execute: load a bunch of libs before we disable dlopen()

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index b8c4a92402f383b2490065c19fcfa71904dcb070..6aa01dceaf9327cfef280120149f0906aceae4a8 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -32,6 +32,7 @@
 #include "constants.h"
 #include "copy.h"
 #include "coredump-util.h"
+#include "cryptsetup-util.h"
 #include "dissect-image.h"
 #include "dynamic-user.h"
 #include "env-util.h"
@@ -48,6 +49,7 @@
 #include "io-util.h"
 #include "iovec-util.h"
 #include "journal-send.h"
+#include "libmount-util.h"
 #include "manager.h"
 #include "memfd-util.h"
 #include "mkdir-label.h"
@@ -5818,6 +5820,12 @@ int exec_invoke(
                 }
         }
 
+        /* Load a bunch of libraries we'll possibly need later, before we turn off dlopen() */
+        (void) dlopen_bpf();
+        (void) dlopen_cryptsetup();
+        (void) dlopen_libmount();
+        (void) dlopen_libseccomp();
+
         /* Let's now disable further dlopen()ing of libraries, since we are about to do namespace
          * shenanigans, and do not want to mix resources from host and namespace */
         block_dlopen();

diff --git a/src/core/meson.build b/src/core/meson.build
index fbadd0f6a6f6be89889ef21c883831ee12858aa8..10a7ae2f8cd68fe1d2b87cb10930bc9d72f82f2d 100644 (file)
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -212,6 +212,9 @@ executables += [
                 'link_with' : executor_libs,
                 'dependencies' : [
                         libapparmor_cflags,
+                        libbpf_cflags,
+                        libcryptsetup_cflags,
+                        libmount_cflags,
                         libpam_cflags,
                         libseccomp_cflags,
                         libselinux_cflags,