From dadeec4205be95c849c8ae18e08f2621773317ff Mon Sep 17 00:00:00 2001 From: Gabriel Adrian Samfira Date: Wed, 18 Jan 2023 15:59:46 +0200 Subject: [PATCH] Disable chrootarchive.init() on Windows Disables user.Lookup() and net.LookupHost() in the init() function on Windows. Any package that simply imports pkg/chrootarchive will panic on Windows Nano Server, due to missing netapi32.dll. While docker itself is not meant to run on Nano Server, binaries that may import this package and run on Nano server, will fail even if they don't really use any of the functionality in this package while running on Nano. Conflicts: pkg/chrootarchive/archive_unix.go Signed-off-by: Gabriel Adrian Samfira (cherry picked from commit f49c88f1c429d9dd1459c08fc718cea6e2cb323c) Signed-off-by: Sebastiaan van Stijn --- pkg/chrootarchive/archive.go | 9 --------- pkg/chrootarchive/archive_unix.go | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/chrootarchive/archive.go b/pkg/chrootarchive/archive.go index 0620157df9..5745da9d1f 100644 --- a/pkg/chrootarchive/archive.go +++ b/pkg/chrootarchive/archive.go @@ -3,22 +3,13 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "fmt" "io" - "net" "os" - "os/user" "path/filepath" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/idtools" ) -func init() { - // initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host - // environment not in the chroot from untrusted files. - _, _ = user.Lookup("docker") - _, _ = net.LookupHost("localhost") -} - // NewArchiver returns a new Archiver which uses chrootarchive.Untar func NewArchiver(idMapping idtools.IdentityMapping) *archive.Archiver { return &archive.Archiver{ diff --git a/pkg/chrootarchive/archive_unix.go b/pkg/chrootarchive/archive_unix.go index b3a8ae1135..41ef12af72 100644 --- a/pkg/chrootarchive/archive_unix.go +++ b/pkg/chrootarchive/archive_unix.go @@ -9,7 +9,9 @@ import ( "flag" "fmt" "io" + "net" "os" + "os/user" "path/filepath" "runtime" "strings" @@ -19,6 +21,13 @@ import ( "github.com/pkg/errors" ) +func init() { + // initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host + // environment not in the chroot from untrusted files. + _, _ = user.Lookup("docker") + _, _ = net.LookupHost("localhost") +} + // untar is the entry-point for docker-untar on re-exec. This is not used on // Windows as it does not support chroot, hence no point sandboxing through // chroot and rexec.