RFR: 8351382: New test containers/docker/TestMemoryWithSubgroups.java is failing
Severin Gehwolf
sgehwolf at openjdk.org
Mon Mar 10 13:51:54 UTC 2025
On Fri, 7 Mar 2025 20:14:05 GMT, Sergey Chernyshev <schernyshev at openjdk.org> wrote:
> The new test fails in rootless Docker mode after [JDK-8343191](https://bugs.openjdk.org/browse/JDK-8343191):
>
> containers/docker/TestMemoryWithSubgroups.java
>
> [STDERR]
>
> Resource limits are not supported and ignored on cgroups V1 rootless systems
>
> [STDOUT]
>
> mkdir: cannot create directory '/sys/fs/cgroup/memory/test': Permission denied
> sh: /sys/fs/cgroup/memory/test/memory.limit_in_bytes: No such file or directory
> sh: /sys/fs/cgroup/memory/test/cgroup.procs: No such file or directory
>
> The test TestMemoryWithSubgroups.java uses `--privileged` mode to modify process' cgroup, that has no effect in rootless mode. The test has to be skiped.
>
> The fix is to query `info -f {{println .SecurityOptions}}` and check whether it has `name=rootless` in the output.
This won't work under `podman`:
$ podman info -f '{{println .SecurityOptions}}
> '
Error: template: info:1:10: executing "info" at <.SecurityOptions>: can't evaluate field SecurityOptions in type system.infoReport
I'm not sure we need to go through the `SecurityOptions` thing. How about `if (!Platform.isRoot()) { ... }`?
-------------
Changes requested by sgehwolf (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/23948#pullrequestreview-2671024708
More information about the hotspot-runtime-dev
mailing list