commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manuel Dominguez Sarmiento (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DAEMON-16) [daemon] When changing UID in jsvc on fedora core 4, warning occurs: find_vma failed
Date Sat, 15 Aug 2009 14:36:14 GMT

    [ https://issues.apache.org/jira/browse/DAEMON-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12743719#action_12743719
] 

Manuel Dominguez Sarmiento commented on DAEMON-16:
--------------------------------------------------

Apparently this has something to do with permissions and being able to read /proc/self/maps

This URL has an explanation and patch that is supposed to fix the issue by enabling CAP_DAC_READ_SEARCH
capability
http://crashingdaily.wordpress.com/2007/02/06/jrockit-liftoff/

Though the poster is not sure about the security implications.

This is the proposed patch:

— jsvc-unix.c.dist 2007-02-05 22:34:01.000000000 -0500
+++ jsvc-unix.c 2007-02-05 23:41:18.000000000 -0500
@@ -115,12 +115,15 @@
#define CAPSMAX (1 << CAP_NET_BIND_SERVICE)+ \
(1 << CAP_DAC_READ_SEARCH)+ \
(1 << CAP_DAC_OVERRIDE)
-/* That a more reasonable configuration */
+/* That a more reasonable configuration.
+ CAP_DAC_READ_SEARCH permits reading /proc/self */
#define CAPS (1 << CAP_NET_BIND_SERVICE)+ \
+ (1 << CAP_DAC_READ_SEARCH)+ \
(1 << CAP_SETUID)+ \
(1 << CAP_SETGID)
/* probably the only one Java could use */
-#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)
+#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)+ \
+ (1 << CAP_DAC_READ_SEARCH)
static int set_caps(int caps)
{
struct __user_cap_header_struct caphead;

> [daemon] When changing UID in jsvc on fedora core 4, warning occurs: find_vma failed
> ------------------------------------------------------------------------------------
>
>                 Key: DAEMON-16
>                 URL: https://issues.apache.org/jira/browse/DAEMON-16
>             Project: Commons Daemon
>          Issue Type: Bug
>         Environment: Operating System: Linux
> Platform: PC
>            Reporter: Brian Peter Thorsbro
>
> Greetings List.
> I have searched a lot for information about this Warning I am getting when I
> start up tomcat by using jsvc on my Fedora Core 4 platform, but I have not been
> able to find anything that helped me solve my problem. So now I am reporting it
> here.
> I am using the Tomcat5.sh script supplied in the native folder.
> I have tried 2 different scenarios:
> 1. running jsvc with "-user tomcat"
> 2. ommitting the -user option entirely (running it as root)
> In scenario 1 I get the warning:
> "Java HotSpot(TM) Server VM warning: Can't detect initial thread stack location
> - find_vma failed"   (same message if I use the Client VM).
> I do not get this warning in scenario 2.
> If I use the script "catalina.sh" as the user tomcat I can start up the
> webserver fine without warnings (though not on port 80 naturally).
> System is Fedora Cora 4
> Tomcat is the the apache-tomcat-5.5.15.tar.gz
> JDK/JRE is Suns jdk 1.5.0_06 for linux (rpm distribution)
> (note I dont have any other java distributions installed, so fedora RPM name
> clashes is not an issue)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message