Hello all,
Greeting and happy new year to all.
I am trying to sandbox a java
application using selinux sandbox.
System details: Redhat 6 | x86_64 |
no x server install | jdk7 from oracle tar.gz version | cgred
and cgconfig are stop
The cmd (run as root)
sandbox
/root/jdk/bin/java -version
above cmd failed with
/root/jdk/bin/java:
error while loading shared libraries: libjli.so: cannot open
shared object file: No such file or directory
Digging, revealed that "libjli.so"
is RPATH shared library. so i thought ok since sandbox is
copying my bin/java to /tmp/sandbox_random therefore a
hardcode path will not be found.
Then i change the RPATH using
"chrpath" utility and changed it to a hardcode value
But still it showed the same error.
Then i used the -M -i option of
sandbox and ran following command (i included all the .so file
it complaint about):
sandbox -M -i
/root/jdk/lib/amd64/jli/libjli.so -i
/root/jdk/jre/lib/amd64/libjava.so -i
/root/jdk/jre/lib/amd64/jvm.cfg -i
/root/jdk/jre/lib/amd64/server/libjvm.so -i
/root/jdk/jre/lib/amd64/libverify.so -i
/root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java
-version
Following command resulted in this
error:
Java HotSpot(TM) 64-Bit Server VM warning: INFO:
os::commit_memory(0x00007fb039000000, 2555904, 1) failed;
error='Permission denied' (errno=13)
#
# There is insufficient memory for the Java Runtime
Environment to continue.
# Native memory allocation (malloc) failed to allocate
2555904 bytes for committing reserved memory.
# An error report file with more information is saved
as:
# /root/hs_err_pid1270.log
Now i used the strace to see what
happened and strace printed(small section)
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7fb15b6359d0) = 8268
close(4) = 0
read(3, "", 1048576) = 0
close(3) = 0
wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning:
INFO: os::commit_memory(0x00007f4579000000, 2555904, 1)
failed; error='Permission denied' (errno=13)
I have enough space for sure
Can you guys please indicate
what might be wrong ?
