vincenzopalazzo
commented
2 years ago Mh this is a very strange issue, what version of java you do have? (java --version)
and also, what os you are using?
Closed sha-265 closed 2 years ago
vincenzopalazzo
commented
2 years ago Mh this is a very strange issue, what version of java you do have? (java --version)
and also, what os you are using?
sha-265
commented
2 years ago Hi @vincenzopalazzo,
I'm using Debian with OpenJDK:
openjdk 11.0.13 2021-10-19 OpenJDK Runtime Environment (build 11.0.13+8-post-Debian-1deb10u1) OpenJDK Server VM (build 11.0.13+8-post-Debian-1deb10u1, mixed mode, sharing)
vincenzopalazzo
commented
2 years ago HI @sha-265,
So this error is strange because I'm running the plugin for months on debian with the OpenJDK version, and I don't have this problem.
I read somethings about permission error on linux env https://community.oracle.com/tech/developers/discussion/2077930/cannot-restore-segment-prot-after-reloc-permission-denied and this give me some idea that the problem can be related to the user permission?
Or any idea how to reproduce this problem?
In addition, there is also an OpenJDK issue here https://bugs.openjdk.java.net/browse/JDK-6538311 where several fixes are suggested, but all at os level, do you find these resources helpful?
sha-265
commented
2 years ago @vincenzopalazzo, are you running c-lightning as systemd unit with MemoryDenyWriteExecute set to true? Because this problem occurs only under this condition. If I'm running c-lightning with the plugin and MemoryDenyWriteExecute set to false, it's working great.
I think all the issues you mentioned, related to selinux, which I have disabled on my system. As I mentioned the problem related to the systemd's MemoryDenyWriteExecute setting.
vincenzopalazzo
commented
2 years ago HI @sha-265,
Sorry for the delay here. You have right, I'm not using systems and also I don't know how MemoryDenyWriteExecute works.
I need to make some research before telling what can be the problem, but it looks like that there is some os permission error. The only way to solve this I think is to see if we need to change the way that runs the JVM or compile the jar.
In summary, what is the goal that you want achieve with MemoryDenyWriteExecute?
sha-265
commented
2 years ago In summary, what is the goal that you want achieve with MemoryDenyWriteExecute?
@vincenzopalazzo it's a generic security measure for systemd units, so I'm just trying to achieve better security for my node I guess.
vincenzopalazzo
commented
2 years ago ok I'm back @sha-265.
I opened a talk on Reddit and a person pointed me out the systemd doc that says the following
Note that this option is incompatible with programs and libraries that generate program code dynamically at runtime, including JIT execution engines, executable stacks, and code "trampoline" feature of various C compilers.
You can see more here https://www.reddit.com/r/javahelp/comments/rwto7p/comment/hrefk6f/?utm_source=share&utm_medium=web2x&context=3
doc reference https://www.freedesktop.org/software/systemd/man/systemd.exec.html
I think we can't do-nothings about that.
When running c-lightning with the plugin enabled, under systemd unit with
MemoryDenyWriteExecuteset to true, c-lightning is crashing with error:Anyway to solve it without disabling
MemoryDenyWriteExecute?