Database password encryption failed in Confluence Data Center with error "libbc-probe.so: failed to map segment from shared object: Operation not permitted"
プラットフォームについて: Data Center - この記事は、Data Center プラットフォームのアトラシアン製品に適用されます。
このナレッジベース記事は製品の Data Center バージョン用に作成されています。Data Center 固有ではない機能の Data Center ナレッジベースは、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
要約
When attempting to encrypt the Confluence database password to add extra security (See: AES encryption), and attempting Step 1.2, "Run the following command to encrypt your password", it fails with an error in the command line.
環境
Confluence Data Center 7.19+
診断
To confirm if you are hitting this specific issue, please follow these steps:
- Go to
<install-directory>/bin
. Run the command to begin the encryption process:
java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher
A version of the following error will be displayed:
libbc-probe.so: failed to map segment from shared object: Operation not permitted
原因
The root cause of the problem is that Java is unable to load the library libbc-probe.so
from the /tmp
directory.
The issue lies in the operating system's mount point(s), where the {{/tmp}} partition has been mounted as noexec
. Mounting a filesystem as noexec
means it does not permit the execution of executable binaries in the mounted filesystem. (See: How do I check if "noexec" flag exists on a Linux OS?)
ソリューション
To address this situation, there are two approaches:
- Approach 1)
- Remove the
noexec
flags in your mount point
- Remove the
- Approach 2)
If flag
noexec
must remain set on the mount point, run the following to change the directory to one with exec permission to allow Java to load the library:java -Djava.io.tmpdir=/path/to/tmpdir -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStore
Make sure you update
/path/to/tmpdir
in the above example.