OnError and OnOutOfMemoryError checks
OnError and OnOutOfMemoryError checks
The JVM options OnError
and OnOutOfMemoryError
enable executing arbitrary commands if the JVM encounters a fatal error (OnError
) or an OutOfMemoryError
(OnOutOfMemoryError
). However, by default, Elasticsearch system call filters (seccomp) are enabled and these filters prevent forking. Thus, using OnError
or OnOutOfMemoryError
and system call filters are incompatible. The OnError
and OnOutOfMemoryError
checks prevent Elasticsearch from starting if either of these JVM options are used and system call filters are enabled. This check is always enforced. To pass this check do not enable OnError
nor OnOutOfMemoryError
; instead, upgrade to Java 8u92 and use the JVM flag ExitOnOutOfMemoryError
. While this does not have the full capabilities of OnError
nor OnOutOfMemoryError
, arbitrary forking will not be supported with seccomp enabled.