On Tue, 8 Jun 2021 20:44:46 GMT, Kevin Walls <[email protected]> wrote:
> Since 8214300, jcmd cannot attach to a Java process in a docker container. > > That change started using a canonicalized File to create the .attach_pidXXX > file. For a target process in a container, it will follow a symlink that is > likely not the same as for the target process. e.g. follow a symlink to a > cwd of / which is not the same directory for the container host, as it is > within the container. Containerized VM never sees the file, never creates > the socket file, the attach times out and fails. > > To keep the 8214300 change working for non-container situations, we can keep > a canonical version of the attach File to use for deleting. > > For containers there will remain the problem 8214300 describes, although it > is unlikely: if you start the attach to a containerized VM, and it then > exits, we can't delete the .attach_pidXXX file. Neither the /proc/PID/cwd or > canonical form are any use. > > (Possibly leaving a .attach_pidXXX file if the target dies in that small > window is better than the current situation.) > > Here I'm suggesting the same change on AIX, although I can't build/test that. > I'm expecting it has the same problem, as /proc/pid/cwd is still a symlink. Can we use `/proc/<PID>/root`? According to [manpage](https://man7.org/linux/man-pages/man5/proc.5.html), I think we can access `/` in the container for sure. This directory is used in `findSocketFile()`. If it can't be used, you might have to change it too. ------------- PR: https://git.openjdk.java.net/jdk/pull/4418
