-
Bug
-
Resolution: Unresolved
-
P4
-
17
With docker, the recommended method of using jcmd with containerized JVMs is to run "jcmd" as root (see comments in JDK-8255008).
However, this will not work with podman (at least on some versions of Linux).
With podman, you should run both the container and jcmd using the same host UID.
=========
Suggested fix:
[1] Make jcmd work even if launched by root; or
[2] If jcmd is launched by root, do not try to connect to any PIDs that the root user cannot access, to avoid the mysterious "java.io.IOException" errors.
=========
Ubuntu 20.10
podman version 3.2.1
$ mkdir -p my-java-app
$ cd my-java-app
$ cat > Dockerfile <<EOF
FROM container-registry.oracle.com/java/openjdk:17
COPY Wait.class /
CMD ["java", "-cp", "/", "Wait"]
EOF
$ cat > Wait.java << END
public class Wait {
public static void main(String args[]) throws Throwable {
System.out.println("pid = " + ProcessHandle.current().pid() + "; Type Return to exit");
System.in.read();
}
}
END
$ javac Wait.java
$ podman build -t my-java-app .
$ podman run -it --tty=true --rm my-java-app java -cp / Wait
pid = 1; Type Return to exit
# ----------- In a different console ---------------
$ ps -ef | grep Wait
ubuntu 20523 17918 3 20:52 pts/0 00:00:00 podman run --rm localhost/my-java-app java -cp / Wait
ubuntu 20551 20537 5 20:52 ? 00:00:00 java -cp / Wait
$ jcmd Wait VM.version
20551:
OpenJDK 64-Bit Server VM version 17.0.1+12-39
JDK 17.0.1
$ sudo jcmd Wait VM.version
20551:
java.io.IOException: Broken pipe
at jdk.attach/sun.tools.attach.VirtualMachineImpl.write(Native Method)
at jdk.attach/sun.tools.attach.VirtualMachineImpl.writeString(VirtualMachineImpl.java:324)
at jdk.attach/sun.tools.attach.VirtualMachineImpl.execute(VirtualMachineImpl.java:175)
at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.executeCommand(HotSpotVirtualMachine.java:310)
at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.executeJCmd(HotSpotVirtualMachine.java:292)
at jdk.jcmd/sun.tools.jcmd.JCmd.executeCommandForPid(JCmd.java:124)
at jdk.jcmd/sun.tools.jcmd.JCmd.main(JCmd.java:97)
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/my-java-app latest f50ae9c32edf 6 minutes ago 597 MB
container-registry.oracle.com/java/openjdk 17 ba8d3012271a 3 weeks ago 597 MB
However, this will not work with podman (at least on some versions of Linux).
With podman, you should run both the container and jcmd using the same host UID.
=========
Suggested fix:
[1] Make jcmd work even if launched by root; or
[2] If jcmd is launched by root, do not try to connect to any PIDs that the root user cannot access, to avoid the mysterious "java.io.IOException" errors.
=========
Ubuntu 20.10
podman version 3.2.1
$ mkdir -p my-java-app
$ cd my-java-app
$ cat > Dockerfile <<EOF
FROM container-registry.oracle.com/java/openjdk:17
COPY Wait.class /
CMD ["java", "-cp", "/", "Wait"]
EOF
$ cat > Wait.java << END
public class Wait {
public static void main(String args[]) throws Throwable {
System.out.println("pid = " + ProcessHandle.current().pid() + "; Type Return to exit");
System.in.read();
}
}
END
$ javac Wait.java
$ podman build -t my-java-app .
$ podman run -it --tty=true --rm my-java-app java -cp / Wait
pid = 1; Type Return to exit
# ----------- In a different console ---------------
$ ps -ef | grep Wait
ubuntu 20523 17918 3 20:52 pts/0 00:00:00 podman run --rm localhost/my-java-app java -cp / Wait
ubuntu 20551 20537 5 20:52 ? 00:00:00 java -cp / Wait
$ jcmd Wait VM.version
20551:
OpenJDK 64-Bit Server VM version 17.0.1+12-39
JDK 17.0.1
$ sudo jcmd Wait VM.version
20551:
java.io.IOException: Broken pipe
at jdk.attach/sun.tools.attach.VirtualMachineImpl.write(Native Method)
at jdk.attach/sun.tools.attach.VirtualMachineImpl.writeString(VirtualMachineImpl.java:324)
at jdk.attach/sun.tools.attach.VirtualMachineImpl.execute(VirtualMachineImpl.java:175)
at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.executeCommand(HotSpotVirtualMachine.java:310)
at jdk.attach/sun.tools.attach.HotSpotVirtualMachine.executeJCmd(HotSpotVirtualMachine.java:292)
at jdk.jcmd/sun.tools.jcmd.JCmd.executeCommandForPid(JCmd.java:124)
at jdk.jcmd/sun.tools.jcmd.JCmd.main(JCmd.java:97)
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/my-java-app latest f50ae9c32edf 6 minutes ago 597 MB
container-registry.oracle.com/java/openjdk 17 ba8d3012271a 3 weeks ago 597 MB