When using the container docker cp to copy data to the host, or the use of docker export container command to archive file, the following exception:
Error response from daemon: error processing tar file: docker-tar: relocation error: /lib/x86_64-linux-gnu/libnss_files.so.2: symbol __libc_readline_unlocked, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference : exit status 127
The corresponding solutions:
Initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host environment not in the chroot from untrusted files. CVE-2019-14271 may allow unprivileged access to host system while copying files from a malicious container image with docker cp command. Affected versions: v19.03.0. Older Docker versions are not affected by this issue. This fix is included in the already released Docker v19.03.1. Users of Docker v19.03.0 are advised to upgrade. (可参考链接:https://www.cnblogs.com/cnlihao/p/11255000.html)
According to the above description shows: The current version docker 19.03.0 there is a bug, but has already been fixed on the corresponding Docker v19.03.1 too, but very unfortunately, the current version is the landlord: 19.03 .0, as shown below:
So here, in order to solve the current problem, you must upgrade the current version;
Upgrade steps are as follows:
1, in the corresponding Docker official website, download the corresponding RPM package: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/ , where the landlord is selected: RPM 19.03.1 of Installation package
linux command as follows: wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.1-3.el7.x86_64.rpm
After downloading the corresponding RPM package, is performed on the corresponding server version upgrade existing Docker, using the command: yum -y update /opt/docker-ce-19.03.1-3.el7.x86_64.rpm, ( please note: Docker upgrade the existing version is enabled so will result in a container all the stops), after Docker here to update the corresponding version, re-use export command, this time is no longer above-mentioned exception
2, except that way yum -y update updates, may be re-selected after the current Docker unloading packages, Docker reinstall the new version, as follows:
a) delete the current version of the old Docker:
sudo yum remove docker \
docker-client \
docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine
b) delete the existing image data and Docker container (if not deleted, the newly installed, and the container can still find information corresponding to the mirror through the docker images) (this step is: not tested)
Find / etc / systemd -name '* * Docker' -exec RM -f {} \;
Find / etc / systemd -name '* * Docker' -exec RM -f {} \;
Find / lib / systemd -name ' * docker * '-exec rm -f { } \;
before rm -rf / var / lib / docker # delete the existing image and the container, optionally
rm -rf / var / run / docker
c) by specifying here for yum install package, sudo yum install /opt/docker-ce-19.03.1-3.el7.x86_64.rpm
d) Start Docker; systemctl start docker
3, using the yum install directly corresponding Docker repository (no longer need to manually download the RPM packages, but need to ensure that the Internet has been linked, suitable for direct installation of the operating line (RPM is suitable for installation Docker offline))
a) Reference novice tutorial introduction to the installation of Docker repository, following links: https://www.runoob.com/docker/centos-docker-install.html
b) Reference blog: https://www.cnblogs.com/wdliu/p/10194332.html
c) Whether it is installation above the rookie described in the tutorial, or installation as described in a second blog, its essence comes from, indicating Docker official tutorial for the online repository installed For reference Docker official installation tutorial, you can refer to this link: https://docs.docker.com/install/linux/docker-ce/centos/ (indicating separately: 1, Docker use online repository for installation, 2, for mounting the offline rpm package installation, and 3, directly online and easy way to install scripts)