RFR: 8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
Brian Burkhalter
bpb at openjdk.org
Mon Aug 26 18:36:02 UTC 2024
On Mon, 26 Aug 2024 18:09:19 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Please note that this change is not based on the latest version of the file in question (c89a1c35bda9002ee687b3fa267f3ef9cba78b00).
>>
>> Could you please check the Docker `seccomp` profile to verify that the filter is not obsolete?
>
> @bplb Rebasing to the latest master does not change the situation: `statx` exists in the kernel, and `my_statx_func` is initialized by `UnixNativeDispatcher::init`. The old Docker version (Docker v17.06, in my case) does not permit statx in the default seccomp profile. As a result, any calls to statx_wrapper fail with EPERM.
>
> I think it is some kind of regression for old Docker versions, but it could be easily fixed. I understand there is a workaround with an updated seccomp profile, but it is not easy to do in some environments.
@alexeybakhtin It probably won't work due to seccomp, but could you maybe try reverting your change and modifying `statx_wrapper` to replace
return (*my_statx_func)(dirfd, pathname, flags, mask, statxbuf);
with
return syscall(__NR_statx, dirfd, pathname, flags, mask, statxbuf);
Thanks.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20484#issuecomment-2310822224
More information about the nio-dev
mailing list