On Tue, 8 Jun 2021 20:44:46 GMT, Kevin Walls <kev...@openjdk.org> wrote:
> Since 8214300, jcmd cannot attach to a Java process in a docker container. > > That change started using a canonicalized File to create the .attach_pidXXX > file. For a target process in a container, it will follow a symlink that is > likely not the same as for the target process. e.g. follow a symlink to a > cwd of / which is not the same directory for the container host, as it is > within the container. Containerized VM never sees the file, never creates > the socket file, the attach times out and fails. > > To keep the 8214300 change working for non-container situations, we can keep > a canonical version of the attach File to use for deleting. > > For containers there will remain the problem 8214300 describes, although it > is unlikely: if you start the attach to a containerized VM, and it then > exits, we can't delete the .attach_pidXXX file. Neither the /proc/PID/cwd or > canonical form are any use. > > (Possibly leaving a .attach_pidXXX file if the target dies in that small > window is better than the current situation.) > > Here I'm suggesting the same change on AIX, although I can't build/test that. > I'm expecting it has the same problem, as /proc/pid/cwd is still a symlink. This pull request has now been integrated. Changeset: bf29a011 Author: Kevin Walls <kev...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/bf29a0115cc67ed2926b135b6b6ade5ff5ee84f6 Stats: 9 lines in 2 files changed: 2 ins; 2 del; 5 mod 8228343: JCMD and attach fail to work across Linux Container boundary Reviewed-by: ysuenaga, sspitsyn ------------- PR: https://git.openjdk.java.net/jdk/pull/4418
