-
Bug
-
Resolution: Fixed
-
P4
-
None
-
b18
8226919: attach in linux hangs due to permission denied accessing /proc/pid/root
https://github.com/openjdk/jdk/pull/17628
"a Kubernetes debug container may be a little different from other Docker container scenarios because these are two different containers with different root filesystems but the same Linux process namespace. So jcmd using /proc/<pid>/root is necessary to find the socket file, even though jcmd and the target JVM both agree the PID is the same"
"Could the findSocketFile logic be made more robust to the different namespace/filesystem scenarios? E.g. attempt /proc/<pid>/root first? Or perhaps there is a way (not pid != ns_pid) to more accurately determine whether / and /proc/<pid>/root are the same filesystem and /tmp is OK?"
If pid == ns_pid, means using /tmp and not /proc/<pid>/root/tmp for attach, this may be an issue if processes share the process namespace but not filesystem. Needs verification.
- relates to
-
JDK-8226919 attach in linux hangs due to permission denied accessing /proc/pid/root
-
- Resolved
-
-
JDK-8341310 Test TestJcmdWithSideCar.java should skip ACCESS_TMP_VIA_PROC_ROOT (after JDK-8327114)
-
- Resolved
-
-
JDK-8341309 Test com/sun/tools/attach/PermissionTest.java fails after JDK-8327114 when Security manager is enabled
-
- Closed
-
-
JDK-8341518 TestJcmdWithSideCar.java fails with 'sun.tools.jcmd.JCmd' missing from stdout/stderr
-
- Open
-
-
JDK-8341246 Test com/sun/tools/attach/PermissionTest.java fails access denied after JDK-8327114
-
- Resolved
-
-
JDK-8341482 Attach API access to /proc filesystem should use doPrivileged
-
- Closed
-
-
JDK-8342449 reimplement: JDK-8327114 Attach in Linux may have wrong behavior when pid == ns_pid
-
- Closed
-
- links to
-
Commit(master) openjdk/jdk/52ba7282
-
Review(master) openjdk/jdk/19055