On Wed, 22 Dec 2021 21:41:13 GMT, Mandy Chung wrote:
>> Remove the use of Security Manager from jstatd.
>> Add use of an ObjectInputFilter to restrict RMI.
>>
>> Also we can undo the property-setting Launcher.gmk change from: 8279007:
>> jstatd fails to start because SecurityManager is disabled
Hi -
The file is "/proc/1974261/root/tmp/.java_pid1974261", so is that a JVM in a
container, and is the group of the file in the container unknown to the host?
( so -1 is"nogroup")
-Original Message-
From: serviceability-dev On Behalf
Of Serguei Spitsyn
Sent: 07 January 2022 18:25
On Wed, 22 Dec 2021 18:14:43 GMT, Kevin Walls wrote:
> Remove the use of Security Manager from jstatd.
> Add use of an ObjectInputFilter to restrict RMI.
>
> Also we can undo the property-setting Launcher.gmk change from: 8279007:
> jstatd fails to start because SecurityManager is disabled
> ..
Hi,
Just some addition to the below comment.
The man page also has this:
RATIONALE top
In a conforming environment, getegid() will always succeed. It is
possible for implementations to provide an extension where a
process in a non-conforming environment will not be a
Hi, the manpage of getegid
https://man7.org/linux/man-pages/man3/getegid.3p.html
says : " The getegid() function shall always be successful and no return
value is reserved to indicate an error."
So I am not sure what kind of additional check or error message you would
expect ?
> In this
* stuart nelson:
> The reason getegid() returns -1 is because it wasn't in my allowed
> syscalls list for seccomp, so EPERM (-1) was returned instead.
Surely that's a broken seccomp filter. Such fundamental system calls
really cannot be filtered.
Thanks,
Florian
