[ https://issues.apache.org/jira/browse/DAEMON-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12743719#action_12743719 ]
Manuel Dominguez Sarmiento commented on DAEMON-16: -------------------------------------------------- Apparently this has something to do with permissions and being able to read /proc/self/maps This URL has an explanation and patch that is supposed to fix the issue by enabling CAP_DAC_READ_SEARCH capability http://crashingdaily.wordpress.com/2007/02/06/jrockit-liftoff/ Though the poster is not sure about the security implications. This is the proposed patch: — jsvc-unix.c.dist 2007-02-05 22:34:01.000000000 -0500 +++ jsvc-unix.c 2007-02-05 23:41:18.000000000 -0500 @@ -115,12 +115,15 @@ #define CAPSMAX (1 << CAP_NET_BIND_SERVICE)+ \ (1 << CAP_DAC_READ_SEARCH)+ \ (1 << CAP_DAC_OVERRIDE) -/* That a more reasonable configuration */ +/* That a more reasonable configuration. + CAP_DAC_READ_SEARCH permits reading /proc/self */ #define CAPS (1 << CAP_NET_BIND_SERVICE)+ \ + (1 << CAP_DAC_READ_SEARCH)+ \ (1 << CAP_SETUID)+ \ (1 << CAP_SETGID) /* probably the only one Java could use */ -#define CAPSMIN (1 << CAP_NET_BIND_SERVICE) +#define CAPSMIN (1 << CAP_NET_BIND_SERVICE)+ \ + (1 << CAP_DAC_READ_SEARCH) static int set_caps(int caps) { struct __user_cap_header_struct caphead; > [daemon] When changing UID in jsvc on fedora core 4, warning occurs: find_vma > failed > ------------------------------------------------------------------------------------ > > Key: DAEMON-16 > URL: https://issues.apache.org/jira/browse/DAEMON-16 > Project: Commons Daemon > Issue Type: Bug > Environment: Operating System: Linux > Platform: PC > Reporter: Brian Peter Thorsbro > > Greetings List. > I have searched a lot for information about this Warning I am getting when I > start up tomcat by using jsvc on my Fedora Core 4 platform, but I have not > been > able to find anything that helped me solve my problem. So now I am reporting > it > here. > I am using the Tomcat5.sh script supplied in the native folder. > I have tried 2 different scenarios: > 1. running jsvc with "-user tomcat" > 2. ommitting the -user option entirely (running it as root) > In scenario 1 I get the warning: > "Java HotSpot(TM) Server VM warning: Can't detect initial thread stack > location > - find_vma failed" (same message if I use the Client VM). > I do not get this warning in scenario 2. > If I use the script "catalina.sh" as the user tomcat I can start up the > webserver fine without warnings (though not on port 80 naturally). > System is Fedora Cora 4 > Tomcat is the the apache-tomcat-5.5.15.tar.gz > JDK/JRE is Suns jdk 1.5.0_06 for linux (rpm distribution) > (note I dont have any other java distributions installed, so fedora RPM name > clashes is not an issue) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.