Java“符号查找错误"使用setcap功能运行时用于JLI_InitArgProcessing [英] Java "symbol lookup error" for JLI_InitArgProcessing when running with setcap capabilities

问题描述

我们在用于监视网络接口流量的服务器上安装了Java 11.

We installed Java 11 on a server that is meant to monitor a network interface for traffic.

初始安装(yum install java-11-openjdk-devel.x86_64)后，java命令对于 root 和常规用户都可以正常使用.

After the initial installation (yum install java-11-openjdk-devel.x86_64) the java command works properly for both root and a regular user.

但是，我们的Java应用程序将不会以root身份运行.然后，我们运行:

However, our Java application will not be running as root. We then ran:

setcap cap_net_raw,cap_net_admin=eip /path/to/java

它设置功能，并以 root 身份运行java -version正常.

It sets the capabilities, and running java -version as root works fine.

但是在运行setcap 之后，当我尝试以普通用户身份运行java -version时，会看到:

But after running setcap, when I try to run java -version as a regular user, I see:

java: symbol lookup error: java: undefined symbol: JLI_InitArgProcessing

这似乎是预期的安全保护，如此处所述: Linux功能(setcap)似乎禁用了LD_LIBRARY_PATH

This seems to be an intended security protection as discussed here: Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH

但是我的问题是:我如何允许java在常规用户帐户下使用这些功能(网络数据包捕获)?

But my question is: How can I allow java to use these capabilities (network packet capture) under a regular user account?

注意:通过setcap -r /path/to/java取消功能设置后，普通用户可以再次运行java-因此，问题只与功能无关.

Note: Unsetting the capabilities via setcap -r /path/to/java allows a regular user to run java again - so the issue is isolated to capabilities.

推荐答案

我能够通过添加以下文件来解决此问题:

I was able to resolve this by adding this file:

/etc/ld.so.conf.d/java.conf

具有单行内容:

/usr/lib/jvm/java-11-openjdk-11.0.1.13-3.0.1.el7_6.x86_64/lib/jli

然后重新启动服务器.

很明显，该目录路径应指向您的特定JDK

这篇关于Java“符号查找错误"使用setcap功能运行时用于JLI_InitArgProcessing的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！