[
https://issues.apache.org/jira/browse/DAEMON-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12743719#action_12743719
]
Manuel Dominguez Sarmiento commented on DAEMON-16:
--------------------------------------------------
Apparently this has something to do with permissions and being able to read
/proc/self/maps
This URL has an explanation and patch that is supposed to fix the issue by
enabling CAP_DAC_READ_SEARCH capability
http://crashingdaily.wordpress.com/2007/02/06/jrockit-liftoff/
Though the poster is not sure about the security implications.
This is the proposed patch:
— jsvc-unix.c.dist 2007-02-05 22:34:01.000000000 -0500
+++ jsvc-unix.c 2007-02-05 23:41:18.000000000 -0500
@@ -115,12 +115,15 @@
#define CAPSMAX (1 << CAP_NET_BIND_SERVICE)+ \
(1 << CAP_DAC_READ_SEARCH)+ \
(1 << CAP_DAC_OVERRIDE)
-/* That a more reasonable configuration */
+/* That a more reasonable configuration.
+ CAP_DAC_READ_SEARCH permits reading /proc/self */
#define CAPS (1 << CAP_NET_BIND_SERVICE)+ \
+ (1 << CAP_DAC_READ_SEARCH)+ \
(1 << CAP_SETUID)+ \
(1 << CAP_SETGID)
/* probably the only one Java could use */
-#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)
+#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)+ \
+ (1 << CAP_DAC_READ_SEARCH)
static int set_caps(int caps)
{
struct __user_cap_header_struct caphead;
> [daemon] When changing UID in jsvc on fedora core 4, warning occurs: find_vma
> failed
> ------------------------------------------------------------------------------------
>
> Key: DAEMON-16
> URL: https://issues.apache.org/jira/browse/DAEMON-16
> Project: Commons Daemon
> Issue Type: Bug
> Environment: Operating System: Linux
> Platform: PC
> Reporter: Brian Peter Thorsbro
>
> Greetings List.
> I have searched a lot for information about this Warning I am getting when I
> start up tomcat by using jsvc on my Fedora Core 4 platform, but I have not
> been
> able to find anything that helped me solve my problem. So now I am reporting
> it
> here.
> I am using the Tomcat5.sh script supplied in the native folder.
> I have tried 2 different scenarios:
> 1. running jsvc with "-user tomcat"
> 2. ommitting the -user option entirely (running it as root)
> In scenario 1 I get the warning:
> "Java HotSpot(TM) Server VM warning: Can't detect initial thread stack
> location
> - find_vma failed" (same message if I use the Client VM).
> I do not get this warning in scenario 2.
> If I use the script "catalina.sh" as the user tomcat I can start up the
> webserver fine without warnings (though not on port 80 naturally).
> System is Fedora Cora 4
> Tomcat is the the apache-tomcat-5.5.15.tar.gz
> JDK/JRE is Suns jdk 1.5.0_06 for linux (rpm distribution)
> (note I dont have any other java distributions installed, so fedora RPM name
> clashes is not an issue)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
