Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add docs on JNA temp directory not being noexec #35355

Merged
merged 1 commit into from
Nov 8, 2018
Merged

Add docs on JNA temp directory not being noexec #35355

merged 1 commit into from
Nov 8, 2018

Conversation

jasontedor
Copy link
Member

If the underlying mount point for the JNA temporary directory is mounted noexec on Linux, then the JVM will not be able to map the native code in as executable. This will prevent JNA from executing and will prevent Elasticsearch from being able to execute some functions that rely on native code (e.g., memory locking, and installing system cal filters). We do not want to get into the business of catching exceptions and parsing messages towards this because these exception messages can change on us. We also do not want to jump through a lot of hoops to check the underlying mount point for noexec. Instead, we will rely on documentation to address this problem. This commit adds to the important system configuration section of the docs that the JNA temporary directory is not on a mount point with the noexec mount option.

Closes #35064

@jasontedor
Add docs on JNA temp directory not being noexec
ab5bbd3 
If the underlying mount point for the JNA temporary directory is mounted
noexec on Linux, then the JVM will not be able to map the native code in
as executable. This will prevent JNA from executing and will prevent
Elasticsearch from being able to execute some functions that rely on
native code (e.g., memory locking, and installing system cal
filters). We do not want to get into the business of catching exceptions
and parsing messages towards this because these exception messages can
change on us. We also do not want to jump through a lot of hoops to
check the underlying mount point for noexec. Instead, we will rely on
documentation to address this problem. This commit adds to the important
system configuration section of the docs that the JNA temporary
directory is not on a mount point with the noexec mount option.
@jasontedor jasontedor added >docs General docs changes :Core/Infra/Core Core issues without another label v7.0.0 v6.5.0 v6.6.0 labels Nov 8, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra

@nik9000
Copy link
Member

nik9000 commented Nov 8, 2018 via email

@jasontedor jasontedor merged commit a6073f5 into elastic:master Nov 8, 2018
jasontedor added a commit that referenced this pull request Nov 8, 2018
@jasontedor
Add docs on JNA temp directory not being noexec (#35355)
c3a8eac 
If the underlying mount point for the JNA temporary directory is mounted
noexec on Linux, then the JVM will not be able to map the native code in
as executable. This will prevent JNA from executing and will prevent
Elasticsearch from being able to execute some functions that rely on
native code (e.g., memory locking, and installing system call
filters). We do not want to get into the business of catching exceptions
and parsing messages towards this because these exception messages can
change on us. We also do not want to jump through a lot of hoops to
check the underlying mount point for noexec. Instead, we will rely on
documentation to address this problem. This commit adds to the important
system configuration section of the docs that the JNA temporary
directory is not on a mount point with the noexec mount option.
@jasontedor jasontedor deleted the jna-tmpdir-noexec-docs branch November 8, 2018 03:26
jasontedor added a commit that referenced this pull request Nov 8, 2018
@jasontedor
Add docs on JNA temp directory not being noexec (#35355)
72e615a 
If the underlying mount point for the JNA temporary directory is mounted
noexec on Linux, then the JVM will not be able to map the native code in
as executable. This will prevent JNA from executing and will prevent
Elasticsearch from being able to execute some functions that rely on
native code (e.g., memory locking, and installing system call
filters). We do not want to get into the business of catching exceptions
and parsing messages towards this because these exception messages can
change on us. We also do not want to jump through a lot of hoops to
check the underlying mount point for noexec. Instead, we will rely on
documentation to address this problem. This commit adds to the important
system configuration section of the docs that the JNA temporary
directory is not on a mount point with the noexec mount option.
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Nov 8, 2018
@jasontedor
Merge remote-tracking branch 'elastic/master' into os-pretty-name
12c1ecb 
* elastic/master: (25 commits)
  Fixes fast vector highlighter docs per issue 24318. (elastic#34190)
  [ML] Prevent notifications on deletion of a non existent job (elastic#35337)
  [CCR] Auto follow Coordinator fetch cluster state in system context (elastic#35120)
  Mute test for elastic#35361
  Preserve `date_histogram` format when aggregating on unmapped fields (elastic#35254)
  Test: Mute failing SSL test
  Allow unmapped fields in composite aggregations (elastic#35331)
  [RCI] Add IndexShardOperationPermits.asyncBlockOperations(ActionListener<Releasable>) (elastic#34902)
  HLRC: reindex API with wait_for_completion false (elastic#35202)
  Add docs on JNA temp directory not being noexec (elastic#35355)
  [CCR] Adjust list of dynamic index settings that should be replicated (elastic#35195)
  Replicate index settings to followers (elastic#35089)
  Rename RealmConfig.globalSettings() to settings() (elastic#35330)
  [TEST] Cleanup FileUserPasswdStoreTests (elastic#35329)
  Scripting: Add back lookup vars in score script (elastic#34833)
  watcher: Fix integration tests to ensure correct start/stop of Watcher (elastic#35271)
  Remove ALL shard check in CheckShrinkReadyStep (elastic#35346)
  Use soft-deleted docs to resolve strategy for engine operation (elastic#35230)
  [ILM] Check shard and relocation status in AllocationRoutedStep (elastic#35316)
  Ignore date ranges containing 'now' when pre-processing a percolator query (elastic#35160)
  ...
pgomulka pushed a commit to pgomulka/elasticsearch that referenced this pull request Nov 13, 2018
@jasontedor @pgomulka
Add docs on JNA temp directory not being noexec (elastic#35355)
e4c987c 
If the underlying mount point for the JNA temporary directory is mounted
noexec on Linux, then the JVM will not be able to map the native code in
as executable. This will prevent JNA from executing and will prevent
Elasticsearch from being able to execute some functions that rely on
native code (e.g., memory locking, and installing system call
filters). We do not want to get into the business of catching exceptions
and parsing messages towards this because these exception messages can
change on us. We also do not want to jump through a lot of hoops to
check the underlying mount point for noexec. Instead, we will rely on
documentation to address this problem. This commit adds to the important
system configuration section of the docs that the JNA temporary
directory is not on a mount point with the noexec mount option.
@jimczi jimczi added v7.0.0-beta1 and removed v7.0.0 labels Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nik9000 nik9000 Awaiting requested review from nik9000

Assignees
No one assigned
Labels
:Core/Infra/Core Core issues without another label >docs General docs changes v6.5.0 v6.6.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasontedor @elasticmachine @nik9000 @jimczi