Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12630
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Vladimir Petko <vladimir.petko@canonical.com> |
| Newsgroups | linux.debian.bugs.dist, linux.debian.maint.java |
| Subject | Bug#1034392: Acknowledgement (tomcat9: jstack/jcmd broken for non-root users with tomcat9+jdk11 or greater) |
| Date | Wed, 19 Apr 2023 23:10:01 +0200 |
| Message-ID | <GmndT-39D9-15@gated-at.bofh.it> (permalink) |
| References | <GklpT-1UXM-1@gated-at.bofh.it> <Gmaql-321L-3@gated-at.bofh.it> <Gmaql-321L-5@gated-at.bofh.it> <Gmaql-321L-1@gated-at.bofh.it> <GmndT-39D9-17@gated-at.bofh.it> <GklpT-1UXM-1@gated-at.bofh.it> <GmndT-39D9-17@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-bugs-dist-request@lists.debian.org Wed Apr 19 21:06:15 2023 |
| Old-Return-Path | <debbugs@buxtehude.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -3.75 |
| Reply-To | Vladimir Petko <vladimir.petko@canonical.com>, 1034392@bugs.debian.org |
| Resent-To | debian-bugs-dist@lists.debian.org |
| Resent-Cc | Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> |
| X-Debian-Pr-Message | followup 1034392 |
| X-Debian-Pr-Package | tomcat9 |
| X-Debian-Pr-Source | tomcat9 |
| X-Gm-Message-State | AAQBX9cMy6nXWnKYflj82/qEexP3Ln9PUE+7UKfWUV3+jUM7zxEvYwG5 RlLe8Kz5dIF+w744ITfwYdC8IT5AQoXMJdhaG5YhjCB3GQoFv/lghqHjpTvumLQSL2oVuiUw+V1 lTFueMGbu3MUBTLws4RRrEpJ4RvrTvkK/sVONvto/DFy3dMy3Ong= |
| X-Received | by 2002:a81:18b:0:b0:54f:8a61:d859 with SMTP id 133-20020a81018b000000b0054f8a61d859mr9292502ywb.5.1681938228954; Wed, 19 Apr 2023 14:03:48 -0700 (PDT) |
| X-Google-SMTP-Source | AKy350YdoRdcV2BbuFsj80hSdeAwNW4UCQXCR7+Q4omEa60GtwKxZX52IRpvafur/ztmqdxQhKGFKpHSP2DGIFhuu4c= |
| X-Received | by 2002:a81:18b:0:b0:54f:8a61:d859 with SMTP id 133-20020a81018b000000b0054f8a61d859mr9292478ywb.5.1681938228630; Wed, 19 Apr 2023 14:03:48 -0700 (PDT) |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Content-Transfer-Encoding | quoted-printable |
| X-Debian-Message | from BTS |
| X-Mailing-List | <debian-bugs-dist@lists.debian.org> archive/latest/1768415 |
| List-ID | <debian-bugs-dist.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-bugs-dist/> |
| Approved | robomod@news.nic.it |
| Lines | 70 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | Thorsten Glaser <t.glaser@tarent.de>, 1034392@bugs.debian.org, debian-java@lists.debian.org, 1034600@bugs.debian.org, 1034601@bugs.debian.org |
| X-Original-Date | Thu, 20 Apr 2023 09:03:37 +1200 |
| X-Original-Message-ID | <CALFf3kex8or0x5VxvkHAWUo6VDt3+WcVVA=g7hNjTOv9gFWD9g@mail.gmail.com> |
| X-Original-References | <168145387946.21499.3939755694338228796.reportbug@plundberg-hiboxcentre.hibox.fi> <handler.1034392.B.16814542953055940.ack@bugs.debian.org> <0b2f313a-8827-ab9e-96eb-4b19e502e68a@hibox.tv> <825ddc43-d5d9-9382-4d2b-813f43c444dd@tarent.de> <392bdb16-4674-408f-6b16-b39169d39513@hibox.tv> <168145387946.21499.3939755694338228796.reportbug@plundberg-hiboxcentre.hibox.fi> <392bdb16-4674-408f-6b16-b39169d39513@hibox.tv> |
| Xref | csiph.com linux.debian.bugs.dist:1144432 linux.debian.maint.java:12630 |
Cross-posted to 2 groups.
Show key headers only | View raw
Hi, Oh, thank you for providing a patch for a quite annoying bug!!!! Would it be possible to add a header to the patch, so that it is possible to see where it came from and why, e.g. -----------------------------------cut-------------------------------------------------------------------------- Description: attach in linux hangs due to permission denied accessing /proc/pid/root The attach API uses /proc/pid/root in order to support containers. Dereferencing this symlink is governed by ptrace access mode PTRACE_MODE_READ_FSCREDS which may not succeed when running as the user running the JRE. This breaks running jcmd and jmap as the same user the JVM is running as. Use tmpdir when pid matches ns_pid. Author: Sebastian Lovdahl <sebastian.lovdahl@hibox.tv> Bug: https://bugs.openjdk.org/browse/JDK-8226919 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034601 Last-Update: 2023-04-18 -----------------------------------cut-------------------------------------------------------------------------- Best Regards, Vladimir. On Wed, Apr 19, 2023 at 9:57 PM Per Lundberg <per.lundberg@hibox.tv> wrote: > > On 2023-04-19 10:22, Thorsten Glaser wrote: > > On Tue, 18 Apr 2023, Per Lundberg wrote: > > > >> wanted to share it with you as well. One option would be to include this in > >> Debian's set of local JDK patches > > > > Shouldn’t this be added to 11 as well? Apparently, both are affected. > > Good point. Yes, it should. > > > The OpenJDK (except for 8 which the ELTS people and I mostly work on) > > is not maintained by the debian-java people but by Doko. > > Hmm... who/what are Doko? > > > The usual way to hope for inclusion is to clone the bugreport, assign > > one to src:openjdk-11 and the other to src:openjdk-17, mail the patch > > with a description, add the tag patch and pray. > > Thanks for the detailed description! I have done exactly that now. Here > are the new bugs (added to the Cc line as well): > > - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034600 > - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034601 > > To those reading this who might not have the context: the patch attached > to the previous message in this thread fixes an issue with jstack/cmd > and similar tools not being able to connect to processes with Linux > capabilities added to them, when the processes are running as non-root. > This is a regression in the JDK: > https://bugs.openjdk.org/browse/JDK-8226919 > > The patch has been successfully tested on JDK 17 and works fine, > according to our testing. No guarantees are given as to whether it works > on JDK 11, but as long as it applies cleanly, it "should" be fine. > > Best regards, > Per >
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Find similar
Bug#1034392: Acknowledgement (tomcat9: jstack/jcmd broken for non-root users with tomcat9+jdk11 or greater) Thorsten Glaser <t.glaser@tarent.de> - 2023-04-19 09:40 +0200 Bug#1034392: Acknowledgement (tomcat9: jstack/jcmd broken for non-root users with tomcat9+jdk11 or greater) Vladimir Petko <vladimir.petko@canonical.com> - 2023-04-19 23:10 +0200
csiph-web