From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8) Gecko/20051129 Fedora/1.5-1 Firefox/1.5 Description of problem: (This is Sun JDK 1.6, but the exact same thing happens for Sun JDK 1.5.) Under selinux-policy-targeted-2.1.2-1, an enforcing policy fails to run the VM, where a permissive policy succeeds. I understand there were recent changes to execmem, and so this wasn't really a surprise. Java HotSpot(TM) 64-Bit Server VM warning: Attempt to allocate stack guard pages failed. Error occurred during initialization of VM Could not reserve enough space for code cache type=AVC msg=audit(1134320058.684:20): avc: denied { execmem } for pid=2818 comm="java" scontext=root:system_r:unconfined_t:s0-s0:c0.c255 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process type=SYSCALL msg=audit(1134320058.684:20): arch=c000003e syscall=9 per=400000 success=no exit=-13 a0=0 a1=101000 a2=7 a3=62 items=0 pid=2818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="java" exe="/usr/java/64/jdk1.6.0/bin/java" type=AVC msg=audit(1134320058.684:21): avc: denied { execmem } for pid=2818 comm="java" scontext=root:system_r:unconfined_t:s0-s0:c0.c255 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process type=SYSCALL msg=audit(1134320058.684:21): arch=c000003e syscall=9 per=400000 success=no exit=-13 a0=0 a1=101000 a2=7 a3=22 items=0 pid=2818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="java" exe="/usr/java/64/jdk1.6.0/bin/java" type=AVC msg=audit(1134320058.688:22): avc: denied { execmem } for pid=2818 comm="java" scontext=root:system_r:unconfined_t:s0-s0:c0.c255 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process type=SYSCALL msg=audit(1134320058.688:22): arch=c000003e syscall=9 per=400000 success=no exit=-13 a0=7fffff9a9000 a1=3000 a2=7 a3=32 items=0 pid=2818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="java" exe="/usr/java/64/jdk1.6.0/bin/java" type=AVC msg=audit(1134320058.688:23): avc: denied { execmem } for pid=2818 comm="java" scontext=root:system_r:unconfined_t:s0-s0:c0.c255 tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process type=SYSCALL msg=audit(1134320058.688:23): arch=c000003e syscall=9 per=400000 success=no exit=-13 a0=0 a1=3000000 a2=7 a3=4022 items=0 pid=2818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="java" exe="/usr/java/64/jdk1.6.0/bin/java" Version-Release number of selected component (if applicable): 2.1.2-1 How reproducible: Always Steps to Reproduce: 1. setenforcing 1 2. java -version 3. "...Attempt to allocate stack guard pages failed..." 4. VM dies. Additional info:
Enabling the SELinux boolean "Allow applications to execute anonymous or writable private file mappings" appears to temporarily work around this problem.
Java now has it's own policy in selinux-policy-targeted-2.1.6-19