Hi Daniil,
I'm not sure I can accept on face-value the proposition that root "must
be allowed to access all VM processes". I can see it may be convenient
in some cases. But is it really necessary? Is it always desirable? I'd
like to know what a sys admin might think of this. :)
Further root can always "su" to another user and run jcmd that way.
Cheers,
David
On 24/05/2018 11:11 AM, Daniil Titov wrote:
Please review the changes that fix JDK-8197387.
There are 2 problems here:
1. JVM ignores .attach_pid<pid> file if it is owned by the user different from
the one that owns this JVM process
2. jcmd checks that .java_pid<pid> socket is owned by the same user that runs
jcmd and reports an error otherwise
The fix relaxes these checks to allow jcmd started by "root" (UID = 0) access
JVMs started by another users.
Bug: https://bugs.openjdk.java.net/browse/JDK-8197387
Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.01/
Best regards,
Daniil
