linux - How and why does "setenforce 0" allow Java 7 to run? -



linux - How and why does "setenforce 0" allow Java 7 to run? -

i've made changes on programme i'm working on , i've updated java java 6 java 7.

i running programme on centos 5.8 32-bit vm.

before java update worked fine.

now process isn't starting error:

[root@centos-58-i-0 bin]# ./agent.sh start starting agent.....d. running (23442). error: dl failure on line 864 error: failed /agent/jre/lib/i386/client/libjvm.so, because /agent/jre/lib/i386/client/libjvm.so: cannot restore segment prot after reloc: permission denied

i've checked online , solution/workaround run command:

setenforce 0

and work.

reading documentation on setenforce command, didn't understand , how did solve problem.

so questions are:

what may cause error prevents me starting process? why setenforce command solve it? please give short explanation of setenforce in general.

1) may cause error prevents me starting process ?

this problem caused selinux enforcing access policy forbids application changing memory protection attributes of memory segment

centos, fedora, scientific linux , redhat entrprise linux have selinux set "enforcing" mode default.

2) why setenforce command solves ?

3) short explanation of setenforce in general

running setenforce 0 switching selinux "permissive" mode.

this "fixes" problem, not thought if scheme exposed. thought of selinux targeted access policies protect scheme limiting things exposed services can ... if hacked, example. have turned protection off.

a improve approach to:

check security / audit logs, figure out triggered avc alert decide if safe service doing figure out temporary prepare using chcon alter relevant security context or flags. implement permanent prepare adding local policy override.

but need selinux skills / knowledge pull off.

in particular case, alternative (and less dangerous) "quick fix" run this:

# chcon -t textrel_shlib_t /agent/jre/lib/i386/client/libjvm.so

but note temporary security context alter made using chcon undone if need restorecon.

java linux java-7 selinux

Comments

Post a Comment

Popular posts from this blog

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer -

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer - when trying request rest service @ time of response getting exception.. feb 21, 2013 2:34:49 pm com.sun.jersey.spi.container.containerresponse mapmappablecontainerexception severe: exception contained within mappablecontainerexception not mapped response, re-throwing http container java.lang.noclassdeffounderror: not initialize class net.sf.cglib.proxy.enhancer @ org.hibernate.proxy.pojo.cglib.cgliblazyinitializer.getproxyfactory(cgliblazyinitializer.java:117) @ org.hibernate.proxy.pojo.cglib.cglibproxyfactory.postinstantiate(cglibproxyfactory.java:43) @ org.hibernate.tuple.entity.pojoentitytuplizer.buildproxyfactory(pojoentitytuplizer.java:162) @ org.hibernate.tuple.entity.abstractentitytuplizer.<init>(abstractentitytuplizer.java:135) @ org.hibernate.tuple.entity.pojoentitytuplizer.<init>(pojoentitytuplizer.java:55) @ org.hibernate.tuple.e...
Read more

Accessing MATLAB's unicode strings from C -

Accessing MATLAB's unicode strings from C - how can access underlying unicode info of matlab strings through matlab engine or mex c interfaces? here's example. let's set unicode characters in utf-8 encoded file test.txt, read as fid=fopen('test.txt','r','l','utf-8'); s=fscanf(fid, '%s') in matlab. now if first feature('defaultcharacterset', 'utf-8') , c engevalstring(ep, "s") , output text file utf-8. proves matlab stores unicode internally. if mxarraytostring(enggetvariable(ep, "s")) , unicode2native(s, 'latin-1') give me in matlab: non-latin-1 characters replaced character code 26. need getting access underlying unicode info c string in unicode format (utf-8, utf-16, etc.), , preserving non-latin-1 characters. is possible? my platform os x, matlab r2012b. addendum: documentation explicitly states "[mxarraytostring()] supports multibyte encoded characters...
Read more

javascript - mongodb won't find my schema method in nested container -

javascript - mongodb won't find my schema method in nested container - i trying access method of schema stored within mixed container. here situation : have cases model can many different things, have schema each of these things stored in "casecontent" mixed property. var caseschema = mongoose.schema({ casecontent : {}, object : {type:string, default : "null"}, collision : {type : boolean, default : false} }); the casecontent property filled model of 1 of schemas, 1 exemple : var treeschema = new mongoose.schema({ applecount : {type : number, default : 3} }); treeschema.methods.dostuff = function (data) { console.log('hey, listen'); homecoming true; }; then, want utilize method of schema original container : caseschema.methods.dostuff = function (data) { if (this.casecontent.dostuff !== undefined) { this.casecontent.dostuff(); console.log('it worked'); } else { ...
Read more