Hello all, Greeting and happy new year to all. I am trying to sandbox a java application using selinux sandbox. System details: Redhat 6 | x86_64 | no x server install | jdk7 from oracle tar.gz version | cgred and cgconfig are stop The cmd (run as root) * sandbox /root/jdk/bin/java -version* above cmd failed with * /root/jdk/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory*
Digging, revealed that "libjli.so" is RPATH shared library. so i thought ok since sandbox is copying my bin/java to /tmp/sandbox_random therefore a hardcode path will not be found. Then i change the RPATH using "chrpath" utility and changed it to a hardcode value But still it showed the same error.
Then i used the -M -i option of sandbox and ran following command (i included all the .so file it complaint about):
* sandbox -M -i /root/jdk/lib/amd64/jli/libjli.so -i /root/jdk/jre/lib/amd64/libjava.so -i /root/jdk/jre/lib/amd64/jvm.cfg -i /root/jdk/jre/lib/amd64/server/libjvm.so -i /root/jdk/jre/lib/amd64/libverify.so -i /root/jdk/jre/lib/amd64/libzip.so /root/jdk/bin/java -version*
Following command resulted in this error: *Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fb039000000, 2555904, 1) failed; error='Permission denied' (errno=13)* *#* *# There is insufficient memory for the Java Runtime Environment to continue.* *# Native memory allocation (malloc) failed to allocate 2555904 bytes for committing reserved memory.* *# An error report file with more information is saved as:* *# /root/hs_err_pid1270.log*
Now i used the strace to see what happened and strace printed(small section) *clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb15b6359d0) = 8268* *close(4) = 0* *read(3, "", 1048576) = 0* *close(3) = 0* *wait4(8268, Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f4579000000, 2555904, 1) failed; error='Permission denied' (errno=13)*
I have enough space for sure
*Can you guys please indicate what might be wrong ?*