New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mlockall fails on noexec /tmp #5493
Comments
I'm very sympathetic to not have JNA unpack, but unfortunately this has several implications for packaging and deployment. However I just looked into this and found that while our current version of JNA does not support a custom directoy, the latest version does (see https://github.com/twall/jna/blob/master/src/com/sun/jna/Native.java#L1014), so that might be a way forward. I'm not the biggest fan of simply logging the failure since that does not provide an actual solution to the problem and will only confuse too many people even more (who will then ask about how to turn off noexec). In the meantime you can try:
Hope this helps for now. |
Hey, thanks for your response. I agree logging isn't ideal, but in its defence:
|
Please have a look at https://github.com/hhoffstaette/elasticsearch/commit/3cb270cf4f7e2326eb7e924275b5187d9b140e09 and let me know if the message is clear enough. |
LGTM, thanks Holger! |
Updating to this version allows to configure a special JNA directory, in case the /tmp directory is mounted with the noexec option, as JNA extracts some data and tries to execute parts of it. Also updated documentation to clarify mlockall and memory settings as well as pointing to the new jna.tmpdir system property. Closes #5493
I've been debugging a system where I couldn't get memory locking working. The upshot is JNA extracts out the relevant native library to /tmp and trys to load it, however if you follow security best practice and disable execute in /tmp (noexec mount option), this fails silently. The JNA documentation recommends you extract out the libraries on systems with additional security constraints; in fact the JNA package that ships with RHEL puts the relevant library in /usr/lib64/jna.
I see two potential solutions:
The text was updated successfully, but these errors were encountered: