Hello
I'm a happy user of Proxmox and I upgraded today to v4; so I had to migrate my openvz containers to LXC.
One of them, used to run Jenkins and it's not running anymore. The stacktrace is;
java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-7-openjdk-i386/jre/lib/i386/headless/libmawt.so: libkrb5support.so.0: failed to map segment from shared object: Operation not permitted
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1851)
at java.lang.Runtime.load0(Runtime.java:795)
at java.lang.System.load(System.java:1062)
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1872)
at java.lang.Runtime.loadLibrary0(Runtime.java:849)
When I straced Jenkins, I found this is the problem:
open("/usr/lib/i386-linux-gnu/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 145
read(145, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\27\0\0004\0\0\0"..., 512) = 512
fstat64(145, {st_mode=S_IFREG|0644, st_size=30320, ...}) = 0
mmap2(NULL, 33116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 145, 0) = -1 EPERM (Operation not permitted)
The mmap2 man page says this error is because:
EPERM
The prot argument asks for PROT_EXEC but the mapped area belongs to a file on a file system that was mounted no-exec.
But my root filesystem do not seem to be mounted noexec:
/dev/loop0 on / type ext4 (rw,relatime,data=ordered)
I suspect there's something weird going with LXC but I've run out of ideas.. hints?
I'm a happy user of Proxmox and I upgraded today to v4; so I had to migrate my openvz containers to LXC.
One of them, used to run Jenkins and it's not running anymore. The stacktrace is;
java.lang.UnsatisfiedLinkError: /usr/lib/jvm/java-7-openjdk-i386/jre/lib/i386/headless/libmawt.so: libkrb5support.so.0: failed to map segment from shared object: Operation not permitted
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1851)
at java.lang.Runtime.load0(Runtime.java:795)
at java.lang.System.load(System.java:1062)
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1872)
at java.lang.Runtime.loadLibrary0(Runtime.java:849)
When I straced Jenkins, I found this is the problem:
open("/usr/lib/i386-linux-gnu/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 145
read(145, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\27\0\0004\0\0\0"..., 512) = 512
fstat64(145, {st_mode=S_IFREG|0644, st_size=30320, ...}) = 0
mmap2(NULL, 33116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 145, 0) = -1 EPERM (Operation not permitted)
The mmap2 man page says this error is because:
EPERM
The prot argument asks for PROT_EXEC but the mapped area belongs to a file on a file system that was mounted no-exec.
But my root filesystem do not seem to be mounted noexec:
/dev/loop0 on / type ext4 (rw,relatime,data=ordered)
I suspect there's something weird going with LXC but I've run out of ideas.. hints?