LIBFFI_TMPDIR should point somewhere that permits executables #77014
Comments
DaveCTurner
added
>enhancement
:Delivery/Packaging
|
Pinging @elastic/es-delivery (Team:Delivery) |
|
This sounds like a reasonable change. Do we have any ideas around testing this? |
|
I see a couple of options:
|
|
After a bit of digging, it turns out that support for |
Yeah, seems we don't have such a testing environment right now but probably should. Do we have an idea of the specific controls that need to be enabled to reproduce? |
We know at least some of them I think:
That might not be everything, but this problem comes up frequently enough that I don't think it's going to need anything especially weird to reproduce. If the list above isn't enough then we can use |
Upgrade to 5.10.0 The latest JNA release introduces the features needed to resolve elastic/elasticsearch#77014. This commit updates the version we repackage to pick these features up.
|
Didn't intend to close this, reopening. |
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
|
It seems that -Djava.io.tmpdir alone is not enough to allow elasticsearch startup. If you have issue with above path (e.g. also mounted with noexec flag) you can introduce new path that is not under Then update /etc/sysconfig/elasticsearch file accordingly: I think developers need to hardcode somewhere TMPDIR=$ES_TMPDIR |
|
That's one possible workaround @spricer, but |
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve elastic#77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
This commit upgrades JNA to 5.10.0. The primary reason for this upgrade is to adopt a newer version of `libffi` which supports the `LIBFFI_TMPDIR` environment variable so that we can change the location of temporary executables and resolve #77014. This commit also switches to the upstream JNA releases rather than using the specially-repackaged ones we've used in the past.
|
Ugh Github keeps misinterpreting commit messages and closing this. Reopening again... |
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since elastic#80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes elastic#18272 Closes elastic#73309 Closes elastic#74545 Closes elastic#77014 Closes elastic#77053 Relates elastic#77285 Co-authored-by: Rory Hunter <[email protected]>
Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]> Co-authored-by: Rory Hunter <[email protected]>
Hi Dave I understand your concern but please also consider that elasticsearch is executing under elasticsearch user session (at least Linux side) with its own env vars. That means that TMPDIR would be affected for that session/user only and if no other JAVA app is running noting else would be affected. |
* Set LIBFFI_TMPDIR at startup (#80651) Today if `libffi` cannot allocate pages of memory which are both writeable and executable then it will attempt to write code to a temporary file. Elasticsearch configures itself a suitable temporary directory for use by JNA but by default `libffi` won't find this directory and will try various other places. In certain configurations, none of the other places that `libffi` tries are suitable. With older versions of JNA this would result in a `SIGSEGV`; since #80617 the JVM will exit with an exception. With this commit we use the `LIBFFI_TMPDIR` environment variable to configure `libffi` to use the same directory as JNA for its temporary files if they are needed. Closes #18272 Closes #73309 Closes #74545 Closes #77014 Closes #77053 Relates #77285 Co-authored-by: Rory Hunter <[email protected]> * Fix incorrect SSL usage Co-authored-by: Rory Hunter <[email protected]>
|
Sorry for the delay in getting back to you on this @spricer. I'm not sure I understand your last message. Are you saying that the fix in 7.16 (now released) doesn't work for you? If so, can you share more details of how it fails? |
JNA requires a temporary directory which is not mounted
noexec, but JNA also useslibffiwhich itself requires a temporary directory that isn't mountednoexec. If none of the usual suspects work,libffiwill fall back to$HOMEwhich will often work, but in general might also not permit executables (or even exist).We override the temporary directory that JNA uses by setting the
java.io.tmpdirsystem property toES_TMPDIR. I believe we should do the same thing forlibffi, by setting theLIBFFI_TMPDIRenvironment variable. We should also document that this can be overridden much as we do for thejna.tmpdirsystem property (which trumpsjava.io.tmpdirif set).Fixing this would, I believe, also fix #73309.
The text was updated successfully, but these errors were encountered: