I posted the following weird channel security exit problem on the MQSeries ListServer.
I received a lot of emails (both public and private) offering help to the problem. Thanks. It was not an SELinux issue nor was it a corrupt shared library issue. It was an issue related to permissions for a mount point.
Here is the description to the problem followed by the solution:
I’ve got a really weird problem, that the internet seems to say that it is a permission issue with “/tmp” but I’m at a loss.
– Brand new: Red Hat Enterprise Linux Server release 7.6 (Maipo)
– Fresh install of MQ v9.1.0.1 64-bit
Installed MQAUSX into /var/mqm/exits64/ and yes it is a working version that works perfectly on other Linux distributions.
Here is the MQ error message:
08/02/19 12:46:45 - Process(51014.254) User(roger) Program(amqrmppa)
Host(someserver) Installation(Installation1)
VRMF(9.1.0.1) QMgr(MQA1)
Time(2019-02-08T11:46:45.514Z)
ArithInsert1(536895861)
CommentInsert1(/var/mqm/exits64/mqausx)
CommentInsert2(/var/mqm/exits64/mqausx: failed to map segment from shared object: Operation not permitted)
CommentInsert3(64)
AMQ6175E: The system could not dynamically load the shared library
'/var/mqm/exits64/mqausx'. The system returned error message
'/var/mqm/exits64/mqausx: failed to map segment from shared object: Operation
not permitted'.
EXPLANATION:
This message applies to UNIX systems. The shared library '/var/mqm/exits64/mqausx'
failed to load correctly due to a problem with the library.
ACTION:
Check the file access permissions and that the file has not been corrupted.
“mqausx” is a standard Unix/Linux shared library (It is running on tons of Linux servers without issue). Even the “ldd” command gives a weird result:
$ ldd /var/mqm/exits64/mqausx
ldd: warning: you do not have execution permission for `/var/mqm/exits64/mqausx'
not a dynamic executable
The permissions are set as follows:
chown mqm:mqm mqausx chmod 750 mqausx
I even tried 777 for permissions. i.e.
-rwxrwxrwx 1 mqm mqm 247087 Feb 7 15:11 mqausx
It still failed. Its a shared library, what is or how is a shared library “dynamic executable”?
Here is the solution that Josh suggested that worked:
First, issue the following command against your shared library:
$ df /var/mqm/exits64 Filesystem 1K-blocks Used Available Use% Mounted on /dev/aaa/bbb 5107712 3967288 1140424 78% /var/mqm
Use whatever is under “Mounted on” (i.e. /var/mqm – you may have something else like /var ) in the following command:
$ mount | grep /var/mqm
In my customer’s particular case, their mount point was on /var and the results of the command was:
/dev/aaa/bbb on /var type xfs (rw,nosuid,nodev,noexec,relatime,attr2,inode64,logbsize=256k,sunit=512,swidth=512,noquota)
The source of the issue was that the mount point had “noexec”permission. Hence, once that option was removed then everything went back to normal.
I hope this helps someone else in the future.
Regards,
Roger Lacroix
Capitalware Inc.
