我的 Arch Linux 带有最新的 grsec-hardened 4.9.x Linux 内核,并安装了 paxd。但正因为如此,当我尝试运行 Java 时,出现以下错误:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x0000035ea1000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /home/[username]/hs_err_pid2813.log
现在,我过去遇到过这个错误,我设法告诉它允许 Java 执行此操作,但是我不记得也找不到如何执行此操作的资源。我看过这个答案paxctl,但是可惜,我的系统告诉我,即使我安装了 Arch wiki 上提到的所有与 grsec 相关的实用程序,也找不到该命令。
那么如何让它允许 Java 呢?
答案1
paxctl应该为你工作,
root #paxctl -h
PaX control v0.7
Copyright 2004,2005,2006,2007,2009,2010,2011,2012 PaX Team <[email protected]>
usage: paxctl <options> <files>
options:
-p: disable PAGEEXEC -P: enable PAGEEXEC
-e: disable EMUTRAMP -E: enable EMUTRAMP
-m: disable MPROTECT -M: enable MPROTECT
-r: disable RANDMMAP -R: enable RANDMMAP
-x: disable RANDEXEC -X: enable RANDEXEC
-s: disable SEGMEXEC -S: enable SEGMEXEC
-v: view flags -z: restore default flags
-q: suppress error messages -Q: report flags in short format
-c: convert PT_GNU_STACK into PT_PAX_FLAGS (see manpage!)
-C: create PT_PAX_FLAGS (see manpage!)
通常我会禁用所有这样的限制,
paxctl -pemrxs `which java`
尽管您也可以更直接地设置标志,而无需paxctl.例如,如果你想禁用那些mr你会做的:
sudo setfattr -n user.pax.flags -v "mr" `which java`