<div dir="ltr">sorry for the typo:<div><pre style="white-space:pre-wrap;color:rgb(0,0,0)">[1] cleared all the /var/log/audit/* and ran the same command which give
memory error and no logs were generated i.e empty directory.</pre></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 28, 2014 at 11:07 PM, Bhuvan Gupta <span dir="ltr"><<a href="mailto:bhuvangu@gmail.com" target="_blank">bhuvangu@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello William,<div>My current selinux settings are:</div><div><div>SELINUX=enforcing<br></div><div>SELINUXTYPE=targeted<br></div></div><div><br></div><div>[1] cleared all the <span style="font-size:13px">/var/log/audit/* and ran the same command which give memory error and all logs were generated i.e empty directory.</span></div><div><span style="font-size:13px"><br></span></div><div><span style="font-size:13px">[2] install openjdk using "</span>yum install java-1.7.0-openjdk-devel" and ran the same command but using the openjdk java and it throw the same memory error</div><div><div><i>OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fdabd000000, 2555904, 1) failed; error='Permission denied' (errno=13)</i></div><span class=""><div><i>#</i></div><div><i># There is insufficient memory for the Java Runtime Environment to continue.</i></div><div><i># Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.</i></div></span></div><div><br></div><div><span style="font-size:13px"><br></span></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 28, 2014 at 9:54 PM, William Muriithi <span dir="ltr"><<a href="mailto:william.muriithi@gmail.com" target="_blank">william.muriithi@gmail.com</a>></span> wrote:<div><div class="h5"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Gupta,<br><br>You should share your selinux logs. They are under /var/log/audit directory. Trigger the problem again and share the last couple of hundred lines.<br><br>Before that though, find the directory openjdk installed and install sun java there. Don't think using root home directory is a good idea and selinux may be whining because of that. Or just install in /usr/local/bin<br><br>William <br><br><div><div><br>Hello all, <br>Greeting and happy new year to all.<br>I am trying to sandbox a java application using selinux sandbox.<br>System details: Redhat 6 | x86_64 | no x server install | jdk7 from oracle tar.gz version | cgred and cgconfig are stop <br>The cmd (run as root)<br> sandbox /root/jdk/bin/java -version<br>above cmd failed with <br> /root/jdk/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory<br><br>Digging, revealed that "libjli.so" is RPATH shared library. so i thought ok since sandbox is copying my bin/java to /tmp/sandbox_random therefore a hardcode path will not be found.<br>Then i change the RPATH using "chrpath" utility and changed it to a hardcode value<br>But still it showed the same error.<br><br>Then i used the -M -i option of sandbox and ran following command (i included all the .so file it complaint about):<br> sandbox -M -i /root/jdk/lib/amd64/jli/libjli.so -i /root/jdk/jre/lib/amd64/libjava.so -i /root/jdk/jre/lib/amd64/jvm.cfg -i /root/jdk/jre/lib/amd64/server/libjvm.so -i /root/jdk/jre/lib/amd64/libverify.so -i /root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java -version<br><br>Following command resulted in this error:<br>Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fb039000000, 2555904, 1) failed; error='Permission denied' (errno=13)<br>#<br># There is insufficient memory for the Java Runtime Environment to continue.<br># Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.<br># An error report file with more information is saved as:<br># /root/hs_err_pid1270.log<br><br>Now i used the strace to see what happened and strace printed(small section) <br>clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb15b6359d0) = 8268<br>close(4) = 0<br>read(3, "", 1048576) = 0<br>close(3) = 0<br>wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f4579000000, 2555904, 1) failed; error='Permission denied' (errno=13)<br><br>I have enough space for sure<br><br>Can you guys please indicate what might be wrong ?<br><br></div></div></blockquote></div></div></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 28, 2014 at 9:54 PM, William Muriithi <span dir="ltr"><<a href="mailto:william.muriithi@gmail.com" target="_blank">william.muriithi@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Gupta,<br>
<br>
You should share your selinux logs. They are under /var/log/audit directory. Trigger the problem again and share the last couple of hundred lines.<br>
<br>
Before that though, find the directory openjdk installed and install sun java there. Don't think using root home directory is a good idea and selinux may be whining because of that. Or just install in /usr/local/bin<br>
<br>
William <br>
<br>
<div><div><br>
Hello all, <br>
Greeting and happy new year to all.<br>
I am trying to sandbox a java application using selinux sandbox.<br>
System details: Redhat 6 | x86_64 | no x server install | jdk7 from oracle tar.gz version | cgred and cgconfig are stop <br>
The cmd (run as root)<br>
sandbox /root/jdk/bin/java -version<br>
above cmd failed with <br>
/root/jdk/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory<br>
<br>
Digging, revealed that "libjli.so" is RPATH shared library. so i thought ok since sandbox is copying my bin/java to /tmp/sandbox_random therefore a hardcode path will not be found.<br>
Then i change the RPATH using "chrpath" utility and changed it to a hardcode value<br>
But still it showed the same error.<br>
<br>
Then i used the -M -i option of sandbox and ran following command (i included all the .so file it complaint about):<br>
sandbox -M -i /root/jdk/lib/amd64/jli/libjli.so -i /root/jdk/jre/lib/amd64/libjava.so -i /root/jdk/jre/lib/amd64/jvm.cfg -i /root/jdk/jre/lib/amd64/server/libjvm.so -i /root/jdk/jre/lib/amd64/libverify.so -i /root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java -version<br>
<br>
Following command resulted in this error:<br>
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fb039000000, 2555904, 1) failed; error='Permission denied' (errno=13)<br>
#<br>
# There is insufficient memory for the Java Runtime Environment to continue.<br>
# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.<br>
# An error report file with more information is saved as:<br>
# /root/hs_err_pid1270.log<br>
<br>
Now i used the strace to see what happened and strace printed(small section) <br>
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb15b6359d0) = 8268<br>
close(4) = 0<br>
read(3, "", 1048576) = 0<br>
close(3) = 0<br>
wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f4579000000, 2555904, 1) failed; error='Permission denied' (errno=13)<br>
<br>
I have enough space for sure<br>
<br>
Can you guys please indicate what might be wrong ?<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>