On Tue, 5 Apr 2022 09:04:56 GMT, Yasumasa Suenaga <ysuen...@openjdk.org> wrote:
> jcmd uses > src/jdk.internal.jvmstat/linux/classes/sun/jvmstat/PlatformSupportImpl.java > to scan temporary directories to find out processes in the container. It > checks inode to ensure the temp directory is not conflicted. However inode > maybe same value between the container and others. Thus we should check > device id for that case. > > For example I saw following case on [distroless > cc-debian11](https://github.com/GoogleContainerTools/distroless/blob/main/cc/README.md) > container. I started rescue:jdk19 container with sharing PID namespace. > `/proc/1/root/tmp` is different from `/tmp` on rescue:jdk19, but they are > same inode value. However we can see the differense in device id. > > > $ podman run -it --rm --entrypoint=sh --pid=container:fa39662f7352 > rescue:jdk19 > / # > / # stat /tmp > File: /tmp > Size: 29 Blocks: 0 IO Block: 4096 directory > Device: efh/239d Inode: 135674931 Links: 1 > Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root) > Access: 2022-04-05 08:51:37.000000000 > Modify: 2022-04-05 08:51:37.000000000 > Change: 2022-04-05 08:51:37.000000000 > > / # stat /proc/1/root/tmp > File: /proc/1/root/tmp > Size: 29 Blocks: 0 IO Block: 4096 directory > Device: e1h/225d Inode: 135674931 Links: 1 > Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root) > Access: 2022-04-05 08:51:37.000000000 > Modify: 2022-04-05 08:50:42.000000000 > Change: 2022-04-05 08:50:42.000000000 This pull request has now been integrated. Changeset: 0b867b5e Author: Yasumasa Suenaga <ysuen...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/0b867b5e734eede768d9f6402a309208084fd044 Stats: 46 lines in 1 file changed: 26 ins; 10 del; 10 mod 8284330: jcmd may not be able to find processes in the container Reviewed-by: kevinw, iklam, stuefe ------------- PR: https://git.openjdk.java.net/jdk/pull/8103
