Node JS can't run while SELinux is active

1,320 views
Skip to first unread message

Amir Mahmoudi

unread,
Apr 9, 2012, 6:22:07 AM4/9/12
to nodejs
I'm using Debian Server 6 on my server, after installing SE Linux, and
execute "setenfore 1" to active SE Linux completely on the
server( what is said in the manual of debian Wiki http://wiki.debian.org/SELinux/Setup)
Node.js can't run. not even a simple log command

and receive this error: FATAL ERROR: v8::Context::New() V8 is no
longer usable

how can i solve this problem?

Ben Noordhuis

unread,
Apr 9, 2012, 5:15:21 PM4/9/12
to nod...@googlegroups.com

Are there memory restrictions in effect? V8 (that is, Node) needs at
least 768 MB of virtual address space.

amir m

unread,
Apr 10, 2012, 2:07:00 AM4/10/12
to nod...@googlegroups.com
No, i don't think there is any Memory limit for process. look at this result:

# ulimit -a

core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 16382
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 47807
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited


as you can see, the maximum memory is unlimited. but there is no policy for node, and i don't change anything at all. i just install and use default policy.



--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Jann Horn

unread,
Apr 10, 2012, 5:29:25 AM4/10/12
to nod...@googlegroups.com
2012/4/9 Amir Mahmoudi <white....@gmail.com>:

Well, what error does selinux report in its logs?

Vyacheslav Egorov

unread,
Apr 10, 2012, 11:49:23 AM4/10/12
to nod...@googlegroups.com
I think you need to explicitly allow V8 to map executable memory:

chcon -t execmem_exec_t node

or something along these lines.

--
Vyacheslav Egorov

Alan Gutierrez

unread,
Apr 14, 2012, 10:37:27 PM4/14/12
to nod...@googlegroups.com

Any progress?

You can can use audit2allow see exactly what's wrong.


http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01

After a failure I usually tail the last 40 lines or so of
/var/log/audit/audit.log through audit2allow and see what it says.

Post that hear and I'll talk about it with you. I run SELinux on Fedora
16 and I have no problems with it. Also, the SELinux group on freenode
is pretty helpful.

--
Alan Gutierrez - @bigeasy

Reply all
Reply to author
Forward
0 new messages