RFR: 8327114: Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container)
jdoylei
duke at openjdk.org
Fri May 3 17:43:52 UTC 2024
On Thu, 2 May 2024 10:13:51 GMT, Sebastian Lövdahl <duke at openjdk.org> wrote:
> 8327114: Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container)
> I think it boils down to the same reason as why the fix for JDK-8226919 was needed in the first place - a non-root user cannot read the symlinks in `/proc/<pid>/ns` for a process running with more privileges even though it's run by the same non-root user.
@slovdahl - In that test case (target JVM process has more privileges), where is the attach file created? Does jcmd end up writing it to `/tmp`? Or does `/proc/<pid>/cwd` work? Just curious whether the elevated-privileges scenario affects the attach file and socket file locations equally.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19055#issuecomment-2093481534
More information about the serviceability-dev
mailing list