United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6919633 Runtime does not support POSIX File Capabilities (A.K.A. Linux Capabilities)
JDK-6919633 : Runtime does not support POSIX File Capabilities (A.K.A. Linux Capabilities)

Details
Type:
Bug
Submit Date:
2010-01-25
Status:
Closed
Updated Date:
2011-08-23
Project Name:
JDK
Resolved Date:
2010-07-21
Component:
tools
OS:
linux_ubuntu,linux
Sub-Component:
launcher
CPU:
x86
Priority:
P3
Resolution:
Cannot Reproduce
Affected Versions:
6u17,7
Fixed Versions:

Related Reports
Duplicate:
Relates:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
jdk1.6.0_17

ADDITIONAL OS VERSION INFORMATION :
Linux mymachine 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
(Fedora 12, stock, installed on an EXT3 FS, with all packages installed.)

I also tried this on Ubuntu and Debian, and found the exact same behavior.  All stock kernels.



A DESCRIPTION OF THE PROBLEM :
When I use setcap to give the 'java' binary the proper permission to allow unprivileged users to open ports lower than 1024, like this (as root):

# setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java

And then I subsequently run java as a non-root user:

$ java -version

I get the following output:

java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

I'm able to resolve that by adding the JRE's jli library dir to a file in /etc/ld.so.conf.d and then re-running ldconfig.  But, then running java -version again results in a busy loop where the JDK is apparently finding and loading a series of shared libraries over and over again, resulting in 100% CPU utilization.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. install the JDK
2. run this as root: setcap cap_net_bind_service=ep /usr/java/jdk1.6.0_17/bin/java
3. run this as any non-root user: java -version
--or--
3. run any Java program as a non-root user.

  To make the behavior go away, remove the file capability like this (as root):

# setcap -r /usr/java/jdk1.6.0_17/bin/java

and then Java works properly again.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expected Java to work the same as usual, and possibly allow non-root users to bind server ports to port numbers lower than 1024.

ACTUAL -
Error message about libjli.so not being found.  Then, once I resolved that, Java would not start properly, using 100% CPU.


ERROR MESSAGES/STACK TRACES THAT OCCUR :
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
java -version suffices.

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
I found none.

                                    

Comments
PUBLIC COMMENTS

See the email thread at:
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2010-May/009112.html
                                     
2010-05-07
EVALUATION

With jdk7 it is not reproducible, this seems to be fixed by the positive side effects of fixing 6367077.

I am closing this as "Not Reproducible" in jdk 7.

Note: when using the setcap the libraries needed by the java launcher
should be present in /usr/lib or any other "trusted" location that the
runtime loader (rtld) uses to find shared libraries.
                                     
2010-07-21



Hardware and Software, Engineered to Work Together