FULL PRODUCT VERSION :
jdk1.6.0_17
ADDITIONAL OS VERSION INFORMATION :
Linux mymachine 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
(Fedora 12, stock, installed on an EXT3 FS, with all packages installed.)
I also tried this on Ubuntu and Debian, and found the exact same behavior. All stock kernels.
A DESCRIPTION OF THE PROBLEM :
When I use setcap to give the 'java' binary the proper permission to allow unprivileged users to open ports lower than 1024, like this (as root):
# setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java
And then I subsequently run java as a non-root user:
$ java -version
I get the following output:
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
I'm able to resolve that by adding the JRE's jli library dir to a file in /etc/ld.so.conf.d and then re-running ldconfig. But, then running java -version again results in a busy loop where the JDK is apparently finding and loading a series of shared libraries over and over again, resulting in 100% CPU utilization.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. install the JDK
2. run this as root: setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java
3. run this as any non-root user: java -version
--or--
3. run any Java program as a non-root user.
To make the behavior go away, remove the file capability like this (as root):
# setcap -r /usr/java/jdk1.6.0_17/bin/java
and then Java works properly again.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expected Java to work the same as usual, and possibly allow non-root users to bind server ports to port numbers lower than 1024.
ACTUAL -
Error message about libjli.so not being found. Then, once I resolved that, Java would not start properly, using 100% CPU.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
java -version suffices.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
I found none.
jdk1.6.0_17
ADDITIONAL OS VERSION INFORMATION :
Linux mymachine 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
(Fedora 12, stock, installed on an EXT3 FS, with all packages installed.)
I also tried this on Ubuntu and Debian, and found the exact same behavior. All stock kernels.
A DESCRIPTION OF THE PROBLEM :
When I use setcap to give the 'java' binary the proper permission to allow unprivileged users to open ports lower than 1024, like this (as root):
# setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java
And then I subsequently run java as a non-root user:
$ java -version
I get the following output:
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
I'm able to resolve that by adding the JRE's jli library dir to a file in /etc/ld.so.conf.d and then re-running ldconfig. But, then running java -version again results in a busy loop where the JDK is apparently finding and loading a series of shared libraries over and over again, resulting in 100% CPU utilization.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. install the JDK
2. run this as root: setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java
3. run this as any non-root user: java -version
--or--
3. run any Java program as a non-root user.
To make the behavior go away, remove the file capability like this (as root):
# setcap -r /usr/java/jdk1.6.0_17/bin/java
and then Java works properly again.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expected Java to work the same as usual, and possibly allow non-root users to bind server ports to port numbers lower than 1024.
ACTUAL -
Error message about libjli.so not being found. Then, once I resolved that, Java would not start properly, using 100% CPU.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
java -version suffices.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
I found none.
- duplicates
-
JDK-7076745 JRE doesn't work with Linux capabilities
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-