Database password encryption failed in Confluence Data Center with error "libbc-probe.so: failed to map segment from shared object: Operation not permitted"

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When attempting to encrypt the Confluence database password to add extra security (See: AES encryption), and attempting Step 1.2, "Run the following command to encrypt your password", it fails with an error in the command line.

Environment

Confluence Data Center 7.19+

Diagnosis

To confirm if you are hitting this specific issue, please follow these steps:

  1. Go to <install-directory>/bin.

  2. Run the command to begin the encryption process:

    1 java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher
  3. A version of the following error will be displayed:

    1 libbc-probe.so: failed to map segment from shared object: Operation not permitted

Cause

The root cause of the problem is that Java is unable to load the library libbc-probe.so from the /tmp directory.

The issue lies in the operating system's mount point(s), where the {{/tmp}} partition has been mounted asnoexec. Mounting a filesystem as noexec means it does not permit the execution of executable binaries in the mounted filesystem. (See: How do I check if "noexec" flag exists on a Linux OS?)

Solution

To address this situation, there are two approaches:

  • Approach 1)

    • Remove the noexec flags in your mount point

  • Approach 2)

    • If flag noexec must remain set on the mount point, run the following to change the directory to one with exec permission to allow Java to load the library:

      1 java -Djava.io.tmpdir=/path/to/tmpdir -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStore

      ℹ️ Make sure you update /path/to/tmpdir in the above example.

Updated on April 2, 2025

Still need help?

The Atlassian Community is here for you.