Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8327114

Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container)

XMLWordPrintable

    • b18

      Noted in comments after the commit for:

      8226919: attach in linux hangs due to permission denied accessing /proc/pid/root
      https://github.com/openjdk/jdk/pull/17628

      "a Kubernetes debug container may be a little different from other Docker container scenarios because these are two different containers with different root filesystems but the same Linux process namespace. So jcmd using /proc/<pid>/root is necessary to find the socket file, even though jcmd and the target JVM both agree the PID is the same"

      "Could the findSocketFile logic be made more robust to the different namespace/filesystem scenarios? E.g. attempt /proc/<pid>/root first? Or perhaps there is a way (not pid != ns_pid) to more accurately determine whether / and /proc/<pid>/root are the same filesystem and /tmp is OK?"


      If pid == ns_pid, means using /tmp and not /proc/<pid>/root/tmp for attach, this may be an issue if processes share the process namespace but not filesystem. Needs verification.

            sgehwolf Severin Gehwolf
            kevinw Kevin Walls
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: