Reputation: 32094
Java "symbol lookup error" for JLI_InitArgProcessing when running with setcap capabilities
We installed Java 11 on a server that is meant to monitor a network interface for traffic.
After the initial installation (yum install java-11-openjdk-devel.x86_64) the java command works properly for both root and a regular user.
However, our Java application will not be running as root. We then ran:
setcap cap_net_raw,cap_net_admin=eip /path/to/java
It sets the capabilities, and running java -version as root works fine.
But after running setcap, when I try to run java -version as a regular user, I see:
java: symbol lookup error: java: undefined symbol: JLI_InitArgProcessing
This seems to be an intended security protection as discussed here: Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH
But my question is: How can I allow java to use these capabilities (network packet capture) under a regular user account?
Note: Unsetting the capabilities via setcap -r /path/to/java allows a regular user to run java again - so the issue is isolated to capabilities.
Upvotes: 2
Views: 2893
Answers (1)
Reputation: 32094
I was able to resolve this by adding this file:
/etc/ld.so.conf.d/java.conf
With the single-line contents:
/usr/lib/jvm/java-11-openjdk-11.0.1.13-3.0.1.el7_6.x86_64/lib/jli
And rebooting the server.
Obviously, that directory path should point to your specific JDK
Upvotes: 5
Related Questions
- java.lang.UnsupportedOperationException: 'posix:permissions' not supported as initial attribute on Windows
- Javac fails with "attempting to assign weaker access privileges" on intersection type
- Capabilities & Linux & Java
- PosixFilePermission causing UnsupportedOperationException in java
- How to overcome JpCap issue?
- assigning linux capability to one java process
- jpcap exception
- Error while trying to get Unix file Permissions in Java6
- Jpcap breaking the JVM
- Issue granting library load to Java code