Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to start if /tmp is mounted noexec #1080

Open
1 task done
perkinslr opened this issue Jan 23, 2025 · 0 comments
Open
1 task done

Failure to start if /tmp is mounted noexec #1080

perkinslr opened this issue Jan 23, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@perkinslr
Copy link

This issue occurs when only Valkyrien Skies and addons are installed and no other mods

  • I have tested this issue and it occurs when no other mods are installed

Minecraft Version

1.19

Mod Loader

Forge

Issue description

During early startup, VS unpacks the linux-native libKrunchJni64.so into /tmp and then tries to load it. The loading step fails if /tmp/ is mounted noexec. Security-minded installations often mount /tmp/ noexec because /tmp/ is generally an inappropriate place to store executable code, even briefly.

There are several alternative locations where the file could be stored. The most obvious would be in ${game_directory}/libraries/org/valkyrienskies/, ideally with a version number attached. ${game_directory}/libraries already must exist, and must have execute permissions or minecraft wouldn't be starting in the first place.

The second obvious option is ${natives_directory}, which likewise should exist and be executable. In practice, the default MC launcher creates this directory and populates it, for some versions, on the fly and removes it after the game exits. It is often possible to start the game without this existing, but if the goal is to have the native actually be transient, it's a solid choice.

After that, it's down to platform specific locations. It could go in ${XDG_RUNTIME_DIR} if the goal is to have it transient, but that might not be set on servers. It generally falls back to /tmp, which isn't ideal. Many programs stick this sort of thing inside ${XDG_STATE_HOME}, falling back to ${HOME}/.local/share if it is unset, so the usual directory would end up being ${HOME}/.local/share/valkyrienskies or similar. The obvious drawback is it leaves orphaned files outside of MC's usual paths, but at least they are in the correct location outside MC's usual paths. ${XDG_CACHE_HOME} (${HOME}/.cache) is another option, better by-spec than $DATA, but less often used by programs in the wild.

Issue reproduction

Set up MC+VS, server or client, on a Linux box.

Remount /tmp/ noexec

sudo mount -o remount,noexec /tmp

Start MC, observe the failure.

As an alternative, you can use a container (firejail, docker) to start MC, with a private /tmp/ configured noexec and observe the failure

firejail --noprofile --private-tmp --noexec=/tmp bash
# then start MC as usual.

Logs

No response
@perkinslr perkinslr added the bug Something isn't working label Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@perkinslr