On 19/07/2019 16:21, Claes Redestad wrote:
On 2019-07-19 17:07, Severin Gehwolf wrote:
Do you have objections, to go with that, Claes?
http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8228434/01/webrev/
While I think the privilegedGetProperty alternative would work just
fine regardless of security settings, I don't object to this if you're
more comfortable with it.
privilegedGetProperty will work for the Sockets test because its policy
file allows the test lib classes to read all properties:
grant codeBase "file:${test.classes}/../../../../test/lib/-" {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "/etc/release", "read";
permission java.io.FilePermission "<<ALL FILES>>", "execute";
};
There might be other tests with policy files where this is not the case.
Severin - how about a combination of the two approaches, meaning add
Docker.DOCKER_COMMAND as per the first version but use
privilegedGetProperty to read the value. That way only container tests
using a SM and their own policy files will need to grant the permission
to read this property.
-Alan
