I don't see why we should disallow running MAT as root by default. I have run MAT as root in some cases out of convenience (e.g. Docker containers). Yes, there is additional security exposure, but users are aware of that when running as
root. If a user wants to limit running as root for the security risk, they can add -protect root.
I'm not sure, but it seems to me bug 578945 is a misunderstanding of Eclipse. The bug repoter wrote:
> it's a bug if I run something as one user and then try to run it as another and it fails mysteriously. I think a better design is needed, especially on multi-user systems. It shouldn't be that one run by one user ruins it for everyone
else.
I believe one should not run with the same -data and -Dosgi.configuration.area directories using different users. For example, for our shared MAT installation used by IBM Support (which happens to be Windows Citrix but the same concept
applies to Linux), we use a batch script that sets per-user directories. Snippet (this is for J9 Java thus the -Xshareclasses option):
@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
set "programdir=%cd%"
set "workdir=%APPDATA%"
"%programdir%\eclipsec.exe" -data "!workdir!\MAT\data" -consoleLog -vmargs -Xms1g -Xmx32g "-Dosgi.configuration.area=!workdir!\MAT\osgi" "-Djava.io.tmpdir=!workdir!\MAT\tmp" "-Xshareclasses:name=mat,cacheDir=!workdir!\MAT\sharedclasses"
--add-exports=java.base/jdk.internal.module=ALL-UNNAMED
Kevin Grigorenko
IBM App Platform SWAT
From:
mat-dev <mat-dev-bounces@xxxxxxxxxxx> on behalf of Andrew Johnson <andrew_johnson@xxxxxxxxxx>
Date: Monday, April 25, 2022 at 12:14 PM
To: Memory Analyzer Dev list <mat-dev@xxxxxxxxxxx>
Subject: [EXTERNAL] Re: [mat-dev] Next release of Memory Analyzer for Eclipse 2022-06 - help wanted
I have fixed the CI build problem with Bug 579734: Update MAT version to 1.13.0 https://bugs.eclipse.org/bugs/show_bug.cgi?id=579734 The problem was having multiple
product files in the same directory with different version numbers. Thank you,
This Message Is From an External Sender
|
This message came from outside your organization.
|
|
|
I have fixed the CI build problem with Bug 579734: Update MAT version to 1.13.0
https://bugs.eclipse.org/bugs/show_bug.cgi?id=579734
The problem was having multiple product files in the same directory with different version numbers. Thank you, Jason, for looking into it – details of the fix are in the bug.
For Bug 578945 Running as root corrupts configuration directory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=578945 should we set an option to stop MAT running as root? Does anyone run MAT as root? If so, why? One possible reason is to acquire heap dumps
from any process on the system but perhaps it would be better to see if the acquire dumps using jps/jmap/jcmd or a helper VM could run as root instead. It seems a bit risky to run a large, long running application such as MAT as root.
Andrew Johnson
IBM
IBM United Kingdom Limited
Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU