When the EM is initializing, RocksDB creates a temporary lib.so file within the temp dir of the JVM, given by the java.io.tmpdir system property by default. For example this file looks similar to (the numbers in the name will vary):
java.io.tmpdir defaults to /tmp on Linux and Unix systems in general. The .so file is then memory-mapped by the JVM process so code from it can be executed. Memory-mapping requires that the file reside on a filesystem that is executable (the file does not necessarily need execute permission on itself, but it must be readable). Note the distinction here: the FILESYSTEM must be executable, meaning that it must NOT be mounted with a "noexec" flag. It is common security practice to mount such temporary locations with "noexec", however. In such a situation the .so file will fail to memory-map and the EM will fail to start.
The workaround is to define the java.io.tmpdir to point to a temp location on a filesystem that *IS* executable (i.e. does NOT have noexec specified in mount options).
Ideally the APM .lax file used to start the EM process should make sure that the tmp directory is defined in the existing APM home directory which will prevent this issue from occuring :
Alternatively, the product documentation should clearly state that it is a requirement that that /tmp is on an executable filesystem. For example, if /tmp is mounted as an individual filesystem, ensure it does not have the noexec flag set. (mount -o remount,exec /tmp)