Failed to map segment from shared object

Owned by Diego Duarte, created
Feb 01, 2024
2 min read

HiveMQ uses RocksDB for data persistence. RocksDB stores its data files within the location specified by the path defined by the environment variable ROCKSDB_SHAREDLIB_DIR or system property java.io.tmpdir to be writable so that it can copy out the librocksdbjni library.


Error Message

1) [Guice/ErrorInjectingConstructor]: UnsatisfiedLinkError: /tmp/librocksdbjni871811266372660609.so: /tmp/librocksdbjni871811266372660609.so: failed to map segment from shared object


Cause

  • RocksDB was attempting to extract its library to /tmp (default value) but was failing due to the read-only root filesystem.

  • Linux mounts tmpfs with the flag noexec for security reasons, which means RocksDB library librocksdbjni within the mount cannot be dynamically linked.

  • Linux distributions like Red Hat mount /tmp as a separate partition and add many restrictions on this partition to meet Security Policy compliance requirements.

 Solution


Workaround 1

Try to temporarily disable SELinux and see how the HiveMQ start process behaves.

sudo setenforce 0

Workaround 2

Check if noexec mount option is being used and preventing binaries from being executed in /tmp. Remounting /tmp with exec, or configure the application to use an executable alternate /tmp dir.

cat /proc/mounts | grep tmp

Workaround 3

Set Java temporary directory java.io.tmpdir to another temporary file directory.

  • Create a new temporary directory

  • Modify the run.sh file

  • Add the following line to change Java temporary directory java.io.tmpdir

Workaround 4

Granting user hivemq recursive read, write, and execute permissions on the /tmp partition can be achieved using the setfacl command with the -R (recursive) option. This will apply the specified permissions to all existing files and directories within /tmp. However, it's crucial to note that altering permissions in /tmp can have significant security implications, especially on a multi-user system.

  • Granting user hivemq permissions and ensuring that future files and directories created within /tmp inherit these permissions, here's how to do it

  • The -R option applies the command recursively.

  • The -m option modifies the ACL.

  • The -d option sets default permissions for new files and directories.