| View previous topic :: View next topic |
| Author |
Message |
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
 Posted: Tue Jun 27, 2017 7:37 am Post subject: [Solved] Can't run Java in Apache anymore |
 |
|
I don't know what happend but I can't run java in apache anymore.
Using: oracle-jdk-bin-1.8.0.131, apache-2.4.25.
| Code: |
#! /bin/bash
echo "Content-type: text/html"
echo ""
java -version > log
|
| Code: |
<?php
exec("/usr/bin/java -version > log");
?>
|
| Code: |
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.
|
Last edited by sebaro on Tue Jul 04, 2017 8:06 pm; edited 1 time in total |
|
| Back to top |
|
 |
wolvie
n00b
Joined: 01 Mar 2004
Posts: 32
Location: Stockholm, Sweden
|
| Posted: Fri Jun 30, 2017 9:07 pm Post subject: |
|
|
are you running a hardened kernel? PAX enabled? if so try
| Code: | paxctl -c /usr/lib/jvm/oracle-jre-bin-1.8/bin/java
paxctl -m /usr/lib/jvm/oracle-jre-bin-1.8/bin/java
|
if not try to check the vm.max_map_count
| Code: | | sysctl -w vm.max_map_count=2555904 |
or a greater value
if the second fix the problem save if to you /etc/sysctl.conf |
|
| Back to top |
|
|
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Sat Jul 01, 2017 6:14 pm Post subject: |
|
|
| Maybe related, my hook to java was via Libreoffice database. Booting into kernel 4.9.34 and the connection fails. Reverted to kernel 4.9.16 and it all works again. |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Sun Jul 02, 2017 10:01 am Post subject: |
|
|
No PAX in kernel:
| Code: |
zcat /proc/config.gz | grep -i PaX
|
Set to 2.5 and 10 MB, same error:
| Code: |
# sysctl -w vm.max_map_count=2555904
vm.max_map_count = 2555904
# sysctl -w vm.max_map_count=10485760
vm.max_map_count = 10485760
|
EDIT:
Same with kernel 4.8, icedtea-3.4.0.
EDIT2:
PaX:
| Code: |
paxctl -v /usr/lib64/icedtea8/bin/java
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>
- PaX flags: -----m-x-e-- [/usr/lib64/icedtea8/bin/java]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
|
Apache log:
| Code: |
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f6c81000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)
|
|
|
| Back to top |
|
|
wolvie
n00b
Joined: 01 Mar 2004
Posts: 32
Location: Stockholm, Sweden
|
| Posted: Mon Jul 03, 2017 9:11 pm Post subject: |
|
|
| I was able to reproduce the problem but couldn't find a fix yet, the problem seems to be in the apache spawning the java. I've tried some tweaks on ulimit without success |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Tue Jul 04, 2017 8:33 am Post subject: |
|
|
It's fine with apache 2.2, so maybe some flags/modules in 2.4 are not set or should not be set?
| Code: |
USE="ldap ssl suexec -debug -doc (-libressl) (-selinux) -static -threads"
APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir dumpio env expires ext_filter file_cache filter headers imagemap include info log_config log_forensic logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif socache_shmcb speling status substitute unique_id unixd userdir usertrack version vhost_alias -access_compat -authz_dbd -cache_disk -cache_socache -http2* -ident -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -macro* -proxy_fcgi* -proxy_html* -proxy_scgi -proxy_wstunnel* -ratelimit -remoteip -reqtimeout -slotmem_shm*" APACHE2_MPMS="prefork -event -worker"
|
EDIT:
Fine with nginx-1.13.1. |
|
| Back to top |
|
|
wolvie
n00b
Joined: 01 Mar 2004
Posts: 32
Location: Stockholm, Sweden
|
| Posted: Tue Jul 04, 2017 7:34 pm Post subject: |
|
|
Ok, after some googling I found something that my fix your issue, it fixed here
I'm assuming you are running systemd
edit the file:
| Code: | | /usr/lib/systemd/system/apache2.service |
find the line
| Code: | | MemoryDenyWriteExecute=true |
it might be line 24 and change it to
| Code: | | MemoryDenyWriteExecute=false |
run
| Code: | | systemctl daemon-reload |
and restart apache2 and voila |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Tue Jul 04, 2017 8:05 pm Post subject: |
|
|
That's it. Thanks.
There are two systemd service files for apache:
/usr/portage/www-servers/apache/files/apache2.2-hardened.service
/usr/portage/www-servers/apache/files/apache2.2.service
apache-2.4.23 ebuild was the last using apache2.2.service, from apache-2.4.25 was changed to hardened version which has that option "MemoryDenyWriteExecute=true", setting to prevent a service from creating memory mappings that are writable and executable at the same time. |
|
| Back to top |
|
|
|
Networking & Security
