP, then dlopen the implementation of
> getpwnam and friends for LDAP; etc etc.
>
> So that later when you call getpwnam, it will happen to "do the right
> thing".
>
> This demands the required *.so files to be accessible during run time.
> Moreoever, if you statically link glibc, this also demands the required
> *.so files to version-match the glibc you statically link.
>
> (It is the main reason why most people give up on statically linking
> glibc.)
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150414/306eb714/attachment.html>
More information about the Haskell-Cafe
mailing list