[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libnss-db and /usr/lib/* libraries

On Fri, Aug 12, 2005 at 11:07:09AM -0300, Henrique de Moraes Holschuh wrote:

>   2. any dynamic libraries needed are in /lib, and *all* of them use 
>      versioned symbols

Look at the earlier discussions about libnss-ldap. You'd quickly find
half of /usr/lib being moved to /lib. I do not think this is desirable...

> Otherwise you have a critical bug in the system, waiting to happen.

No. You have a configuration problem. Just document that if you are
using bash as /bin/sh, then the only NSS modules you can use safely
during shutdown are the ones supplied by glibc (that means files, dns,
nis, nisplus, hesiod and compat).

Any other NSS modules will likely to cause trouble during shutdown if
bash is in the picture.

> If you can't get all of the above to be true, it is time to remove that
> particular libnss module from Debian.

No, it's just time to realize the consequences and special requirements
of complex NSS setups.

> libnss modules are *extremely* critical to the system.  They are implicitly
> linked to *EVERY* running binnary that is linked against libc (instead of,
> say, dietlibc).

Yep, and that means they pose special configuratuion requirements for
the system (like avoiding using bash as /bin/sh).


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: