JDK-8343769 : Using nsenter in a sidecar container to enter the main application container can cause mismatch
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 8
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2024-10-28
  • Updated: 2024-11-28
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
JDK-8227122 - [TESTBUG] Create Docker sidecar test cases
Description
A DESCRIPTION OF THE PROBLEM :
If nsenter -a -t <pid> is used in a sidecar container, it can cause a mismatch between /proc/self/cgroup and /proc/self/mountinfo (with the latter's path becoming that of the main application container). This mismatch results in a failure to parse the cgroup configuration. Got:

:/test$ java -XX:+UnlockDiagnosticVMOptions -XX:+PrintContainerInfo Test
OSContainer::init: Initializing Container Support
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
OSContainer::active_processor_count: 128
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
OSContainer::active_processor_count: 128
subsystem_file_contents: subsystem path is NULL
container memory limit failed: -2, using host value
subsystem_file_contents: subsystem path is NULL
container memory limit failed: -2, using host value
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
OSContainer::active_processor_count: 128
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
OSContainer::active_processor_count: 128
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
subsystem_file_contents: subsystem path is NULL
OSContainer::active_processor_count: 128

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
exec `nsenter -a -t <pid>` in a sidecar, then exec java applications.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Got correct processor count which limit by cgroup.
ACTUAL -
Got host machine's processor count 

---------- BEGIN SOURCE ----------
Any java application.
---------- END SOURCE ----------

FREQUENCY : always
Comments
Mailed submitter ============= Hello . Regarding the issue reported "mismatch results in a failure to parse the cgroup configuration”. Provide below info 1.Is the sidecar container part of Kubernetes /Docker? 2.From the sidecar container share output of $nproc $lscpu 3.Provide sample used TEST and detailed steps to reproduce the issue 4.Share the output when referred as "mismatch results in a failure to parse the cgroup configuration" Thanks
30-10-2024