[Bug 283364] java/openjdk*: Update pkg-message information about fdescfs and procfs

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 24 Dec 2024 17:27:58 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283364

Eirik Oeverby <ltning-freebsd@anduin.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ltning-freebsd@anduin.net

--- Comment #6 from Eirik Oeverby <ltning-freebsd@anduin.net> ---
We've run java5, openjdk6, 7, 8, 11 and now 17 in production for a couple of
decades now and rarely had procfs or fdescfs mounted. The exception was when,
for a while, we had to run a Linux JDK because the FreeBSD port wasn't working
(don't ask me why).

I think the patch (or one like it) makes sense, even before any work has been
done: Suggesting that it is *required* is simply wrong, just like stating that
it is never needed is wrong. Based on our experience, and after getting Xavier
and friends' help to analyse it more, it seems that the sometimes-quoted
"performance reasons" for having these are dubious at best; it either works or
does not. "There is no try." (ba-dum-tssss)

The potential security impact (which I may or may not be imagining) of having
these filesystems mounted in e.g. a locked-down jail running a web application
might be a good enough reason to mention that their presence may be optional.

(Then again, we may already have spent more time discussing this pkg-message
than any benefit of modifying it might end up having :) )

Examples of not being needed:
- Tomcat/jboss/whatnot (though webapps may or may not require it)
- Most standalone Java applications I've tested

Examples of it being needed (seems to frequently have to do with observing the
local system):
- Graylog (otherwise it cannot see if its own inputs are running or not)
- Elasticsearch, Opensearch (varies a bit between versions)
- Logstash
(com.sun.management.internal.OperatingSystemImpl.getCommittedVirtualMemorySize0)

/Eirik

-- 
You are receiving this mail because:
You are the assignee for the bug.