Ensure JNA temporary directory permits executables
editEnsure JNA temporary directory permits executables
editThis is only relevant for Linux.
Elasticsearch uses the Java Native Access (JNA) library, and another library called
libffi
, for executing some platform-dependent native code. On Linux, the
native code backing these libraries is extracted at runtime into a temporary
directory and then mapped into executable pages in Elasticsearch’s address space. This
requires the underlying files not to be on a filesystem mounted with the
noexec
option.
By default, Elasticsearch will create its temporary directory within /tmp
. However,
some hardened Linux installations mount /tmp
with the noexec
option by
default. This prevents JNA and libffi
from working correctly. For instance,
at startup JNA may fail to load with an java.lang.UnsatisfiedLinkerError
exception or with a message that says something similar to
failed to map segment from shared object
, or libffi
may report a message
such as failed to allocate closure
. Note that the exception messages can
differ between JVM versions. Additionally, the components of Elasticsearch that rely on
execution of native code via JNA may fail with messages indicating that it is
because JNA is not available
.
To resolve these problems, either remove the noexec
option from your /tmp
filesystem, or configure Elasticsearch to use a different location for its temporary
directory by setting the $ES_TMPDIR
environment variable. For
instance:
export ES_TMPDIR=/usr/share/elasticsearch/tmp
If you need finer control over the location of these temporary files, you can
also configure the path that JNA uses with the JVM flag
-Djna.tmpdir=<path>
and you can configure the path that libffi
uses for its
temporary files by setting the LIBFFI_TMPDIR
environment variable. Future
versions of Elasticsearch may need additional configuration, so you should prefer to set
ES_TMPDIR
wherever possible.