On 5/3/24 10:43 AM, jdoylei wrote:
On Thu, 2 May 2024 10:13:51 GMT, Sebastian Lövdahl <d...@openjdk.org> wrote:
8327114: Attach in Linux may have wrong behaviour when pid == ns_pid
(Kubernetes debug container)
I think it boils down to the same reason as why the fix for JDK-8226919 was needed in
the first place - a non-root user cannot read the symlinks in `/proc/<pid>/ns`
for a process running with more privileges even though it's run by the same non-root
user.
@slovdahl - In that test case (target JVM process has more privileges), where is the
attach file created? Does jcmd end up writing it to `/tmp`? Or does
`/proc/<pid>/cwd` work? Just curious whether the elevated-privileges scenario
affects the attach file and socket file locations equally.
note that the use of 'cwd' is a historical artifact, while the
.attach_<pid> file can be written to 'cwd' the actual attach socket file
.java_<pid> is always written to /tmp
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19055#issuecomment-2093481534
