# [Solved] Can't run Java in Apache anymore

## sebaro

I don't know what happend but I can't run java in apache anymore.

Using: oracle-jdk-bin-1.8.0.131, apache-2.4.25.

```

#! /bin/bash

echo "Content-type: text/html"

echo ""

java -version > log

```

```

<?php

exec("/usr/bin/java -version > log");

?>

```

```

# There is insufficient memory for the Java Runtime Environment to continue.

# Native memory allocation (mmap) failed to map 2555904 bytes for committing reserved memory.

```

Last edited by sebaro on Tue Jul 04, 2017 8:06 pm; edited 1 time in total

----------

## wolvie

are you running a hardened kernel? PAX enabled? if so try

```
paxctl -c /usr/lib/jvm/oracle-jre-bin-1.8/bin/java

paxctl -m /usr/lib/jvm/oracle-jre-bin-1.8/bin/java

```

if not try to check the vm.max_map_count

```
sysctl -w vm.max_map_count=2555904
```

or a greater value

if the second fix the problem save if to you /etc/sysctl.conf

----------

## cboldt

Maybe related, my hook to java was via Libreoffice database.  Booting into kernel 4.9.34 and the connection fails.  Reverted to kernel 4.9.16 and it all works again.

----------

## sebaro

No PAX in kernel:

```

zcat /proc/config.gz | grep -i PaX

```

Set to 2.5 and 10 MB, same error:

```

# sysctl -w vm.max_map_count=2555904

vm.max_map_count = 2555904

# sysctl -w vm.max_map_count=10485760

vm.max_map_count = 10485760

```

EDIT:

Same with kernel 4.8, icedtea-3.4.0.

EDIT2:

PaX:

```

paxctl -v /usr/lib64/icedtea8/bin/java

PaX control v0.9

Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [/usr/lib64/icedtea8/bin/java]

   MPROTECT is disabled

   RANDEXEC is disabled

   EMUTRAMP is disabled

```

Apache log:

```

OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f6c81000000, 2555904, 1) failed; error='Operation not permitted' (errno=1)

```

----------

## wolvie

I was able to reproduce the problem but couldn't find a fix yet, the problem seems to be in the apache spawning the java. I've tried some tweaks on ulimit without success

----------

## sebaro

It's fine with apache 2.2, so maybe some flags/modules in 2.4 are not set or should not be set?

```

USE="ldap ssl suexec -debug -doc (-libressl) (-selinux) -static -threads"

APACHE2_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir dumpio env expires ext_filter file_cache filter headers imagemap include info log_config log_forensic logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif socache_shmcb speling status substitute unique_id unixd userdir usertrack version vhost_alias -access_compat -authz_dbd -cache_disk -cache_socache -http2* -ident -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -macro* -proxy_fcgi* -proxy_html* -proxy_scgi -proxy_wstunnel* -ratelimit -remoteip -reqtimeout -slotmem_shm*" APACHE2_MPMS="prefork -event -worker"

```

EDIT:

Fine with nginx-1.13.1.

----------

## wolvie

Ok, after some googling I found something that my fix your issue, it fixed here

I'm assuming you are running systemd

edit the file:

```
/usr/lib/systemd/system/apache2.service
```

find the line

```
MemoryDenyWriteExecute=true
```

it might be line 24 and change it to

```
MemoryDenyWriteExecute=false
```

run

```
systemctl daemon-reload
```

and restart apache2 and voila

----------

## sebaro

That's it. Thanks.

There are two systemd service files for apache:

/usr/portage/www-servers/apache/files/apache2.2-hardened.service

/usr/portage/www-servers/apache/files/apache2.2.service

apache-2.4.23 ebuild was the last using apache2.2.service, from apache-2.4.25 was changed to hardened version which has that option "MemoryDenyWriteExecute=true", setting to prevent a service from creating memory mappings that are writable and executable at the same time.

----------

