Integrated: 8228343: JCMD and attach fail to work across Linux Container boundary

[Kevin Walls]

On Tue, 8 Jun 2021 20:44:46 GMT, Kevin Walls <kevinw at openjdk.org> wrote:

> Since 8214300, jcmd cannot attach to a Java process in a docker container.
> 
> That change started using a canonicalized File to create the .attach_pidXXX file.  For a target process in a container, it will follow a symlink that is likely not the same as for the target process.  e.g. follow a symlink to a cwd of / which is not the same directory for the container host, as it is within the container.  Containerized VM never sees the file, never creates the socket file, the attach times out and fails.
> 
> To keep the 8214300 change working for non-container situations, we can keep a canonical version of the attach File to use for deleting.
> 
> For containers there will remain the problem 8214300 describes, although it is unlikely: if you start the attach to a containerized VM,  and it then exits, we can't delete the .attach_pidXXX file.  Neither the /proc/PID/cwd or canonical form are any use.
> 
> (Possibly leaving a .attach_pidXXX file if the target dies in that small window is better than the current situation.)
> 
> Here I'm suggesting the same change on AIX, although I can't build/test that.  I'm expecting it has the same problem, as /proc/pid/cwd is still a symlink.

This pull request has now been integrated.

Changeset: bf29a011
Author:    Kevin Walls <kevinw at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/bf29a0115cc67ed2926b135b6b6ade5ff5ee84f6
Stats:     9 lines in 2 files changed: 2 ins; 2 del; 5 mod

8228343: JCMD and attach fail to work across Linux Container boundary

Reviewed-by: ysuenaga, sspitsyn

-------------

PR: https://git.openjdk.java.net/jdk/pull/4418