Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.cache directory ignores data_dir configuration #21223

Open
tommydehaas opened this issue Dec 19, 2024 · 3 comments · May be fixed by #21298
Open

.cache directory ignores data_dir configuration #21223

tommydehaas opened this issue Dec 19, 2024 · 3 comments · May be fixed by #21298
Assignees

Comments

@tommydehaas
Copy link

I recently upgraded to Graylog 6.1.4, and upon startup, the following errors are logged:

2024-12-19T09:28:08.903+01:00 WARN  [LinuxOperatingSystem] Did not find udev library in operating system. Some features may not work.
2024-12-19T09:28:08.905+01:00 ERROR [LinuxOperatingSystem] Did not JNA classes. Investigate incompatible version or missing native dll.

Graylog in debug mode provides additional information. It shows that libraries are being unpacked in /var/lib/graylog-server/.cache/. However, in our configuration, the /var file system is mounted with the noexec option. For this reason, the data_dir has already been updated to a file system without noexec, allowing libraries to be unpacked and loaded in the libnative folder.

This does not seem to apply in this case, as the .cache library continues to reference /var/lib/graylog-server/ despite the updated data_dir. Could this be a bug, or is there another reason why the .cache directory is not created in data_dir?

2024-12-19T09:28:08.898+01:00 DEBUG [Native] Looking in classpath from jdk.internal.loader.ClassLoaders$AppClassLoader@39ea3325 for /com/sun/jna/linux-x86-64/libjnidispatch.so
2024-12-19T09:28:08.898+01:00 DEBUG [Native] Found library resource at jar:file:/usr/share/graylog-server/graylog.jar!/com/sun/jna/linux-x86-64/libjnidispatch.so
2024-12-19T09:28:08.899+01:00 DEBUG [Native] Extracting library to /var/lib/graylog-server/.cache/JNA/temp/jna4198773543093867591.tmp
2024-12-19T09:28:08.901+01:00 DEBUG [Native] Trying /var/lib/graylog-server/.cache/JNA/temp/jna4198773543093867591.tmp
2024-12-19T09:28:08.903+01:00 WARN  [LinuxOperatingSystem] Did not find udev library in operating system. Some features may not work.
2024-12-19T09:28:08.905+01:00 ERROR [LinuxOperatingSystem] Did not JNA classes. Investigate incompatible version or missing native dll.
2024-12-19T09:28:08.907+01:00 DEBUG [FileUtil] Reading file /proc/self/auxv
2024-12-19T09:28:08.908+01:00 DEBUG [SystemStatsModule] Failed to load OSHI. Falling back to JMX implementations.
java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native
        at com.sun.jna.NativeLong.<clinit>(NativeLong.java:35) ~[graylog.jar:?]
        at oshi.util.FileUtil.readNativeLongFromBuffer(FileUtil.java:260) ~[graylog.jar:?]
        at oshi.driver.linux.proc.Auxv.queryAuxv(Auxv.java:39) ~[graylog.jar:?]
        at oshi.software.os.linux.LinuxOperatingSystem.<clinit>(LinuxOperatingSystem.java:124) ~[graylog.jar:?]
        at oshi.SystemInfo.createOperatingSystem(SystemInfo.java:85) ~[graylog.jar:?]
        at oshi.util.Memoizer$1.get(Memoizer.java:61) ~[graylog.jar:?]
        at oshi.SystemInfo.getOperatingSystem(SystemInfo.java:76) ~[graylog.jar:?]
        at org.graylog2.shared.system.stats.OshiService.<init>(OshiService.java:62) ~[graylog.jar:?]
        at org.graylog2.shared.system.stats.SystemStatsModule.configure(SystemStatsModule.java:52) [graylog.jar:?]
        at com.google.inject.AbstractModule.configure(AbstractModule.java:64) [graylog.jar:?]
        at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:426) [graylog.jar:?]
        at com.google.inject.spi.Elements.getElements(Elements.java:113) [graylog.jar:?]
        at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:160) [graylog.jar:?]
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107) [graylog.jar:?]
        at com.google.inject.Guice.createInjector(Guice.java:87) [graylog.jar:?]
        at com.google.inject.Guice.createInjector(Guice.java:69) [graylog.jar:?]
        at com.google.inject.Guice.createInjector(Guice.java:59) [graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.getPreflightInjector(ServerBootstrap.java:287) [graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.runPreflightWeb(ServerBootstrap.java:193) [graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.runPreFlightChecks(ServerBootstrap.java:179) [graylog.jar:?]
        at org.graylog2.bootstrap.ServerBootstrap.beforeInjectorCreation(ServerBootstrap.java:152) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.doRun(CmdLineTool.java:338) [graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:270) [graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:55) [graylog.jar:?]
Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.UnsatisfiedLinkError: /var/lib/graylog-server/.cache/JNA/temp/jna4198773543093867591.tmp: /var/lib/graylog-server/.cache/JNA/temp/jna4198773543093867591.tmp: failed to map segment from shared object [in thread "main"]
        at java.base/jdk.internal.loader.NativeLibraries.load(Native Method) ~[?:?]
        at java.base/jdk.internal.loader.NativeLibraries$NativeLibraryImpl.open(Unknown Source) ~[?:?]
        at java.base/jdk.internal.loader.NativeLibraries.loadLibrary(Unknown Source) ~[?:?]
        at java.base/jdk.internal.loader.NativeLibraries.loadLibrary(Unknown Source) ~[?:?]
        at java.base/java.lang.ClassLoader.loadLibrary(Unknown Source) ~[?:?]
        at java.base/java.lang.Runtime.load0(Unknown Source) ~[?:?]
        at java.base/java.lang.System.load(Unknown Source) ~[?:?]
        at com.sun.jna.Native.loadNativeDispatchLibraryFromClasspath(Native.java:1041) ~[graylog.jar:?]
        at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:1011) ~[graylog.jar:?]
        at com.sun.jna.Native.<clinit>(Native.java:221) ~[graylog.jar:?]
        at com.sun.jna.platform.linux.Udev.<clinit>(Udev.java:37) ~[graylog.jar:?]
        at oshi.software.os.linux.LinuxOperatingSystem.<clinit>(LinuxOperatingSystem.java:86) ~[graylog.jar:?]
        ... 20 more

Expected Behavior

I expect the .cache directory to be created in data_dir.

Current Behavior

The .cache directory is created in /var/lib/graylog-server regardless of the value set in data_dir.

Possible Solution

The .cache directory can be configured via server.conf or will be created in data_dir.

Context

Our systems are hardened. One of the requirements is to apply the noexec option to the /var filesystem, preventing files from being executed.

Your Environment

  • Graylog Version: 6.1.4
  • Java Version: (embedded JRE 17.0.13)
  • OpenSearch Version: 2.18.0
  • MongoDB Version: 6.0.19
  • Operating System: RHEL 8.10
  • Browser version: -
bernd added a commit that referenced this issue Jan 9, 2025
The JNA temp directory should reside in the libnative directory of the
configured data dir to allow users to change it.

Fixes #21223
@bernd bernd self-assigned this Jan 9, 2025
@bernd bernd linked a pull request Jan 9, 2025 that will close this issue
@bernd
Copy link
Member

bernd commented Jan 9, 2025

@tommydehaas Thanks for the report! The issue will be fixed in #21298. The fix will be part of the next stable release 6.1.6. (February)

As a workaround, you can set the jna.tmpdir system property via -Djna.tmpdir=<path>. You can add it to the GRAYLOG_SERVER_JAVA_OPTS variable in /etc/sysconfig/graylog-server.

@tommydehaas
Copy link
Author

@bernd Thank you so much for taking the time to fix this issue. I can confirm that the workaround works!

@bernd
Copy link
Member

bernd commented Jan 9, 2025

@bernd Thank you so much for taking the time to fix this issue. I can confirm that the workaround works!

You're welcome! Thanks for reporting back! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants