Java“符号查找错误"使用setcap功能运行时用于JLI_InitArgProcessing [英] Java "symbol lookup error" for JLI_InitArgProcessing when running with setcap capabilities
问题描述
我们在用于监视网络接口流量的服务器上安装了Java 11.
We installed Java 11 on a server that is meant to monitor a network interface for traffic.
初始安装(yum install java-11-openjdk-devel.x86_64
)后,java
命令对于 root 和常规用户都可以正常使用.
After the initial installation (yum install java-11-openjdk-devel.x86_64
) the java
command works properly for both root and a regular user.
但是,我们的Java应用程序将不会以root身份运行.然后,我们运行:
However, our Java application will not be running as root. We then ran:
setcap cap_net_raw,cap_net_admin=eip /path/to/java
它设置功能,并以 root 身份运行java -version
正常.
It sets the capabilities, and running java -version
as root works fine.
但是在运行setcap 之后,当我尝试以普通用户身份运行java -version
时,会看到:
But after running setcap, when I try to run java -version
as a regular user, I see:
java: symbol lookup error: java: undefined symbol: JLI_InitArgProcessing
这似乎是预期的安全保护,如此处所述: Linux功能(setcap)似乎禁用了LD_LIBRARY_PATH
This seems to be an intended security protection as discussed here: Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH
但是我的问题是:我如何允许java
在常规用户帐户下使用这些功能(网络数据包捕获)?
But my question is: How can I allow java
to use these capabilities (network packet capture) under a regular user account?
注意:通过setcap -r /path/to/java
取消功能设置后,普通用户可以再次运行java
-因此,问题只与功能无关.
Note: Unsetting the capabilities via setcap -r /path/to/java
allows a regular user to run java
again - so the issue is isolated to capabilities.
推荐答案
我能够通过添加以下文件来解决此问题:
I was able to resolve this by adding this file:
/etc/ld.so.conf.d/java.conf
具有单行内容:
/usr/lib/jvm/java-11-openjdk-11.0.1.13-3.0.1.el7_6.x86_64/lib/jli
然后重新启动服务器.
很明显,该目录路径应指向您的特定JDK
这篇关于Java“符号查找错误"使用setcap功能运行时用于JLI_InitArgProcessing的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!