| Summary: | Unable to start any java-vm on hardened gentoo icedtea-bin-6.1.11.5: Could not reserve enough space for code cache | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | bsod |
| Component: | [OLD] Unspecified | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | java |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
Same error when trying to emerge oracle java
My Kernel Configuration emerge --info |
||
Created attachment 338686 [details]
Same error when trying to emerge oracle java
Created attachment 338688 [details]
My Kernel Configuration
Created attachment 338690 [details]
emerge --info
After upgrading to hardened-sources-3.7.6 java is working fine, so this seems to be a bug in the 3.7.4-hardened-r1 kernel. (In reply to bsod from comment #4) > After upgrading to hardened-sources-3.7.6 java is working fine, so this > seems to be a bug in the 3.7.4-hardened-r1 kernel. Closeing it for looks like it works for the user with a updated kernel. |
It could be a missconfiguration on my part, but I read the following (maybe related) bugs: 389751 and 344135 mediaserv-gentoo ~ # java -version Error occurred during initialization of VM Could not reserve enough space for code cache mediaserv-gentoo ~ # java -Xms64m -Xmx64m Error occurred during initialization of VM Could not reserve enough space for code cache mediaserv-gentoo ~ # java -server -Xms64m -Xmx64m Error occurred during initialization of VM Could not reserve enough space for code cache mediaserv-gentoo ~ # java -client -Xms64m -Xmx64m Error occurred during initialization of VM Could not reserve enough space for code cache mediaserv-gentoo ~ # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 27432 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 2144 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 27432 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited mediaserv-gentoo ~ # free total used free shared buffers cached Mem: 3515788 1882368 1633420 0 536360 801068 -/+ buffers/cache: 544940 2970848 Swap: 16383996 14276 16369720 The default PAX Settings are: mediaserv-gentoo ~ # paxctl -v /opt/icedtea-bin-6.1.11.5/bin/java PaX control v0.7 Copyright 2004,2005,2006,2007,2009,2010,2011,2012 PaX Team <pageexec@freemail.hu> - PaX flags: -----m-x-e-- [/opt/icedtea-bin-6.1.11.5/bin/java] MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled I tried with all disabled: mediaserv-gentoo ~ # paxctl -v /opt/icedtea-bin-6.1.11.5/bin/java PaX control v0.7 Copyright 2004,2005,2006,2007,2009,2010,2011,2012 PaX Team <pageexec@freemail.hu> - PaX flags: -p-s-m-x-e-r [/opt/icedtea-bin-6.1.11.5/bin/java] PAGEEXEC is disabled SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled mediaserv-gentoo ~ # java-config-2 -L The following VMs are available for generation-2: *) IcedTea JDK 6.1.11.5 [icedtea-bin-6] I tried http://serverfault.com/questions/438670/can-not-run-java-inside-grsec-chroot but "Sanitize all freed memory" was not enabled in my kernel and after changing the jvm.cfg I get: mediaserv-gentoo ~ # java -version Error: no `client' JVM at `/opt/icedtea-bin-6.1.11.5/jre/lib/amd64/client/libjvm.so'. Note: This doesn't only happen for the icedtea-bin but also for other java-vms like dev-java/oracle-jre-bin-1.7.0.13 (see attachment for emerge log) Reproducible: Always Steps to Reproduce: 1.emerge icedtea-bin 2.java -version Actual Results: Error occurred during initialization of VM Could not reserve enough space for code cache Expected Results: Print version information Selinux is compiled into the kernel but currently disabled. mediaserv-gentoo ~ # gunzip < /proc/config.gz | grep -i pax CONFIG_PAX_KERNEXEC_PLUGIN=y CONFIG_PAX_PER_CPU_PGD=y CONFIG_PAX_USERCOPY_SLABS=y # PaX CONFIG_PAX=y # PaX Control # CONFIG_PAX_SOFTMODE is not set # CONFIG_PAX_PT_PAX_FLAGS is not set CONFIG_PAX_XATTR_PAX_FLAGS=y # CONFIG_PAX_NO_ACL_FLAGS is not set CONFIG_PAX_HAVE_ACL_FLAGS=y # CONFIG_PAX_HOOK_ACL_FLAGS is not set CONFIG_PAX_NOEXEC=y CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set # CONFIG_PAX_ELFRELOCS is not set CONFIG_PAX_KERNEXEC=y # CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS is not set CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR=y CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="or" CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y CONFIG_PAX_MEMORY_STACKLEAK=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y CONFIG_PAX_USERCOPY=y CONFIG_PAX_SIZE_OVERFLOW=y CONFIG_PAX_LATENT_ENTROPY=y mediaserv-gentoo ~ # gunzip < /proc/config.gz | grep -i grkern CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_CONFIG_AUTO is not set CONFIG_GRKERNSEC_CONFIG_CUSTOM=y # CONFIG_GRKERNSEC_KMEM is not set # CONFIG_GRKERNSEC_IO is not set # CONFIG_GRKERNSEC_RAND_THREADSTACK is not set CONFIG_GRKERNSEC_PROC_MEMMAP=y # CONFIG_GRKERNSEC_BRUTE is not set # CONFIG_GRKERNSEC_MODHARDEN is not set # CONFIG_GRKERNSEC_HIDESYM is not set # CONFIG_GRKERNSEC_KERN_LOCKOUT is not set # CONFIG_GRKERNSEC_NO_RBAC is not set # CONFIG_GRKERNSEC_ACL_HIDEKERN is not set CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # CONFIG_GRKERNSEC_PROC is not set # CONFIG_GRKERNSEC_LINK is not set # CONFIG_GRKERNSEC_SYMLINKOWN is not set # CONFIG_GRKERNSEC_FIFO is not set # CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set # CONFIG_GRKERNSEC_ROFS is not set # CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL is not set # CONFIG_GRKERNSEC_CHROOT is not set # CONFIG_GRKERNSEC_AUDIT_GROUP is not set # CONFIG_GRKERNSEC_EXECLOG is not set # CONFIG_GRKERNSEC_RESLOG is not set # CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set # CONFIG_GRKERNSEC_AUDIT_PTRACE is not set # CONFIG_GRKERNSEC_AUDIT_CHDIR is not set # CONFIG_GRKERNSEC_AUDIT_MOUNT is not set # CONFIG_GRKERNSEC_SIGNAL is not set # CONFIG_GRKERNSEC_FORKFAIL is not set # CONFIG_GRKERNSEC_TIME is not set # CONFIG_GRKERNSEC_PROC_IPADDR is not set # CONFIG_GRKERNSEC_RWXMAP_LOG is not set # CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set # CONFIG_GRKERNSEC_DMESG is not set # CONFIG_GRKERNSEC_HARDEN_PTRACE is not set # CONFIG_GRKERNSEC_PTRACE_READEXEC is not set # CONFIG_GRKERNSEC_SETXID is not set # CONFIG_GRKERNSEC_TPE is not set # CONFIG_GRKERNSEC_RANDNET is not set # CONFIG_GRKERNSEC_BLACKHOLE is not set # CONFIG_GRKERNSEC_NO_SIMULT_CONNECT is not set # CONFIG_GRKERNSEC_SOCKET is not set # CONFIG_GRKERNSEC_SYSCTL is not set # CONFIG_GRKERNSEC_SELINUX_AVC_LOG_IPADDR is not set CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=6