Environment details: RHEL 8.6 SELINUX set to ENFORCING /tmp mounted noexec
# java -version
openjdk version "1.8.0_342"
OpenJDK Runtime Environment (build 1.8.0_342-b07)
OpenJDK 64-Bit Server VM (build 25.342-b07, mixed mode)
Cassandra version 3.11.13-1
I am trying to set up Apache Cassandra on a fresh, hardened install of 8.6 but keep running into this error:
cat /var/log/cassandra/cassandra.log
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f011ed702ca, pid=12192, tid=0x00007f0148cce700
#
# JRE version: OpenJDK Runtime Environment (8.0_342-b07) (build 1.8.0_342-b07)
# Java VM: OpenJDK 64-Bit Server VM (25.342-b07 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C [jna3059002166232981348.tmp+0x122ca] ffi_prep_closure_loc+0x1a
cat /var/log/cassandra/system.log | grep ERROR
ERROR [main] 2022-07-27 20:01:26,374 NativeLibraryLinux.java:64 - Failed to link the C library against JNA. Native methods will be unavailable.
ERROR [main] 2022-07-27 20:01:26,376 CassandraDaemon.java:803 - The native library could not be initialized properly.
ERROR [main] 2022-07-27 21:31:47,383 CassandraDaemon.java:803 - Fatal exception during initialization
Some searching around brought me to this issue being caused by /tmp being mounted with noexec, so I am able to specify within Cassandra to set the java temp directory variables to /var/lib/cassandra/tmp by adding the below to /etc/cassandra/conf/cassandra-env.sh:
JVM_OPTS="$JVM_OPTS -Djna.tmpdir=/usr/share/cassandra/tmp"
JVM_OPTS="$JVM_OPTS -Djava.io.tmpdir=/usr/share/cassandra/tmp"
JVM_OPTS="$JVM_OPTS -Dorg.xerial.snappy.tempdir=/usr/share/cassandra/tmp"
However, this ONLY works if SELINUX is set to disabled. When SELINUX is set to disabled, I can start Cassandra without any errors. If I set SELINUX to even permissive, it fails to start with the same error as above. I am not able to find any AVC denials or logs that show that SELINUX is blocking anything to do with Java or Cassandra.
Stranger still is that if I set SELINUX to enforcing and I remove noexec from /tmp, Cassandra also works fine without any error.
I have been unable to pin point why Cassandra fails to start when I have both SELINUX set to enforcing and /tmp mounted noexec Any help or even explanation as to what could be causing this would be extremely appreciated!
