On Demand File Access Problem

Many software libraries access common configuration files on demand (“lazily”), when they are first needed, rather than at program startup.

For instance, only when a program does a hostname lookup, the glibc will start looking up the configuration files required for that lookup.

This saves work for many programs that do not need these features. However, if a program does need these features, it means that these file accesses potentially happen late during execution, after the Landlock policy is already enabled.

This problem affects a variety of files in /etc, such as

• /etc/hosts
• /etc/resolv.conf

Workaround: Enforce lazy access early, before enabling Landlock. For instance, use gethostbyname() with a dummy hostname lookup once to make sure that the glibc has loaded /etc/hosts.

Workaround 2: Give wide enough read access to all necessary config files, under the assumption that their contents are not a secret.

Real solution: It would be better if the glibc and other low level libraries would provide strong guarantees so we can reason about the time when those config files get accessed.

Any glibc developers reading this? :)