hh_client error on Debian images: daemon_stubs.c: caml_disable_ASLR: failed to set personality

[MurzNN]

Describe the bug I have an error on Debian images when trying to launch the hh_client:

# hh_client 
error: daemon_stubs.c: caml_disable_ASLR: failed to set personality

It's reproducible on Debian 10 and 11 Docker images.

Standalone code, or other way to reproduce the problem Steps to reproduce the behavior:

1. Get the Debian 11 Docker image: docker run -it debian:11 bash
2. Install the hhvm:

   apt-get update && apt-get install -y apt-transport-https software-properties-common gnupg && apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 && add-apt-repository -y https://dl.hhvm.com/debian && apt-get update && apt-get install -y hhvm

3. Launch the hh_client:

Expected behavior All should work well.

Actual behavior The error is thrown:

# hh_client 
error: daemon_stubs.c: caml_disable_ASLR: failed to set personality

By the way, the hhvm launches well without errors:

$ hhvm -m server -vServer.AllowRunAsRoot=1
set_mempolicy: Operation not permitted
Failed to hugify the .text section

Environment

• Operating system

  Ubuntu 23.10 as a host system, Debian 11 inside Docker container.

• Installation method

  'apt-get with dl.hhvm.com repository'

• HHVM Version

  $ hhvm --version set_mempolicy: Operation not permitted HipHop VM 4.172.1 (rel) (non-lowptr) Compiler: 1674162730_422511890 Repo schema: 91835e79df9f5e16bf2efa9ec6f02ef7a742386c

Additional context It works well on Ubuntu Docker images.

[MurzNN]

The same is on Ubuntu 22.04 image, even with the new packaged packages from https://hhvm.com/blog/2022/08/30/experimenting-with-universal-deb-packages.html

[MurzNN]

Looking to sources: https://github.com/facebook/hhvm/blob/12af5a33618f5a8cca34b7b69eddb10b6d71c8ad/hphp/hack/src/utils/sys/daemon_stubs.c#L45 this error can be workarounded by setting the HHVM_DISABLE_PERSONALITY env variable to 1:

HHVM_DISABLE_PERSONALITY=1 hh_client

But what's the proper fix?

[lexidor]

Hi, I thought I'd chime in. I reported this issue when it originally surfaced in 4.139. When running in docker, some Linux capabilities are locked down. When running on bare Linux, hhvm uses them to unlock more performance. These env vars are a way to make hhvm not attempt these operations. They are also set in the official docker image. They apply to the whole container, not just individual commands. You might want to copy paste these lines from the docketfile. These env vars are the proper fix.

https://github.com/hhvm/hhvm-docker/commit/c36523fe62c92f7cb2dd9f0db5842448835116af

You may want to have a quick look and make sure you are also setting the numa env var. Thank you for creating such a detailed GH Issue. This made it really easy to confirm what problem you were running in to.

[lexidor]

I am closing this issue as Answered.