RFR: 8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
Alexey Bakhtin
abakhtin at openjdk.org
Tue Aug 27 14:43:02 UTC 2024
On Wed, 7 Aug 2024 04:20:29 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Please review the fix for regression on the old docker versions (before v18.04)
>
> Suggest to verify if statx is permitted during initialization
>
> statx(-1, "", AT_EMPTY_PATH, 0, &statx_buf) return EPERM if statx syscall not permitted and EBADF otherwise
>
> Fallback to stat() if statx() not permitted
>
> Related jtreg tests passed
Yes, This issue is for old Docker versions only. Seccomp profile is updated for the Docker v18.4 and up.
The current implementation allows working without `statx` if it is unavailable in the kernel and fallback to other syscalls. I suggest an additional check to verify if syscall is permitted in the system. If syscall at initialization is not allowed I can check error code at runtime and fallback to previous implementation if statx is not permitted
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20484#issuecomment-2312758816
More information about the nio-dev
mailing list