Date: Tue, 24 Dec 2024 17:27:58 +0000 From: bugzilla-noreply@freebsd.org To: java@FreeBSD.org Subject: [Bug 283364] java/openjdk*: Update pkg-message information about fdescfs and procfs Message-ID: <bug-283364-8522-oWW8rSDDci@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-283364-8522@https.bugs.freebsd.org/bugzilla/> References: <bug-283364-8522@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283364 Eirik Oeverby <ltning-freebsd@anduin.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ltning-freebsd@anduin.net --- Comment #6 from Eirik Oeverby <ltning-freebsd@anduin.net> --- We've run java5, openjdk6, 7, 8, 11 and now 17 in production for a couple of decades now and rarely had procfs or fdescfs mounted. The exception was whe= n, for a while, we had to run a Linux JDK because the FreeBSD port wasn't work= ing (don't ask me why). I think the patch (or one like it) makes sense, even before any work has be= en done: Suggesting that it is *required* is simply wrong, just like stating t= hat it is never needed is wrong. Based on our experience, and after getting Xav= ier and friends' help to analyse it more, it seems that the sometimes-quoted "performance reasons" for having these are dubious at best; it either works= or does not. "There is no try." (ba-dum-tssss) The potential security impact (which I may or may not be imagining) of havi= ng these filesystems mounted in e.g. a locked-down jail running a web applicat= ion might be a good enough reason to mention that their presence may be optiona= l. (Then again, we may already have spent more time discussing this pkg-message than any benefit of modifying it might end up having :) ) Examples of not being needed: - Tomcat/jboss/whatnot (though webapps may or may not require it) - Most standalone Java applications I've tested Examples of it being needed (seems to frequently have to do with observing = the local system): - Graylog (otherwise it cannot see if its own inputs are running or not) - Elasticsearch, Opensearch (varies a bit between versions) - Logstash (com.sun.management.internal.OperatingSystemImpl.getCommittedVirtualMemoryS= ize0) /Eirik --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283364-8522-oWW8rSDDci>