Details
-
Bug
-
Resolution: Fixed
-
P4
-
21.0.2
-
master
-
linux
Description
JDK fails with java.nio.file.FileSystemException: Operation not permitted
on the old docker versions (before v19)
Regression is introduced byJDK-8316304 adding a statx syscall
On the old docker versions, statx is not added to the default seccomp white list ( https://github.com/moby/moby/blob/00c1c604d08bbceb73a680d37d7428e6a4e986af/profiles/seccomp/default.json ) It causes EPERM in some systems even if the container image is updated.
```
root@88d002f4c30b:/# /jdk/bin/java -Xdiag -jar ../apps/customjsse.jar
Error: An unexpected error occurred while trying to open file ../apps/customjsse.jar
java.nio.file.FileSystemException: ../apps/customjsse.jar: Operation not permitted
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:56)
at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:163)
at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
at java.base/java.nio.file.Files.readAttributes(Files.java:1865)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1512)
at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:744)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:254)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:181)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:345)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:316)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:255)
at java.base/sun.launcher.LauncherHelper.loadMainClass(LauncherHelper.java:834)
at java.base/sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:736)
```
on the old docker versions (before v19)
Regression is introduced by
On the old docker versions, statx is not added to the default seccomp white list ( https://github.com/moby/moby/blob/00c1c604d08bbceb73a680d37d7428e6a4e986af/profiles/seccomp/default.json ) It causes EPERM in some systems even if the container image is updated.
```
root@88d002f4c30b:/# /jdk/bin/java -Xdiag -jar ../apps/customjsse.jar
Error: An unexpected error occurred while trying to open file ../apps/customjsse.jar
java.nio.file.FileSystemException: ../apps/customjsse.jar: Operation not permitted
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:56)
at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:163)
at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
at java.base/java.nio.file.Files.readAttributes(Files.java:1865)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1512)
at java.base/java.util.zip.ZipFile$CleanableResource.<init>(ZipFile.java:744)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:254)
at java.base/java.util.zip.ZipFile.<init>(ZipFile.java:181)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:345)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:316)
at java.base/java.util.jar.JarFile.<init>(JarFile.java:255)
at java.base/sun.launcher.LauncherHelper.loadMainClass(LauncherHelper.java:834)
at java.base/sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:736)
```
Attachments
Issue Links
- relates to
-
JDK-8316304 (fs) Add support for BasicFileAttributes.creationTime() for Linux
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk21u-dev/7a97e314
-
Review(master)
openjdk/jdk17u-dev/2883
-
Review(master)
openjdk/jdk21u-dev/951
-
Review(master)
openjdk/jdk/20484