-
Noob question, I see "Static Linking notices" on the releases page stating that libseccomp is a build-time dependency of runc, meaning that libseccomp-devel package should be installed on the system during runc build. But what about runtime dependency ? I notice in Openela repo, runc spec having both a buildtime (BuildRequires tag) and a runtime (Requires tag) dependency on libseccomp. Can someone point me to the docs or explain why a runtime dependency for libseccomp is present. Also Ques2) diving into build time dependency, how does this static linking take place ? Is there a library in libseccomp-devel package that runc is supposed to link against ? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 8 replies
-
(This probably would've been better left as a discussion thread, but I'll answer here anyway.) The binaries we build and ship on the releases page are statically linked, in order to make sure they work on any Linux system. There is no runtime dependency on libseccomp for those binaries because libseccomp is already embedded inside the binary. However, distributions usually prefer shared linking (aka dynamic linking) where the binary has a reference to ldd examples
It is a little odd that they need to put an explicit
Dynamic linking is done against For runc in particular, we build our own copy of libseccomp (see |
Beta Was this translation helpful? Give feedback.
-
Noted for next time. |
Beta Was this translation helpful? Give feedback.
(This probably would've been better left as a discussion thread, but I'll answer here anyway.)
The binaries we build and ship on the releases page are statically linked, in order to make sure they work on any Linux system. There is no runtime dependency on libseccomp for those binaries because libseccomp is already embedded inside the binary.
However, distributions usually prefer shared linking (aka dynamic linking) where the binary has a reference to
libseccomp.so
that the link loader will load when the binary is executed. They usually prefer this because it (in theory) allows you to update the shared library with patches without having to rebuild every dependency, and improves memory us…