# Why OpenJDK wants devfs and procfs mounted?



## obsigna (Sep 7, 2015)

After installing java/openjdk8 the following message pops up:

```
======================================================================

This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and
procfs(5) mounted on /proc.

If you have not done it yet, please do the following:

    mount -t fdescfs fdesc /dev/fd
    mount -t procfs proc /proc

To make it permanent, you need the following lines in /etc/fstab:

    fdesc   /dev/fd      fdescfs       rw    0    0
    proc    /proc        procfs        rw    0    0

======================================================================
```
I can understand what fdescfs(5) and procfs(5) do. What I can't understand, for what purpose Java wants to have access to all file descriptors on my machine and the complete process table information of a running system. I do not want to give Java (which got a security history) this access, before I exactly know the purpose. I searched the internet, and I see only people telling that this is necessary, but no reason why.

I installed games/minecraft-server for my son and his friends, and it works well without said mounts. In a month there were a dozen of crashes, though. However, the crash reports tell nothing about java is missing said file systems.

Please, can somebody give me a good technical reason (other than everybody do this) on why I should mount fdesc and proc.


----------



## kpa (Sep 7, 2015)

The access to device nodes and /proc/* is still controlled by the standard permissions so using them isn't giving any more information than could be gathered with ps(1), procstat(1) etc. utilities and the underlying programming APIs. The only reason why the Java port requires them is that the developers haven't bothered to use FreeBSD specific ways to gather that information but resort to the more commonly used procfs(5) and fdescfs(5) filesystems.


----------



## obsigna (Sep 7, 2015)

OK, games/minecraft-server is started with user/group mcserver which of course restricts quite a lot what Java can do. However, it is still not clear for me what Java wants to do with the file descriptors and the processes table. Anyway, this Java here runs without fdesc and proc mounted, and I will leave it like this until I see in a crash log with my own eyes, that Java went south because of the missing mounts.


----------

