Integrated: 8284330: jcmd may not be able to find processes in the container

Yasumasa Suenaga ysuenaga at openjdk.java.net
Sun Apr 10 02:14:44 UTC 2022 

On Tue, 5 Apr 2022 09:04:56 GMT, Yasumasa Suenaga <ysuenaga at openjdk.org> wrote:

> jcmd uses src/jdk.internal.jvmstat/linux/classes/sun/jvmstat/PlatformSupportImpl.java to scan temporary directories to find out processes in the container. It checks inode to ensure the temp directory is not conflicted. However inode maybe same value between the container and others. Thus we should check device id for that case.
> 
> For example I saw following case on [distroless cc-debian11](https://github.com/GoogleContainerTools/distroless/blob/main/cc/README.md) container. I started rescue:jdk19 container with sharing PID namespace. `/proc/1/root/tmp` is different from `/tmp` on rescue:jdk19, but they are same inode value. However we can see the differense in device id.
> 
> 
> $ podman run -it --rm --entrypoint=sh --pid=container:fa39662f7352 rescue:jdk19
> / #
> / # stat /tmp
>   File: /tmp
>   Size: 29              Blocks: 0          IO Block: 4096   directory
> Device: efh/239d        Inode: 135674931   Links: 1
> Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
> Access: 2022-04-05 08:51:37.000000000
> Modify: 2022-04-05 08:51:37.000000000
> Change: 2022-04-05 08:51:37.000000000
> 
> / # stat /proc/1/root/tmp
>   File: /proc/1/root/tmp
>   Size: 29              Blocks: 0          IO Block: 4096   directory
> Device: e1h/225d        Inode: 135674931   Links: 1
> Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
> Access: 2022-04-05 08:51:37.000000000
> Modify: 2022-04-05 08:50:42.000000000
> Change: 2022-04-05 08:50:42.000000000

This pull request has now been integrated.

Changeset: 0b867b5e
Author:    Yasumasa Suenaga <ysuenaga at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/0b867b5e734eede768d9f6402a309208084fd044
Stats:     46 lines in 1 file changed: 26 ins; 10 del; 10 mod

8284330: jcmd may not be able to find processes in the container

Reviewed-by: kevinw, iklam, stuefe

-------------

PR: https://git.openjdk.java.net/jdk/pull/8103

More information about the serviceability-dev mailing list