[tor-dev] Docker containers to run tor with multiple glibc versions
Daniel Pinto
danielpinto52 at gmail.com
Wed Jul 1 00:48:35 UTC 2020
Hello,
I've been investigating some bugs related to the seccomp sandbox. While
doing this, I've developed some docker containers that can run tor with
different versions of glibc. As this might be useful for future
problems, I wanted to share them.
You can find the containers in my github repository:
https://github.com/Jigsaw52/docker-containers-glibc-tor
I've created containers for the currently supported versions of Ubuntu
and Debian. Each container builds the glibc versions with which I was
able to start the tor built on that container. They also download and
build tor from the current master branch and create a test torrc which
enables Sandbox and %includes folders and files in the home folder of
user user. There is also a container for alpine to test tor with musl libc.
To run a program with a specific version of glibc, use the command:
run_with_glibc <GLIBC_VERSION> <PROGRAM_PATH> [<ARGS>]
You can see which glibc versions are installed in /opt/ or in the
dockerfile. On the root user home folder, you will find a script
install_glibc.sh that will download and build the glibc versions passed
as arguments. The script supports glibc 2.13 and above. If you need to
build versions of glibc before 2.13, the following page will be helpful:
https://www.lordaro.co.uk/posts/2018-08-26-compiling-glibc.htm
Even though we can build glibc 2.13, even the oldest containers (Debian
8 and Ubuntu 14.04) are only able to run tor with starting with glibc
2.17. This is because the tor binary built in the container (using the
container system glibc) requires symbols for glibc 2.17. According to
this page
(https://gist.github.com/wagenet/35adca1a032cec2999d47b6c40aa45b1) this
provides coverage for the glibc versions present in the supported
versions of the top 10 Linux distros, except for CentOS 6.10 which EOLs
in November. Two containers (Ubuntu 14.04 and 18.04 or Debian 8 and
Debian 10) are enough to cover the glibc versions from 2.17 to 2.31.
Best regards,
--
Daniel Pinto
More information about the tor-dev
mailing list