RFR: 8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
Alexey Bakhtin
abakhtin at openjdk.org
Mon Aug 26 18:12:04 UTC 2024
On Mon, 26 Aug 2024 16:18:00 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:
>> Please review the fix for regression on the old docker versions (before v18.04)
>>
>> Suggest to verify if statx is permitted during initialization
>>
>> statx(-1, "", AT_EMPTY_PATH, 0, &statx_buf) return EPERM if statx syscall not permitted and EBADF otherwise
>>
>> Fallback to stat() if statx() not permitted
>>
>> Related jtreg tests passed
>
> Please note that this change is not based on the latest version of the file in question (c89a1c35bda9002ee687b3fa267f3ef9cba78b00).
>
> Could you please check the Docker `seccomp` profile to verify that the filter is not obsolete?
@bplb Rebasing to the latest master does not change the situation: `statx` exists in the kernel, and `my_statx_func` is initialized by `UnixNativeDispatcher::init`. The old Docker version (Docker v17.06, in my case) does not permit statx in the default seccomp profile. As a result, any calls to statx_wrapper fail with EPERM.
I think it is some kind of regression for old Docker versions, but it could be easily fixed. I understand there is a workaround with an updated seccomp profile, but it is not easy to do in some environments.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20484#issuecomment-2310779181
More information about the nio-dev
mailing list