On Sun, 29 Sep 2024 06:23:34 GMT, Sebastian Lövdahl <[email protected]> wrote:
>> 8327114: Attach in Linux may have wrong behaviour when pid == ns_pid
>> (Kubernetes debug container)
>
> Sebastian Lövdahl has updated the pull request with a new target base due to
> a merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the merge/rebase. The pull request contains eight additional
> commits since the last revision:
>
> - Merge remote-tracking branch 'upstream/master' into
> 8327114-attach-from-container-to-container
> - Clarify PID 1 check with comment
> - Adapt code style
> - Add test for the elevated privileges case
> - Remove unused `SELF_PID_NS`
> - Rewrite in line with suggestion from Larry Cable
> - Reworked attach logic
> - 8327114: Attach in Linux may have wrong behaviour when pid == ns_pid
> (Kubernetes debug container)
I believe we need to wrap the readlink() in an AccessController.doPrivileged()
block ... something like this:
`
try {
targetMountNS = AccessController.doPrivileged(
(PrivilegedExceptionAction<Optional<Path>>) () ->
Optional.ofNullable(Files.readSymbolicLink(procPidPath.resolve(NS_MNT)))
);
} catch (PrivilegedActionException _) {
// ...
}
`
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19055#issuecomment-2386973409
