Share and learn in the Docker community.
I see in file
pkg/chrootarchive/archive_unix.go
this code:
func init() {
// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
// environment not in the chroot from untrusted files.
_, _ = user.Lookup("docker")
_, _ = net.LookupHost("localhost")
}
My question is why in init time docker daemon is require to do loopup to docker user, if in general AFAIK there is no such user in debian/Linux when installing the pkg?
Would you be so kind to provide a context?
Not everyone knows what you mean just by looking at a source code. Most of the users just use Docker but never care about the source code. So this is it:
I’m not a big go coder, but I believe the key is the comment. Since those calls do nothing with the returned value, it must be used only so some libraries are dynamically loaded which would bee needed later and it doesn’t matter what user it looks up, or whether it exists or not, so the developers used “docker” as it seemed obvious in the source code of Docker.
But this doesn’t seem to be executed when the daemon is started as the code is related to exporting the filesystem of a container.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.