github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-30 02:13:33 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/setup/sysconfig/executable-jna-tmpdir.asciidoc
David Turner 57dbefe4fb
Set LIBFFI_TMPDIR at startup (#80651) 
Today if `libffi` cannot allocate pages of memory which are both
writeable and executable then it will attempt to write code to a
temporary file. Elasticsearch configures itself a suitable temporary
directory for use by JNA but by default `libffi` won't find this
directory and will try various other places. In certain configurations,
none of the other places that `libffi` tries are suitable. With older
versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM
will exit with an exception.

With this commit we use the `LIBFFI_TMPDIR` environment variable to
configure `libffi` to use the same directory as JNA for its temporary
files if they are needed.

Closes #18272
Closes #73309
Closes #74545
Closes #77014
Closes #77053
Relates #77285

Co-authored-by: Rory Hunter <roryhunter2@gmail.com>
2021-11-15 08:18:58 +00:00

37 lines
1.8 KiB
Text
Raw Blame History

[[executable-jna-tmpdir]]
=== JNA temporary directory not mounted with `noexec`
[NOTE]
This is only relevant for Linux.
{es} uses the Java Native Access (JNA) library, and another library called
`libffi`, for executing some platform-dependent native code. On Linux, the
native code backing these libraries is extracted at runtime into a temporary
directory and then mapped into executable pages in {es}'s address space. This
requires the underlying files not to be on a filesystem mounted with the
`noexec` option.
By default, {es} will create its temporary directory within `/tmp`. However,
some hardened Linux installations mount `/tmp` with the `noexec` option by
default. This prevents JNA and `libffi` from working correctly. For instance,
at startup JNA may fail to load with an `java.lang.UnsatisfiedLinkerError`
exception or with a message that says something similar to
`failed to map segment from shared object`. Note that the exception message can
differ amongst JVM versions. Additionally, the components of {es} that rely on
execution of native code via JNA may fail with messages indicating that it is
`because JNA is not available`.
To resolve these problems, either remove the `noexec` option from your `/tmp`
filesystem, or configure {es} to use a different location for its temporary
directory by setting the <<es-tmpdir,`$ES_TMPDIR`>> environment variable. For
instance:
["source","sh",subs="attributes"]
--------------------------------------------
export ES_TMPDIR=/usr/share/elasticsearch/tmp
--------------------------------------------
Alternatively, you can configure the path that JNA uses for its temporary files
with the <<set-jvm-options,JVM flag>> `-Djna.tmpdir=<path>` and you can
configure the path that `libffi` uses for its temporary files with the
`LIBFFI_TMPDIR` environment variable.
Reference in a new issue View git blame Copy permalink