[
https://issues.apache.org/jira/browse/KAFKA-17227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17870289#comment-17870289
]
Rob Young commented on KAFKA-17227:
-----------------------------------
I was interested if the same was true for snappy which also packs native libs,
and can see the same type of exception when I try to produce with snappy
compression with a noexec temp dir.
After starting up the broker using Josep's commands above and then podman
execing into the container in another terminal:
```
227f03903dac:/opt/kafka$ export KAFKA_OPTS="-DZstdTempFolder=/opt/kafka/tmp"
227f03903dac:/opt/kafka$ ./bin/kafka-console-producer.sh --bootstrap-server
localhost:9092 --topic 1 --compression-codec snappy
>a
[2024-08-01 21:10:15,638] WARN [Producer clientId=console-producer] Error while
fetching metadata with correlation id 6 : {1=UNKNOWN_TOPIC_OR_PARTITION}
(org.apache.kafka.clients.NetworkClient)
org.apache.kafka.common.KafkaException: java.lang.UnsatisfiedLinkError:
/tmp/snappy-1.1.10-1d07d4d6-2cb1-4b26-bc59-7c965a70bfde-libsnappyjava.so: Error
loading shared library
/tmp/snappy-1.1.10-1d07d4d6-2cb1-4b26-bc59-7c965a70bfde-libsnappyjava.so:
Operation not permitted
```
xerial snappy also supports [a system
prop|https://github.com/xerial/snappy-java/blob/bad35791e13ccff89dc47896ea809138c42d5d7d/src/main/java/org/xerial/snappy/SnappyLoader.java#L67]
for overriding the temp dir `-Dorg.xerial.snappy.tempdir=/opt/kafka/tmp`
After restarting the broker with that system prop set, and then running the
console producer with that system prop set, the produce succeeded.
> Apache Kafka 3.8.0 /tmp exec permission
> ---------------------------------------
>
> Key: KAFKA-17227
> URL: https://issues.apache.org/jira/browse/KAFKA-17227
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.8.0
> Reporter: Francisco Martinez
> Assignee: Josep Prat
> Priority: Major
> Attachments: kafka_issue.png
>
>
> I have just downloaded and installed new Apache Kafka version 3.8.0.
> It does not work for me (version 3.7.1 works fine).
> In SLES 15 SP5, i have configured /etc/fstab to do not have exec permission
> for the /tmp partition (noexec) (as suggested by the CIS benchmark).
> Then the Kafka service does not start. Even the kafka-storage.sh script
> cannot be executed to create the Kafka storage in /tmp/kraft-combined-logs.
> The error reported (in all cases) is exception
> java.lang.UnsatisfiedLinkError: /tmp/lib/libzstd-jni-1.5.6-3.....so: failed
> to map segment from shared object. The error does not appear if i enable
> again the exec permission in /tmp (i.e. mount -o remount,exec /tmp).
> It seems that the zstd-jni-1.5.6-3.jar library is tried to be loaded (even in
> the case the compression is disabled by default in producer.properties:
> compression.type=none). Inside the jar file there is for example
> lizstd-jni-1.5.6-3.so for amd64 architecture that is used by the jar, and for
> that purpose it is copied to /tmp. But if the /tmp does not have execution
> permissions, the Apache Kafka processes don't start.
> Maybe the issue is in zstd-jni and has to be solved in zstd-jni, or maybe the
> library could be imported only when necessary (only in case the compression
> is used) to minimize the issue with zstd-jni.
> Thanks and regards.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
