On Fri, 9 Feb 2024 18:17:58 GMT, Sebastian Lövdahl wrote:
> I'll still fix this. So, I should change the PR title to match JDK-8226919,
> and issue an `/issue remove` command for JDK-8307977, is that correct?
Yes exactly, thanks.
-
PR Comment:
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Alright, sounds good to me. :) Thanks again for taking a look!
> One other thing - JDK-8226919 looks like the original bug for this, logged a
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Marked as reviewed by kevinw (Reviewer).
Hi, looking at it again:
Getting a target's current directory, you have to use /proc/PID/cwd, or you
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Cool. Thanks for the confirmation.
-
PR Comment: https://git.openjdk.org/jdk/pull/17628#issuecomment-1934542288
On Thu, 8 Feb 2024 15:19:23 GMT, Daniel D. Daugherty wrote:
> Will this result in files being left in /tmp that are not cleaned up during
> test runs?
It shouldn't... We do cleanup, VirtualMachineImpl creates the attach file and
deletes it in a finally block.
-
PR Comment:
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Will this result in files being left in /tmp that are not cleaned up during
test runs?
-
PR Comment:
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Thanks, yes that's what I was thinking about.
I tested and think it's a good update to this change.
I tested setting
sudo setcap
On Tue, 6 Feb 2024 17:08:43 GMT, Kevin Walls wrote:
> Does CAP_NET_BIND_SERVICE cause any issues for createAttachFile(int pid, int
> ns_pid) where it creates the .attach file in the current directory - it
> starts by trying "/proc/" + pid + "/cwd/" + ".attach_pid" + ns_pid,
> regardless of
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
Hi,
Yes makes sense, this seems like an oversight that we were not consistent with
the path.
Does CAP_NET_BIND_SERVICE cause any issues for
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
This looks good to me, but would like for somebody from the serviceability
group to look at this as well. @plummercj perhaps?
> _Mailing list
On Wed, 31 Jan 2024 10:01:37 GMT, Severin Gehwolf wrote:
> Thanks! Please make sure that the tests actually ran. If, for example, docker
> is not installed, they get skipped.
Ah, good point. Running the tests did take some amount of time, so it felt like
they did something. And by spamming
On Tue, 30 Jan 2024 13:57:43 GMT, Severin Gehwolf wrote:
>> 8307977: jcmd and jstack broken for target processes running with elevated
>> capabilities
>
> `test/hotspot/jtreg/serviceability` tests would also be worth running.
> Hi @jerboaa, thanks a lot for the hints! The container tests were
On Tue, 30 Jan 2024 17:00:16 GMT, Bernd Eckenfels
wrote:
> Is that actually safe to allow low priveledged user context to attach and
> control to a higher prived? It can at least overwrite files, but probably
> also inject code? On the native level a ptrace(2) would probably not be
>
On Tue, 30 Jan 2024 13:57:43 GMT, Severin Gehwolf wrote:
>> 8307977: jcmd and jstack broken for target processes running with elevated
>> capabilities
>
> `test/hotspot/jtreg/serviceability` tests would also be worth running.
Hi @jerboaa, thanks a lot for the hints! The container tests were
Is that actually safe to allow low priveledged user context to attach and
control to a higher prived? It can at least overwrite files, but probably also
inject code? On the native level a ptrace(2) would probably not be allowed.
Gruß
Bernd
—
https://bernd.eckenfels.net
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
`test/hotspot/jtreg/serviceability` tests would also be worth running.
-
PR Comment:
On Tue, 30 Jan 2024 10:57:09 GMT, Sebastian Lövdahl wrote:
> I have poked around in the JDK sources but not found any tests related to
> this. Is there some prior art to look at?
Please run container tests, which do some jcmd testing across containers (host
system runs `jcmd` and containers
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java line 217:
> 215: // Instead, attach relative to the target root
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated
> capabilities
ping @jerboaa
-
PR Comment: https://git.openjdk.org/jdk/pull/17628#issuecomment-1916676356
19 matches
Mail list logo