Last active
March 21, 2025 20:08
-
-
Save gabrieljones/48644ace473fd6f5e9e03a5772938713 to your computer and use it in GitHub Desktop.
java heap dump of a java process running in a container without a shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker run --pid container:<target-docker-container-name> \ | |
| --network container:<target-docker-container-name> \ | |
| --rm \ | |
| --entrypoint "/opt/java/openjdk/bin/jcmd" \ | |
| --user 65532:65532 \ | |
| dockerproxy.aexp.com/eclipse-temurin:17 1 GC.heap_dump <some directory the target process can write to>/heap.hprof | |
| # jcmd is not writing the file, it is merely sending a request to the target process to write the heap dump, the target process needs read write perms the file argument: <some directory the target process can write to>/heap.hprof | |
| # 65532 is the user id of distroless/java :nonroot images | |
| # 1 is the pid of the java process running in the distroless/java container |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment