问题
We installed Java 11 on a server that is meant to monitor a network interface for traffic.
After the initial installation (yum install java-11-openjdk-devel.x86_64) the java command works properly for both root and a regular user.
However, our Java application will not be running as root. We then ran:
setcap cap_net_raw,cap_net_admin=eip /path/to/java
It sets the capabilities, and running java -version as root works fine.
But after running setcap, when I try to run java -version as a regular user, I see:
java: symbol lookup error: java: undefined symbol: JLI_InitArgProcessing
This seems to be an intended security protection as discussed here: Linux capabilities (setcap) seems to disable LD_LIBRARY_PATH
But my question is: How can I allow java to use these capabilities (network packet capture) under a regular user account?
Note: Unsetting the capabilities via setcap -r /path/to/java allows a regular user to run java again - so the issue is isolated to capabilities.
回答1:
I was able to resolve this by adding this file:
/etc/ld.so.conf.d/java.conf
With the single-line contents:
/usr/lib/jvm/java-11-openjdk-11.0.1.13-3.0.1.el7_6.x86_64/lib/jli
And rebooting the server.
Obviously, that directory path should point to your specific JDK
来源:https://stackoverflow.com/questions/53675535/java-symbol-lookup-error-for-jli-initargprocessing-when-running-with-setcap-ca