if (Natives.definitelyRunningAsRoot()) { throw new RuntimeException("can not run elasticsearch as root"); Natives.tryInstallSystemCallFilter(tmpFile); Natives.tryVirtualLock(); } else { Natives.tryMlockall(); Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() { @Override public boolean handle(int code) { Natives.trySetMaxNumberOfThreads(); Natives.trySetMaxSizeVirtualMemory(); Natives.trySetMaxFileSize();
/** * Returns true if we were able to lock the process's address space. */ public static boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
/** * Returns true if system call filter is installed (supported systems only) */ public static boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
if (Natives.definitelyRunningAsRoot()) { if (Boolean.parseBoolean(System.getProperty("es.insecure.allow.root"))) { logger.warn("running as ROOT user. this is a bad idea!"); Natives.trySeccomp(tmpFile); Natives.tryVirtualLock(); } else { Natives.tryMlockall(); Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() { @Override public boolean handle(int code) {
/** * Attempt to spawn the controller daemon for a given module. The spawned process will remain connected to this JVM via its stdin, * stdout, and stderr streams, but the references to these streams are not available to code outside this package. */ private Process spawnNativeController(final Path spawnPath, final Path tmpPath) throws IOException { final String command; if (Constants.WINDOWS) { /* * We have to get the short path name or starting the process could fail due to max path limitations. The underlying issue here * is that starting the process on Windows ultimately involves the use of CreateProcessW. CreateProcessW has a limitation that * if its first argument (the application name) is null, then its second argument (the command line for the process to start) is * restricted in length to 260 characters (cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425.aspx). Since * this is exactly how the JDK starts the process on Windows (cf. * http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/windows/native/java/lang/ProcessImpl_md.c#l319), this * limitation is in force. As such, we use the short name to avoid any such problems. */ command = Natives.getShortPathName(spawnPath.toString()); } else { command = spawnPath.toString(); } final ProcessBuilder pb = new ProcessBuilder(command); // the only environment variable passes on the path to the temporary directory pb.environment().clear(); pb.environment().put("TMPDIR", tmpPath.toString()); // the output stream of the process object corresponds to the daemon's stdin return pb.start(); }
/** * Attempt to spawn the controller daemon for a given module. The spawned process will remain connected to this JVM via its stdin, * stdout, and stderr streams, but the references to these streams are not available to code outside this package. */ private Process spawnNativeController(final Path spawnPath, final Path tmpPath) throws IOException { final String command; if (Constants.WINDOWS) { /* * We have to get the short path name or starting the process could fail due to max path limitations. The underlying issue here * is that starting the process on Windows ultimately involves the use of CreateProcessW. CreateProcessW has a limitation that * if its first argument (the application name) is null, then its second argument (the command line for the process to start) is * restricted in length to 260 characters (cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425.aspx). Since * this is exactly how the JDK starts the process on Windows (cf. * http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/windows/native/java/lang/ProcessImpl_md.c#l319), this * limitation is in force. As such, we use the short name to avoid any such problems. */ command = Natives.getShortPathName(spawnPath.toString()); } else { command = spawnPath.toString(); } final ProcessBuilder pb = new ProcessBuilder(command); // the only environment variable passes on the path to the temporary directory pb.environment().clear(); pb.environment().put("TMPDIR", tmpPath.toString()); // the output stream of the process object corresponds to the daemon's stdin return pb.start(); }
if (Natives.definitelyRunningAsRoot()) { throw new RuntimeException("can not run elasticsearch as root"); Natives.tryInstallSystemCallFilter(tmpFile); Natives.tryVirtualLock(); } else { Natives.tryMlockall(); Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() { @Override public boolean handle(int code) { Natives.trySetMaxNumberOfThreads(); Natives.trySetMaxSizeVirtualMemory(); Natives.trySetMaxFileSize();
boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
/** * Attempt to spawn the controller daemon for a given module. The spawned process will remain connected to this JVM via its stdin, * stdout, and stderr streams, but the references to these streams are not available to code outside this package. */ private Process spawnNativeController(final Path spawnPath, final Path tmpPath) throws IOException { final String command; if (Constants.WINDOWS) { /* * We have to get the short path name or starting the process could fail due to max path limitations. The underlying issue here * is that starting the process on Windows ultimately involves the use of CreateProcessW. CreateProcessW has a limitation that * if its first argument (the application name) is null, then its second argument (the command line for the process to start) is * restricted in length to 260 characters (cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425.aspx). Since * this is exactly how the JDK starts the process on Windows (cf. * http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/windows/native/java/lang/ProcessImpl_md.c#l319), this * limitation is in force. As such, we use the short name to avoid any such problems. */ command = Natives.getShortPathName(spawnPath.toString()); } else { command = spawnPath.toString(); } final ProcessBuilder pb = new ProcessBuilder(command); // the only environment variable passes on the path to the temporary directory pb.environment().clear(); pb.environment().put("TMPDIR", tmpPath.toString()); // the output stream of the process object corresponds to the daemon's stdin return pb.start(); }
if (Natives.definitelyRunningAsRoot()) { throw new RuntimeException("can not run elasticsearch as root"); Natives.tryInstallSystemCallFilter(tmpFile); Natives.tryVirtualLock(); } else { Natives.tryMlockall(); Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() { @Override public boolean handle(int code) { Natives.trySetMaxNumberOfThreads(); Natives.trySetMaxSizeVirtualMemory(); Natives.trySetMaxFileSize();
/** * Returns true if we were able to lock the process's address space. */ public static boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
if (Natives.definitelyRunningAsRoot()) { throw new RuntimeException("can not run elasticsearch as root"); Natives.tryInstallSystemCallFilter(tmpFile); Natives.tryVirtualLock(); } else { Natives.tryMlockall(); Natives.addConsoleCtrlHandler(new ConsoleCtrlHandler() { @Override public boolean handle(int code) { Natives.trySetMaxNumberOfThreads(); Natives.trySetMaxSizeVirtualMemory();
/** * Returns true if we were able to lock the process's address space. */ public static boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
/** * Returns true if system call filter is installed (supported systems only) */ public static boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
/** * Returns true if we were able to lock the process's address space. */ public static boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
/** * Returns true if system call filter is installed (supported systems only) */ public static boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
/** * Returns true if system call filter is installed (supported systems only) */ public static boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }