Hello William,
My current selinux settings are:
SELINUX=enforcing
SELINUXTYPE=targeted
[1] cleared all the /var/log/audit/* and ran the same command which give memory error and all logs were generated i.e empty directory.
[2] install openjdk using "yum install java-1.7.0-openjdk-devel" and ran the same command but using the openjdk java and it throw the same memory error
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fdabd000000, 2555904, 1) failed; error='Permission denied' (errno=13)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.
On Sun, Dec 28, 2014 at 9:54 PM, William Muriithi <william.muriithi@xxxxxxxxx> wrote:
Gupta,
You should share your selinux logs. They are under /var/log/audit directory. Trigger the problem again and share the last couple of hundred lines.
Before that though, find the directory openjdk installed and install sun java there. Don't think using root home directory is a good idea and selinux may be whining because of that. Or just install in /usr/local/bin
William
Hello all,
Greeting and happy new year to all.
I am trying to sandbox a java application using selinux sandbox.
System details: Redhat 6 | x86_64 | no x server install | jdk7 from oracle tar.gz version | cgred and cgconfig are stop
The cmd (run as root)
sandbox /root/jdk/bin/java -version
above cmd failed with
/root/jdk/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
Digging, revealed that "libjli.so" is RPATH shared library. so i thought ok since sandbox is copying my bin/java to /tmp/sandbox_random therefore a hardcode path will not be found.
Then i change the RPATH using "chrpath" utility and changed it to a hardcode value
But still it showed the same error.
Then i used the -M -i option of sandbox and ran following command (i included all the .so file it complaint about):
sandbox -M -i /root/jdk/lib/amd64/jli/libjli.so -i /root/jdk/jre/lib/amd64/libjava.so -i /root/jdk/jre/lib/amd64/jvm.cfg -i /root/jdk/jre/lib/amd64/server/libjvm.so -i /root/jdk/jre/lib/amd64/libverify.so -i /root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java -version
Following command resulted in this error:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fb039000000, 2555904, 1) failed; error='Permission denied' (errno=13)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /root/hs_err_pid1270.log
Now i used the strace to see what happened and strace printed(small section)
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb15b6359d0) = 8268
close(4) = 0
read(3, "", 1048576) = 0
close(3) = 0
wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f4579000000, 2555904, 1) failed; error='Permission denied' (errno=13)
I have enough space for sure
Can you guys please indicate what might be wrong ?
On Sun, Dec 28, 2014 at 9:54 PM, William Muriithi <william.muriithi@xxxxxxxxx> wrote:
Gupta,
You should share your selinux logs. They are under /var/log/audit directory. Trigger the problem again and share the last couple of hundred lines.
Before that though, find the directory openjdk installed and install sun java there. Don't think using root home directory is a good idea and selinux may be whining because of that. Or just install in /usr/local/bin
William
Hello all,
Greeting and happy new year to all.
I am trying to sandbox a java application using selinux sandbox.
System details: Redhat 6 | x86_64 | no x server install | jdk7 from oracle tar.gz version | cgred and cgconfig are stop
The cmd (run as root)
sandbox /root/jdk/bin/java -version
above cmd failed with
/root/jdk/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
Digging, revealed that "libjli.so" is RPATH shared library. so i thought ok since sandbox is copying my bin/java to /tmp/sandbox_random therefore a hardcode path will not be found.
Then i change the RPATH using "chrpath" utility and changed it to a hardcode value
But still it showed the same error.
Then i used the -M -i option of sandbox and ran following command (i included all the .so file it complaint about):
sandbox -M -i /root/jdk/lib/amd64/jli/libjli.so -i /root/jdk/jre/lib/amd64/libjava.so -i /root/jdk/jre/lib/amd64/jvm.cfg -i /root/jdk/jre/lib/amd64/server/libjvm.so -i /root/jdk/jre/lib/amd64/libverify.so -i /root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java -version
Following command resulted in this error:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fb039000000, 2555904, 1) failed; error='Permission denied' (errno=13)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /root/hs_err_pid1270.log
Now i used the strace to see what happened and strace printed(small section)
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb15b6359d0) = 8268
close(4) = 0
read(3, "", 1048576) = 0
close(3) = 0
wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f4579000000, 2555904, 1) failed; error='Permission denied' (errno=13)
I have enough space for sure
Can you guys please indicate what might be wrong ?
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux