/
Failed to map segment from shared object

Failed to map segment from shared object

HiveMQ uses RocksDB for data persistence. RocksDB stores its data files within the location specified by the path defined by the environment variable ROCKSDB_SHAREDLIB_DIR or system property java.io.tmpdir to be writable so that it can copy out the librocksdbjni library.


Error Message

1) [Guice/ErrorInjectingConstructor]: UnsatisfiedLinkError: /tmp/librocksdbjni871811266372660609.so: /tmp/librocksdbjni871811266372660609.so: failed to map segment from shared object


Cause

  • RocksDB was attempting to extract its library to /tmp (default value) but was failing due to the read-only root filesystem.

  • Linux mounts tmpfs with the flag noexec for security reasons, which means RocksDB library librocksdbjni within the mount cannot be dynamically linked.

  • Linux distributions like Red Hat mount /tmp as a separate partition and add many restrictions on this partition to meet Security Policy compliance requirements.

 Solution


Workaround 1

Try to temporarily disable SELinux and see how the HiveMQ start process behaves.

sudo setenforce 0

Workaround 2

Check if noexec mount option is being used and preventing binaries from being executed in /tmp. Remounting /tmp with exec, or configure the application to use an executable alternate /tmp dir.

cat /proc/mounts | grep tmp

Workaround 3

Set Java temporary directory java.io.tmpdir to another temporary file directory.

  • Create a new temporary directory

sudo mkdir /tmp_hivemq

  • Modify the run.sh file

sudo nano /opt/hivemq/bin/run.sh

  • Add the following line to change Java temporary directory java.io.tmpdir

JAVA_OPTS="$JAVA_OPTS -Djava.io.tmpdir=/tmp_hivemq"

Workaround 4

Granting user hivemq recursive read, write, and execute permissions on the /tmp partition can be achieved using the setfacl command with the -R (recursive) option. This will apply the specified permissions to all existing files and directories within /tmp. However, it's crucial to note that altering permissions in /tmp can have significant security implications, especially on a multi-user system.

  • Granting user hivemq permissions and ensuring that future files and directories created within /tmp inherit these permissions, here's how to do it

sudo setfacl -R -d -m u:hivemq:rwx /tmp

  • The -R option applies the command recursively.

  • The -m option modifies the ACL.

  • The -d option sets default permissions for new files and directories.