38 lines
1.8 KiB
Plaintext
38 lines
1.8 KiB
Plaintext
[[executable-jna-tmpdir]]
|
|
=== JNA temporary directory not mounted with `noexec`
|
|
|
|
[NOTE]
|
|
This is only relevant for Linux.
|
|
|
|
{es} uses the Java Native Access (JNA) library, and another library called
|
|
`libffi`, for executing some platform-dependent native code. On Linux, the
|
|
native code backing these libraries is extracted at runtime into a temporary
|
|
directory and then mapped into executable pages in {es}'s address space. This
|
|
requires the underlying files not to be on a filesystem mounted with the
|
|
`noexec` option.
|
|
|
|
By default, {es} will create its temporary directory within `/tmp`. However,
|
|
some hardened Linux installations mount `/tmp` with the `noexec` option by
|
|
default. This prevents JNA and `libffi` from working correctly. For instance,
|
|
at startup JNA may fail to load with an `java.lang.UnsatisfiedLinkerError`
|
|
exception or with a message that says something similar to
|
|
`failed to map segment from shared object`. Note that the exception message can
|
|
differ amongst JVM versions. Additionally, the components of {es} that rely on
|
|
execution of native code via JNA may fail with messages indicating that it is
|
|
`because JNA is not available`.
|
|
|
|
To resolve these problems, either remove the `noexec` option from your `/tmp`
|
|
filesystem, or configure {es} to use a different location for its temporary
|
|
directory by setting the <<es-tmpdir,`$ES_TMPDIR`>> environment variable. For
|
|
instance:
|
|
|
|
["source","sh",subs="attributes"]
|
|
--------------------------------------------
|
|
export ES_TMPDIR=/usr/share/elasticsearch/tmp
|
|
--------------------------------------------
|
|
|
|
Alternatively, you can configure the path that JNA uses for its temporary files
|
|
with the <<set-jvm-options,JVM flag>> `-Djna.tmpdir=<path>` and you can
|
|
configure the path that `libffi` uses for its temporary files with the
|
|
`LIBFFI_TMPDIR` environment variable.
|