0

Background:

I have written a Java program to capture network packets. The code uses a wrapper API around libpcap and works nicely – as long as I run the program via sudo.

I am now trying to figure out how to set up things so that I can run the program as a "regular" user. Ultimately, it will be run on a system where I do not have sudo privilege.

After some investigation, a possible solution has been found that involves setting capabilities that provide privileged access in a specific way. Part of this involves setting the capabilities CAP_NET_RAW and CAP_NET_ADMIN to ei (e.g., sudo setcap 'CAP_NET_RAW=ei CAP_NET_ADMIN=ei' program).

The Problem:

So, I have done this for the java command on my system. Unfortunately, this has created a problem (which has been asked about by many in various forums) where, when java is invoked, the following message is displayed:

java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

This library does indeed exist and shows up in the list of libraries for the java command.

$ sudo find / -name libjli.so -print /opt/jdk1.7.0_79/lib/amd64/jli/libjli.so /opt/jdk1.7.0_79/jre/lib/amd64/jli/libjli.so /usr/java/jdk1.7.0_79/lib/amd64/jli/libjli.so /usr/java/jdk1.7.0_79/jre/lib/amd64/jli/libjli.so /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.35.x86_64/lib/amd64/jli/libjli.so /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.35.x86_64/jre/lib/amd64/jli/libjli.so 
$ which java /usr/bin/java 
$ ls -l /usr/bin/java lrwxrwxrwx. 1 root root 22 Jun 22 2015 /usr/bin/java -> /etc/alternatives/java 
$ ls -l /etc/alternatives/java lrwxrwxrwx. 1 root root 25 Jun 22 2015 /etc/alternatives/java -> /opt/jdk1.7.0_79/bin/java 
$ ls -l /opt/jdk1.7.0_79/bin/java -rwxr-xr-x. 1 uucp 143 7718 Apr 10 2015 /opt/jdk1.7.0_79/bin/java 
$ ldd /usr/bin/java linux-vdso.so.1 => (0x00007fff3f3fa000) libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003150c00000) libjli.so => /usr/java/jdk1.7.0_79/lib/amd64/jli/libjli.so (0x00007ff56d563000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003151000000) libc.so.6 => /lib64/libc.so.6 (0x0000003150800000) /lib64/ld-linux-x86-64.so.2 (0x0000003150400000)

BTW, I am using the Java 7 JDK, not the OpenJDK.

So, what's wrong here? Everything seems to be in place, yet it can't find what it needs. Does the fact that there are two versions of Java on the machine have anything to do it? Is there some other weird situation?

Based on my searches, this problem has been encountered by many, but I couldn't seem to find a reason, nor a solution.

Can anyone help with this?

UPDATE #1

Well, after a little more investigating, it appears that the problem is due to a "feature" in Java. The link below includes another link that gets to heart of the matter.

Problem to launch java at Debian: “error while loading shared libraries: libjli.so” with the embedded link Why setuid java programs don't work.

Based upon what I read in these, it would seem that running java with specific capabilities enabled is not allowed. Perhaps that will change at some point, with an improvement to Java security.

If anyone knows about this, or more importantly, knows that a solution has been provided, please comment.

Improve this question
1
  • please check architecture . I think libjli.so is 32 is not compatible Commented Jan 3, 2024 at 17:20

1 Answer 1

Reset to default
0

if you are in a chroot environment you need to mount /proc to make java work.

If you use "strace" you will see something like this: readlink("/proc/self/exe", "/usr/lib/jvm/java-8-openjdk-amd6"..., 4096) That means that Java first look at "/proc/self/exe" to know where to look for /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/../lib/amd64/jli/libjli.so. So if there is no /proc it can't find libjli.so

Best regards!

Improve this answer
4
  • Welcome to U&L! The OP doesn't mention a chroot environment, and mounting /proc shouldn't make a difference to either permissions or locating libraries. Commented Sep 26, 2018 at 19:02
  • 1
    If you use "strace" you will see something like this: readlink("/proc/self/exe", "/usr/lib/jvm/java-8-openjdk-amd6"..., 4096) That means that Java first look at "/proc/self/exe" to know where to look for /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/../lib/amd64/jli/libjli.so. So if there is no /proc it can't find libjli.so. The OP doesn't mention it, but "chroot" is the only reason I know to not finding /proc. Commented Sep 28, 2018 at 6:18
  • OK - that explanation would be more useful included as part of your answer (use the edit link), but it still doesn't seem relevant given that the OP already found the cause of the problem (see under "Update"). Commented Sep 28, 2018 at 6:46
  • If you can't mount /proc (because of security restrictions on the chroot environment) is there still a way to get Java to locate libjli.so? Commented Jul 14, 2019 at 1:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.