-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LIBFFI_TMPDIR should point somewhere that permits executables #77014
Comments
Pinging @elastic/es-delivery (Team:Delivery) |
This sounds like a reasonable change. Do we have any ideas around testing this? |
I see a couple of options:
|
After a bit of digging, it turns out that support for |
Yeah, seems we don't have such a testing environment right now but probably should. Do we have an idea of the specific controls that need to be enabled to reproduce? |
We know at least some of them I think:
That might not be everything, but this problem comes up frequently enough that I don't think it's going to need anything especially weird to reproduce. If the list above isn't enough then we can use |
Upgrade to 5.10.0 The latest JNA release introduces the features needed to resolve elastic/elasticsearch#77014. This commit updates the version we repackage to pick these features up.
Didn't intend to close this, reopening. |
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
It seems that -Djava.io.tmpdir alone is not enough to allow elasticsearch startup.
If you have issue with above path (e.g. also mounted with noexec flag) you can introduce new path that is not under
Then update /etc/sysconfig/elasticsearch file accordingly:
I think developers need to hardcode somewhere TMPDIR=$ES_TMPDIR |
That's one possible workaround @spricer, but |
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
Ugh Github keeps misinterpreting commit messages and closing this. Reopening again... |
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]> Co-authored-by: Rory Hunter <[email protected]>
Hi Dave I understand your concern but please also consider that elasticsearch is executing under elasticsearch user session (at least Linux side) with its own env vars. That means that TMPDIR would be affected for that session/user only and if no other JAVA app is running noting else would be affected. |
* Set LIBFFI_TMPDIR at startup (#80651) Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]> * Fix incorrect SSL usage Co-authored-by: Rory Hunter <[email protected]>
Sorry for the delay in getting back to you on this @spricer. I'm not sure I understand your last message. Are you saying that the fix in 7.16 (now released) doesn't work for you? If so, can you share more details of how it fails? |
JNA requires a temporary directory which is not mounted
noexec
, but JNA also useslibffi
which itself requires a temporary directory that isn't mountednoexec
. If none of the usual suspects work,libffi
will fall back to$HOME
which will often work, but in general might also not permit executables (or even exist).We override the temporary directory that JNA uses by setting the
java.io.tmpdir
system property toES_TMPDIR
. I believe we should do the same thing forlibffi
, by setting theLIBFFI_TMPDIR
environment variable. We should also document that this can be overridden much as we do for thejna.tmpdir
system property (which trumpsjava.io.tmpdir
if set).Fixing this would, I believe, also fix #73309.
The text was updated successfully, but these errors were encountered: