[Pljava-dev] Problems loading jars with sqlj.install_jar

Lists: pljava-dev
From: jason at hyett(dot)org (Jason Hyett)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 08:30:04
Message-ID: 44055B8C.1080904@hyett.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

Hello all,

I'm getting a permission denied error when I try and install any jar
into the database with sqlj.install_jar(). The following output is
produced in the Postgresql log:

STATEMENT: select sqlj.install_jar('file:///tmp/test.jar','test',false);
java.sql.SQLException: I/O exception reading jar file: /tmp/test.jar
(Permission denied)
at
org.postgresql.pljava.internal.Backend.addClassImages(Backend.java:201)
at
org.postgresql.pljava.management.Commands.installJar(Commands.java:527)
at
org.postgresql.pljava.management.Commands.installJar(Commands.java:205)
ERROR: XX000: java.sql.SQLException: I/O exception reading jar file:
/tmp/test.jar (Permission denied)

I'm running Fedora Core 4 with the Postgresql 8.1.3 and PL/Java 1.2.0
binaries plus Sun's 1.5.0_06 VM.

Has anyone else seen this and do you know of a workaround?

thanks, Jason

From: thomas at tada(dot)se (Thomas Hallgren)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 11:09:55
Message-ID: 44058103.4030201@tada.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

Hi Jason,
The only reason I can think of is that the account that runs the backend
process (postmaster) lacks the needed privileges to read the file or the
/tmp directory.

Regards,
Thomas Hallgren

Jason Hyett wrote:
> Hello all,
>
> I'm getting a permission denied error when I try and install any jar
> into the database with sqlj.install_jar(). The following output is
> produced in the Postgresql log:
>
> STATEMENT: select sqlj.install_jar('file:///tmp/test.jar','test',false);
> java.sql.SQLException: I/O exception reading jar file: /tmp/test.jar
> (Permission denied)
> at
> org.postgresql.pljava.internal.Backend.addClassImages(Backend.java:201)
> at
> org.postgresql.pljava.management.Commands.installJar(Commands.java:527)
> at
> org.postgresql.pljava.management.Commands.installJar(Commands.java:205)
> ERROR: XX000: java.sql.SQLException: I/O exception reading jar file:
> /tmp/test.jar (Permission denied)
>
> I'm running Fedora Core 4 with the Postgresql 8.1.3 and PL/Java 1.2.0
> binaries plus Sun's 1.5.0_06 VM.
>
> Has anyone else seen this and do you know of a workaround?
>
> thanks, Jason
>
>
> _______________________________________________
> Pljava-dev mailing list
> Pljava-dev at gborg.postgresql.org
> http://gborg.postgresql.org/mailman/listinfo/pljava-dev
>

From: jason at hyett(dot)org (Jason Hyett)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 12:00:17
Message-ID: 44058CD1.60907@hyett.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

No, I checked that ;) I have successfully defined a function to access
the VM system properties. This reports 'user.name' as 'postgres'. This
user has full access to the jar file.

I had thought that it may be a problem with the security manager
installed by pljava, so I thought I'd debug it. I added
'-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000' to the
VM options so that I could attach remotely. This causes the VM to fail
to start.

ERROR: transport error 202: bind failed: Permission denied
["transport.c",L41]
ERROR: JDWP Transport dt_socket failed to initialize,
TRANSPORT_INIT(510) ["debugInit.c",L500]
JDWP exit error JVMTI_ERROR_INTERNAL(113): No transports
initializedINFO: 00000: FATAL ERROR in native method: JDWP No
transports initialized, jvmtiError=JVMTI_ERROR_INTERNAL(113)

Does the fact that the VM can't open a socket suggest some kind of lower
level security issue? Should I be able to remote debug the code in this
way? Remote debugging works if I launch the VM from the command line
with these options as the postgres user?

thanks, Jason

Thomas Hallgren wrote:
> Hi Jason,
> The only reason I can think of is that the account that runs the
> backend process (postmaster) lacks the needed privileges to read the
> file or the /tmp directory.
>
> Regards,
> Thomas Hallgren
>
> Jason Hyett wrote:
>> Hello all,
>>
>> I'm getting a permission denied error when I try and install any jar
>> into the database with sqlj.install_jar(). The following output is
>> produced in the Postgresql log:
>>
>> STATEMENT: select
>> sqlj.install_jar('file:///tmp/test.jar','test',false);
>> java.sql.SQLException: I/O exception reading jar file: /tmp/test.jar
>> (Permission denied)
>> at
>> org.postgresql.pljava.internal.Backend.addClassImages(Backend.java:201)
>> at
>> org.postgresql.pljava.management.Commands.installJar(Commands.java:527)
>> at
>> org.postgresql.pljava.management.Commands.installJar(Commands.java:205)
>> ERROR: XX000: java.sql.SQLException: I/O exception reading jar file:
>> /tmp/test.jar (Permission denied)
>>
>> I'm running Fedora Core 4 with the Postgresql 8.1.3 and PL/Java 1.2.0
>> binaries plus Sun's 1.5.0_06 VM.
>>
>> Has anyone else seen this and do you know of a workaround?
>>
>> thanks, Jason
>>
>>
>> _______________________________________________
>> Pljava-dev mailing list
>> Pljava-dev at gborg.postgresql.org
>> http://gborg.postgresql.org/mailman/listinfo/pljava-dev
>>
>

From: thomas at tada(dot)se (Thomas Hallgren)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 13:02:21
Message-ID: 44059B5D.5030803@tada.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

Jason Hyett wrote:
> No, I checked that ;)
OK, Sorry. I had to ask.
>
> Does the fact that the VM can't open a socket suggest some kind of
> lower level security issue? Should I be able to remote debug the code
> in this way? Remote debugging works if I launch the VM from the
> command line with these options as the postgres user?
Yes, you should be able to debug this way and I'm fairly certain that
the java SecurityManager is bypassed by the JDWP Transport mechanism. I
have no idea why this happens so I can't help. I'd be very interested to
know what's causing this should you figure this one out.

Regards,
Thomas Hallgren

From: thomas at tada(dot)se (Thomas Hallgren)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 14:42:03
Message-ID: 4405B2BB.8000907@tada.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

Jason,
I got this from Sam. Perhaps it helps?

- thomas

Hi

just a hint, it may lead to (k)no(w)where... ;-)

as far as i know, fedora 4 comes with se-linux, which means, that you have
quite restrictive policies for userprocesses. try to check the policies
for postmaster - probably its only allowed to use certain ports
(exclusive 8000).

have fun :-)

sam

From: jason at hyett(dot)org (Jason Hyett)
To:
Subject: [Pljava-dev] Problems loading jars with sqlj.install_jar
Date: 2006-03-01 15:11:20
Message-ID: 4405B998.3040601@hyett.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pljava-dev

Hi Thomas,

Yes this was the problem. Your last email inspired me and I figured it
out a while ago. I was going to post just as soon as I found out how to
change the selinux configuration. For now I've just completely disabled
it and everything is working fine. I'm running queries that select
records via a lucene index which is maintained by update triggers. It
all works a treat.

Thanks everyone.

rgds, Jason

Thomas Hallgren wrote:
> Jason,
> I got this from Sam. Perhaps it helps?
>
> - thomas
>
> Hi
>
> just a hint, it may lead to (k)no(w)where... ;-)
>
> as far as i know, fedora 4 comes with se-linux, which means, that you
> have
> quite restrictive policies for userprocesses. try to check the policies
> for postmaster - probably its only allowed to use certain ports
> (exclusive 8000).
>
> have fun :-)
>
> sam