Reputation: 197
Alpine Linux, Non-Root User, Java 7, Setcap: libjli.so: No such file or directory (needed by java)
On an Alpine Linux docker container I have created. I have set up a non-root user to run my java (jboss) server. I am trying to give it access to run on ports < 1024. As a result, I have had to use setcap in order to provide Java with the permissions in order to run on ports < 1024.
Please note that authbind does not yet exist on Alpine Linux, so this is not an option. Setcap is the recommended approach. See the final comment: https://github.com/gliderlabs/docker-alpine/issues/166
$ setcap cap_net_bind_service=+eip /opt/jdk1.7.0_51/bin/java \
cap_net_bind_service=+eip /opt/jdk1.7.0_51/jre/bin/java
However, per Oracle, there is a known bug (and workaround) that resolves the setcap problem: http://bugs.java.com/view_bug.do?bug_id=7157699
Basically, they recommend creating a file with the below contents. Please note that I have installed java into "/opt/jdk1.7.0_51", and this is a 64 bit version, so the directory paths are different.
$ mkdir -p /etc/ld.so.conf.d
$ echo "/opt/jdk1.7.0_51/jre/lib/amd64/jli" > /etc/ld.so.conf.d/java.conf
$ cat /etc/ld.so.conf.d/java.conf
/opt/jdk1.7.0_51/jre/lib/amd64/jli
However, this did not work. I have also tried creating links to the file:
$ ln -s /opt/jdk1.7.0_51/jre/lib/amd64/jli/libjli.so /lib64/
$ ls -al /lib64
...
... libjli.so -> /opt/jdk1.7.0_51/jre/lib/amd64/jli/libjli.so
...
$ ls /opt/jdk1.7.0_51/jre/lib/amd64/jli/
libjli.so
This also did not work. I have tried debugging the problem as recommended in the original post using ldconfig:
$ ldconfig | grep libjli
This doesn't work. Alpine runs a customer version of ldconfig with little documentation, so I haven't figured out exactly what to do.
Regardless, everytime I try to debug using ldd, I still get this error:
$ /opt/jdk1.7.0_51/jre/bin$ ldd java
/lib64/ld-linux-x86-64.so.2 (0x55901c23e000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x55901c23e000)
Error loading shared library libjli.so: No such file or directory (needed by java)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x55901c23e000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x55901c23e000)
Error relocating java: JLI_Launch: symbol not found
I don't know what more I can possibly do at this point. I wanted to avoid changing our software again to get it to work under alpine, as that requires a release process and can potentially impact customers who are not yet on Docker. I don't really want to touch the ports again because they are working under root. I will have to go through another debug process to configure the load balancer, docker port redirection, customize recompile and debug our software, and then retest all of the above to make sure our automated scripts deploy it all correctly. This is something I'd perfer to avoid.
Anyone have suggestions?
Upvotes: 2
Views: 3276
Answers (1)
Reputation: 96
The problem with libjli.so seems to be that the Oracle JDK are built using glibc whereas Alpine uses musl libc.
Issues for Java 8 have been opened for this, I guess they are also valid for Java 7:
There is this Docker image that provides glibc for Alpine, you may be able to use it as a base. It has been used to build a Oracle JDK 8 image.
Upvotes: 0
Related Questions
- Docker alpine + oracle java: cannot find java
- UnsatisfiedLinkError: no fontmanager in system library path: /usr/lib/jvm/java-17-openjdk/lib
- How to install oracle jdk11 in Alpine linux docker image?
- Can't run docker image
- Alpine Linux - javac not found
- OpenJDK9 Missing in Alpine Linux
- Problem with Tomcat Docker Image and the software
- Permission error running a JAR as non-root user on Docker
- Why can run Java program manually in a Docker image but not as an ENTRYPOINT
- Docker image openjdk:8-jdk-alpine fails to execute a simple command