java.lang.UnsupportedOperationException on starting elasticsearch

elasticheart · November 1, 2016, 11:45am

On my Linux, when I try to start elasticsearch, I am getting the following warning;

[2016-11-01T17:09:28,391][WARN ][o.e.b.JNANatives         ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in
        at org.elasticsearch.bootstrap.Seccomp.linuxImpl(Seccomp.java:349) ~[elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Seccomp.init(Seccomp.java:630) ~[elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.JNANatives.trySeccomp(JNANatives.java:215) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Natives.trySeccomp(Natives.java:99) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:101) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:155) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:112) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:103) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.cli.SettingCommand.execute(SettingCommand.java:54) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:96) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.cli.Command.main(Command.java:62) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80) [elasticsearch-5.0.0.jar:5.0.0]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:73) [elasticsearch-5.0.0.jar:5.0.0]

What might be the possible reason and how can I fix this?

System information:
Elasticsearch: Version: 5.0.0, Build: 253032b/2016-10-26T04:37:51.531Z, JVM: 1.8.0_102
OS: CentOS release 6.6 (Final)

cbuescher · November 1, 2016, 12:19pm

This is just a warning, ES should start fine, just with a warning about seccomp not being available.

Elasticsearch security module tries to revoke Linux process privileges to reduce so called "attack vector" for malevolent activities, but your Linux kernel is either too old or not able to offer that process privilege revoke API.
Here's the related issue: https://github.com/elastic/elasticsearch/pull/13753

I think you can set bootstrap.seccomp=false in the yml file to disable this.

nik9000 · November 1, 2016, 2:38pm

Are we really logging the stack trace at WARN level if this is just a warning? It feels like we should log a one line warning message like "Unable to install syscall filter to prevent forks. This is not ideal but OK because we already prevent forks using the JVM's sandbox. This requires a kernel compiled with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER which is available in most modern Linux distributions."

The bit about 3.5+ isn't entirely true. That is the version of the kernel where this was committed but distros backport so much stuff you can never be sure.

cbuescher · November 1, 2016, 2:44pm

@nik agreed, the logging happens in JNANatives#trySeccomp. A warning without the full stack trace would probably be less scary.

Reynold_PJ · February 27, 2017, 12:10pm

Thanks it helped.