This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: dlmopen with RTLD_GLOBAL
- From: Florian Weimer <fweimer at redhat dot com>
- To: Elliott Slaughter <elliottslaughter at gmail dot com>
- Cc: libc-help at sourceware dot org
- Date: Tue, 4 Jul 2017 11:50:49 +0200
- Subject: Re: dlmopen with RTLD_GLOBAL
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 68CC07970B
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 68CC07970B
- References: <CAJ9X=kbxVUyf5DzZMPvkpTkehWEfeoirNNJcGMNb6Lvv98tHNA@mail.gmail.com> <fb221449-a68e-5aed-8b2d-815cc0fcad88@redhat.com> <CAJ9X=kZndr5kYoLUpp7-g+ffeCo-fXgSXEHLn1vEV=bgFnWX1Q@mail.gmail.com> <cb2ec4f8-91ac-d586-9888-b93619234259@redhat.com> <CAJ9X=kb6PKMe4aoxB=Psmp9nn5c3tyDh1qJqJYPSMTjzB35ADg@mail.gmail.com>
On 07/03/2017 08:37 PM, Elliott Slaughter wrote:
> On Mon, Jul 3, 2017 at 11:27 AM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 06/30/2017 11:52 PM, Elliott Slaughter wrote:
>>> main:
>>> dlmopen(LM_ID_NEWLM, "libpython2.7.so", RTLD_DEEPBIND | RTLD_LOCAL |
>>> RTLD_LAZY)
>>> from inside user Python script:
>>> import some_native_module
>>> this causes Python to execute the following (remember this is
>>> inside the new namespace):
>>> dlopen("some_native_module.so", ...)
>>>
>>> If RTLD_GLOBAL is an option with dlmopen, then the symbols can be
>>> exposed within the new namespace, and subsequent dlopen calls to
>>> shared objects that do not explicitly mention Python will succeed.
>>
>> What happens if you reload libpython2.7.so with RTLD_GLOBAL within the
>> namespace?
>
> I believe there is an outstanding bug for that:
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=18684
Oh. So there is no quick way to test what you are intending to do.
My hunch is that what you are trying to do will not give you reliable
interpreter isolation. I'd look at improving the Python support for
sub-interpreters, so that they won't need a global (per-process) lock
anymore (subject to a few additional conditions).
Thanks,
Florian