java 在 Docker 容器中运行时,JVM 无法映射保留内存
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27262629/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JVM cant map reserved memory when running in Docker container
提问by KayoticSully
I cant seem to run java at all in a Docker container on my server. Even when issuing java -version, I get the following error.
我似乎根本无法在服务器上的 Docker 容器中运行 java。即使在发出时java -version,我也会收到以下错误。
root@86088d679103:/# java -version
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000035ce1000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.
# An error report file with more information is saved as:
# //hs_err_pid17.log
According to this, java can't map 2.5Mb of space for reserved memory? This does not seem right...
据此,java不能为保留内存映射2.5Mb的空间?这似乎不对……
I have the full log included at the end, but for the sake of some extra information, my system is reporting the following:
我在最后包含了完整的日志,但为了一些额外的信息,我的系统报告以下内容:
root@86088d679103:/# uname -m
x86_64
root@86088d679103:/# free -mh
total used free shared buffers cached
Mem: 15G 9.7G 5.8G 912K 148M 8.9G
-/+ buffers/cache: 639M 14G
Swap: 15G 0B 15G
Can anyone point me in the right direction?
任何人都可以指出我正确的方向吗?
Full Log: https://gist.github.com/KayoticSully/e206c44681ce261674ba
完整日志:https: //gist.github.com/KayoticSully/e206c44681ce261674ba
Update
更新
@Yobert nailed the problem and I highly suggest you read through the comments and chat log. Good info in there.
@Yobert 解决了这个问题,我强烈建议您通读评论和聊天记录。里面的好资料。
For those who want the final command that made Java work: setfattr -n user.pax.flags -v "mr" /usr/bin/java
对于那些想要使 Java 工作的最终命令的人: setfattr -n user.pax.flags -v "mr" /usr/bin/java
If your distro does not have setfattrinstalled by default it should be included in the installable package attr through paceman, apt-get, etc.
如果你的发行版setfattr默认没有安装,它应该通过paceman、apt-get等包含在可安装包attr中。
回答by Yobert
I had this same problem when using a Grsec enabled kernel. For java to play nice, I had to disable MPROTECT on the java binary. You can use the paxctlutility for this:
使用启用 Grsec 的内核时,我遇到了同样的问题。为了让 java 运行良好,我必须在 java 二进制文件上禁用 MPROTECT。您可以paxctl为此使用该实用程序:
paxctl -m /usr/lib/jvm/java-7-openjdk/jre/bin/java
You'll need to do paxctl -con the binary first if you've never used it on that binary before:
你需要做paxctl -c的第一,如果你从来没有使用过的二进制前的二进制文件:
paxctl -c /usr/lib/jvm/java-7-openjdk/jre/bin/java
More information about paxctl can be found at: http://en.wikibooks.org/wiki/Grsecurity/Additional_Utilities
有关 paxctl 的更多信息,请访问:http: //en.wikibooks.org/wiki/Grsecurity/Additional_Utilities
回答by Sven Mohr
I had the same problem when running Docker on Alpine Linux, after enabling PaX soft mode it worked:
我在 Alpine Linux 上运行 Docker 时遇到了同样的问题,在启用 PaX 软模式后它工作了:
sysctl -w kernel.pax.softmode=1
Soft mode will disable most PaX features by default, therefore it is not recommended to enable it. The proper way is to use paxctl, as already mentioned above.
默认情况下,软模式将禁用大多数 PaX 功能,因此不建议启用它。正确的方法是使用 paxctl,如上所述。
Also have a look here: https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Support_soft_mode
也看看这里:https: //en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Support_soft_mode
回答by Ankit
This happened to me as well , We reduced the RAM size on our VM and after a couple of days started getting this error and service did not came up for ever.
这也发生在我身上,我们减少了 VM 上的 RAM 大小,几天后开始出现此错误,并且服务永远不会出现。
Solution :: We reduced the heap size of the application or service having this issue and the service came up fine again.
解决方案 :: 我们减少了出现此问题的应用程序或服务的堆大小,服务再次正常运行。
