RFR: 8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases

[Brian Burkhalter]

On Mon, 26 Aug 2024 18:52:41 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:

> Issue can be simulated on the latest docker version by removing `statx` from the syscalls.names section of the seccomp profile and run docker with modified perofile: `--security-opt seccomp=<path to seccomp.json>`

So that rather verifies that the seccomp file in question is incorrect / not current.

> Actually, there is a similar problem with `copy_file_range` added by JDK-8264744 in my environment, but is reproducible in EE docker version only

I added that one.

With respect to the current PR, one thing that is problematic is invoking statx() during the initialization of `UnixNativeDispatcher`. It would be better if the`EPERM` check were done elsewhere, although that would add more code. For example, in `stat0()`:

         // Prefer statx over stat on Linux if it's available
         RESTARTABLE(statx_wrapper(AT_FDCWD, path, flags, mask, &statx_buf), err);
         if (err == 0) {
             copy_statx_attributes(env, &statx_buf, attrs);
             return 0;
+        } else if (errno == EPERM) {
+            my_statx_func = NULL; // fall back to stat()
         } else {
             return errno;
         }
     }

This does not update the Java layer `capabilities`, however, and a similar change would be needed in several places.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/20484#issuecomment-2310913789