New post
Question
· Mar 22, 2020

Adjusting LD_LIBRARY_PATH in containers

#Containerization #Docker #InterSystems IRIS

I'm building a container from store/intersystems/iris-community:2019.4.0.383.0 .

I need to add my folder to the LD_LIBRARY_PATH  so that my custom shared library would load at runtime.

How can I do that?

Here's what I tried:

ARG IMAGE=store/intersystems/iris-community:2019.4.0.383.0
FROM ${IMAGE}

USER root

ENV MYDIR /usr/mydir

ENV LD_LIBRARY_PATH $MYDIR:$LD_LIBRARY_PATH

RUN mkdir "$MYDIR"; \
	chown -hR $ISC_PACKAGE_IRISUSER:$ISC_PACKAGE_IRISGROUP $MYDIR; \
	chmod -R 777 $MYDIR; \
	echo "LD_LIBRARY_PATH=\"$MYDIR\"" >> /etc/environment; \
	echo "$MYDIR" >> /etc/ld.so.conf.d/my.conf; \
	echo "LD_LIBRARY_PATH=$MYDIR:$LD_LIBRARY_PATH" >> /home/$ISC_PACKAGE_IRISUSER/.profile; \
	echo "LD_LIBRARY_PATH=$MYDIR:$LD_LIBRARY_PATH" >> /home/$ISC_PACKAGE_MGRUSER/.profile; \
	ldconfig; \
	echo $LD_LIBRARY_PATH;
	
USER irisowner

RUN iris start $ISC_PACKAGE_INSTANCENAME && \
    /bin/echo -e "w \$system.Util.GetEnviron(\"LD_LIBRARY_PATH\")" \
                 " halt" \
    | iris session $ISC_PACKAGE_INSTANCENAME && \
 iris stop $ISC_PACKAGE_INSTANCENAME quietly

However at both buildtime and runtime this call:

w $system.Util.GetEnviron("LD_LIBRARY_PATH")

returns

/usr/irissys/bin

And not

/usr/mydir:/usr/irissys/bin

Which at runtime causes my main issue:

Failed to load dynamic library <> cannot open shared object file: No such file or directory

Any ideas?

Discussion (2)0
Log in or sign up to continue
Conor Walsh · Mar 22, 2020

This is a security feature.  The environment for things like LD_LIBRARY_PATH is strictly controlled to minimize the risk of unauthorized input.

There's an iris.cpf setting that will help you: https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls?KEY=RACS_LibPath
 

Two Dockerfiles that would work:

FROM ${IMAGE}

ENV MYDIR /usr/mydir

    # Add MYDIR to the LD_LIBRARY_PATH of IRIS subprocesses
RUN sed /usr/irissys/iris.cpf -e "s%^LibPath=%LibPath=$MYDIR%" > /tmp/iris.cpf \
    # sed -i alters ownership, this approach preserves it
 && cat /tmp/iris.cpf > /usr/irissys/iris.cpf
FROM ${IMAGE}

ENV MYDIR /usr/mydir

USER root
    # Add MYDIR to the LD_LIBRARY_PATH of IRIS subprocesses
RUN sed -i $ISC_PACKAGE_INSTALLDIR/iris.cpf -e "s%^LibPath=%LibPath=$MYDIR%" \
    # sed -i alters ownership, let's reset it
 && chown $ISC_PACKAGE_MGRUSER:$ISC_PACKAGE_IRISGROUP $ISC_PACKAGE_INSTALLDIR/iris.cpf

USER $ISC_PACKAGE_MGRUSER
2 0