Skip to content

Commit b8b25ea

Browse files
YaSuenagYaSuenag
committed
Prevent dlopen() for CRIU in static link'ed binary
Signed-off-by: Yasumasa Suenaga <[email protected]>
1 parent 5ceb2a1 commit b8b25ea

File tree

3 files changed

+44
-13
lines changed

3 files changed

+44
-13
lines changed

nix/derivation.nix

+1-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ with pkgs; stdenv.mkDerivation {
3333
] ++ lib.optionals enableCriu [ criu ];
3434
configureFlags = [ "--enable-static" ] ++ lib.optional (!enableSystemd) [ "--disable-systemd" ];
3535
prePatch = ''
36-
export CFLAGS='-static -pthread'
36+
export CFLAGS='-static -pthread -DSTATIC'
3737
export LDFLAGS='-s -w -static-libgcc -static'
3838
export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"'
3939
export CRUN_LDFLAGS='-all-static'

nix/overlay.nix

+21-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,27 @@ let
33
in
44
self: super:
55
{
6-
criu = (static super.criu);
6+
protobufc = super.protobufc.overrideAttrs (x: {
7+
configureFlags = (x.configureFlags or [ ]) ++ [ "--enable-static" ];
8+
});
9+
libnl = super.libnl.overrideAttrs (x: {
10+
configureFlags = (x.configureFlags or [ ]) ++ [ "--enable-static" ];
11+
});
12+
libnet = super.libnet.overrideAttrs (x: {
13+
configureFlags = (x.configureFlags or [ ]) ++ [ "--enable-static" ];
14+
});
15+
criu = (static super.criu).overrideAttrs (x: {
16+
buildInputs = (x.buildInputs or []) ++ [
17+
super.protobuf
18+
super.protobufc
19+
super.libnl
20+
super.libnet
21+
];
22+
NIX_LDFLAGS = "${x.NIX_LDFLAGS or ""} -lprotobuf-c";
23+
buildPhase = ''
24+
make lib
25+
'';
26+
});
727
gpgme = (static super.gpgme);
828
libassuan = (static super.libassuan);
929
libgpgerror = (static super.libgpgerror);

src/libcrun/criu.c

+22-11
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@
3636
# include "cgroup.h"
3737
# include "cgroup-utils.h"
3838

39-
# include <dlfcn.h>
39+
# ifndef STATIC
40+
# include <dlfcn.h>
41+
# endif
4042

4143
# define CRIU_CHECKPOINT_LOG_FILE "dump.log"
4244
# define CRIU_RESTORE_LOG_FILE "restore.log"
@@ -105,8 +107,10 @@ cleanup_wrapper (void *p)
105107
if (*w == NULL)
106108
return;
107109

110+
# ifndef STATIC
108111
if ((*w)->handle)
109112
dlclose ((*w)->handle);
113+
# endif
110114
free (*w);
111115
libcriu_wrapper = NULL;
112116
}
@@ -118,20 +122,27 @@ load_wrapper (struct libcriu_wrapper_s **wrapper_out, libcrun_error_t *err)
118122
{
119123
cleanup_free struct libcriu_wrapper_s *wrapper = xmalloc0 (sizeof (*wrapper));
120124

121-
# define LOAD_CRIU_FUNCTION(X, ALLOW_NULL) \
122-
do \
123-
{ \
124-
wrapper->X = dlsym (wrapper->handle, #X); \
125-
if (! ALLOW_NULL && wrapper->X == NULL) \
126-
{ \
127-
dlclose (wrapper->handle); \
128-
return crun_make_error (err, 0, "could not find symbol `%s` in `libcriu.so`", #X); \
129-
} \
130-
} while (0)
125+
# ifdef STATIC
126+
# define LOAD_CRIU_FUNCTION(X, ALLOW_NULL) \
127+
wrapper->X = &X;
128+
# else
129+
# define LOAD_CRIU_FUNCTION(X, ALLOW_NULL) \
130+
do \
131+
{ \
132+
wrapper->X = dlsym (wrapper->handle, #X); \
133+
if (! ALLOW_NULL && wrapper->X == NULL) \
134+
{ \
135+
dlclose (wrapper->handle); \
136+
return crun_make_error (err, 0, "could not find symbol `%s` in `libcriu.so`", #X); \
137+
} \
138+
} while (0)
139+
# endif
131140

141+
# ifndef STATIC
132142
wrapper->handle = dlopen ("libcriu.so.2", RTLD_NOW);
133143
if (wrapper->handle == NULL)
134144
return crun_make_error (err, 0, "could not load `libcriu.so.2`");
145+
# endif
135146

136147
LOAD_CRIU_FUNCTION (criu_add_ext_mount, false);
137148
LOAD_CRIU_FUNCTION (criu_add_external, false);

0 commit comments

Comments
 (0)