Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Can't run Java in Apache anymore
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Tue Jun 27, 2017 7:37 am    Post subject: [Solved] Can't run Java in Apache anymore Reply with quote

I don't know what happend but I can't run java in apache anymore.
Using: oracle-jdk-bin-1.8.0.131, apache-2.4.25.

Code:

#! /bin/bash

echo "Content-type: text/html"
echo ""

java -version > log


Code:

<?php

exec("/usr/bin/java -version > log");

?>


Code:

# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.


Last edited by sebaro on Tue Jul 04, 2017 8:06 pm; edited 1 time in total
Back to top
View user's profile Send private message
wolvie
n00b
n00b


Joined: 01 Mar 2004
Posts: 27

PostPosted: Fri Jun 30, 2017 9:07 pm    Post subject: Reply with quote

are you running a hardened kernel? PAX enabled? if so try

Code:
paxctl -c /usr/lib/jvm/oracle-jre-bin-1.8/bin/java
paxctl -m /usr/lib/jvm/oracle-jre-bin-1.8/bin/java


if not try to check the vm.max_map_count

Code:
sysctl -w vm.max_map_count=2555904


or a greater value

if the second fix the problem save if to you /etc/sysctl.conf
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 834

PostPosted: Sat Jul 01, 2017 6:14 pm    Post subject: Reply with quote

Maybe related, my hook to java was via Libreoffice database. Booting into kernel 4.9.34 and the connection fails. Reverted to kernel 4.9.16 and it all works again.
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Sun Jul 02, 2017 10:01 am    Post subject: Reply with quote

No PAX in kernel:
Code:

zcat /proc/config.gz | grep -i PaX


Set to 2.5 and 10 MB, same error:
Code:

# sysctl -w vm.max_map_count=2555904
vm.max_map_count = 2555904
# sysctl -w vm.max_map_count=10485760
vm.max_map_count = 10485760


EDIT:
Same with kernel 4.8, icedtea-3.4.0.

EDIT2:
PaX:
Code:

paxctl -v /usr/lib64/icedtea8/bin/java
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [/usr/lib64/icedtea8/bin/java]
   MPROTECT is disabled
   RANDEXEC is disabled
   EMUTRAMP is disabled

Apache log:
Code:

OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f6c81000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)
Back to top
View user's profile Send private message
wolvie
n00b
n00b


Joined: 01 Mar 2004
Posts: 27

PostPosted: Mon Jul 03, 2017 9:11 pm    Post subject: Reply with quote

I was able to reproduce the problem but couldn't find a fix yet, the problem seems to be in the apache spawning the java. I've tried some tweaks on ulimit without success
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Tue Jul 04, 2017 8:33 am    Post subject: Reply with quote

It's fine with apache 2.2, so maybe some flags/modules in 2.4 are not set or should not be set?

Code:

USE="ldap ssl suexec -debug -doc (-libressl) (-selinux) -static -threads"
APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir dumpio env expires ext_filter file_cache filter headers imagemap include info log_config log_forensic logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif socache_shmcb speling status substitute unique_id unixd userdir usertrack version vhost_alias -access_compat -authz_dbd -cache_disk -cache_socache -http2* -ident -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -macro* -proxy_fcgi* -proxy_html* -proxy_scgi -proxy_wstunnel* -ratelimit -remoteip -reqtimeout -slotmem_shm*" APACHE2_MPMS="prefork -event -worker"


EDIT:
Fine with nginx-1.13.1.
Back to top
View user's profile Send private message
wolvie
n00b
n00b


Joined: 01 Mar 2004
Posts: 27

PostPosted: Tue Jul 04, 2017 7:34 pm    Post subject: Reply with quote

Ok, after some googling I found something that my fix your issue, it fixed here

I'm assuming you are running systemd

edit the file:
Code:
/usr/lib/systemd/system/apache2.service


find the line
Code:
MemoryDenyWriteExecute=true

it might be line 24 and change it to
Code:
MemoryDenyWriteExecute=false


run
Code:
systemctl daemon-reload

and restart apache2 and voila
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Tue Jul 04, 2017 8:05 pm    Post subject: Reply with quote

That's it. Thanks.

There are two systemd service files for apache:
/usr/portage/www-servers/apache/files/apache2.2-hardened.service
/usr/portage/www-servers/apache/files/apache2.2.service

apache-2.4.23 ebuild was the last using apache2.2.service, from apache-2.4.25 was changed to hardened version which has that option "MemoryDenyWriteExecute=true", setting to prevent a service from creating memory mappings that are writable and executable at the same time.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum