[
https://issues.apache.org/jira/browse/LUCENE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14341859#comment-14341859
]
Dawid Weiss commented on LUCENE-6238:
-------------------------------------
I've applied the required changes to not fail on forbidden getProperties
access. I don't think it is a solvable problem though. Certain properties get
set by the Java runtime (and we do want pristine environment from test to
test!). For example, after I switched to:
{code}
// read access to all system properties:
permission java.util.PropertyPermission "*", "read";
{code}
I get this exception:
{code}
> Throwable #1: java.security.AccessControlException: access denied
("java.util.PropertyPermission" "user.language" "write")
> at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
> at
java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.util.Locale.setDefault(Locale.java:974)
> at java.util.Locale.setDefault(Locale.java:933)
> at
org.apache.lucene.util.TestRuleSetupAndRestoreClassEnv.before(TestRuleSetupAndRestoreClassEnv.java:225)
...
{code}
This is a by-product of setting the default locale -- it sets {{user.language}}
(similar thing happens to time zones). Note that granting write permission to
Java's runtime doesn't solve the problem of resetting this property from test
to test (since in general we don't know which properties are set by the runtime
and when).
I don't have any idea how to give read-only access to properties and be able to
isolate test cases from each other at the same time.
> minimize tests.policy
> ---------------------
>
> Key: LUCENE-6238
> URL: https://issues.apache.org/jira/browse/LUCENE-6238
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Robert Muir
> Fix For: Trunk, 5.1
>
> Attachments: LUCENE-6238-mmap.patch, LUCENE-6238.patch,
> LUCENE-6238.patch
>
>
> This is overly permissive:
> {noformat}
> // Basic permissions needed for Lucene to work:
> permission java.util.PropertyPermission "*", "read,write";
> permission java.lang.reflect.ReflectPermission "*";
> permission java.lang.RuntimePermission "*";
> {noformat}
> Because of various BS like unsafe-hacks (only mmap seems to do it properly),
> this means effectively you cannot use lucene with SM today, without allowing
> SM itself to just be disabled with reflection.
> This is easy to fix.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
