Hi, >> 2> at Log4jHotPatch.asmVersion(Log4jHotPatch.java:71)
This coming from Amazon’s Log4Shell hot patch [1], which I believe was deployed by default on many (all?) JVM’s running on Amazon instances. Well… that was almost 2yrs ago, not sure why it’s still showing up in some places now - it should not be needed. In fact, I do remember seeing and reporting this issue back in late 2021. The hot patcher initially used the JDK’s internal ASM library, which is the root cause of the security exception. The hot patcher was subsequently fixed to not do this - it bundles/shades ASM itself. This fix was made in late 2021. I have no idea why the system in question is running an old version of the hot patcher. @Michael, you should probably take a look at that system, maybe it needs some updates or something? -Chris. [1] https://github.com/corretto/hotpatch-for-apache-log4j2/tree/main > On 25 Sep 2023, at 09:22, Uwe Schindler <u...@thetaphi.de> wrote: > > Hi, > > as Lucene does not use Log4j, it is unclear why it wants to patch anything. > The problem in indeed caused by SecurityManager which is enabled for running > Lucene tests. Actually it detects that something tries to access some > internals of ASM, not sure what it exactly does. The "injected" Agent code > must possibly use AccessController#doPrivileged and the security context must > allow patching of classes. > > In short: SecurityManager has done everything it should do: It detected an > illegal access. Mission achieved! You have to report this issue and patch > your tool so it works correctly with SecurityManager. > > Uwe > > Am 24.09.2023 um 23:52 schrieb Michael Sokolov: >> I ran the smoketester and had a failure. It seems related to some >> log4j hot patch script we are required to run at work which is somehow >> conflicting with the security manager? I'm killing that and trying >> again, but I wonder if this is going to cause problems at runtime as >> well? How do we enable the security manager -is it only when running >> tests? >> >> org.apache.lucene.codecs.simpletext.TestSimpleTextPostingsFormat > >> classMethod FAILED >> java.lang.AssertionError: The test or suite printed 15378 bytes to >> stdout and stderr, even though the limit was set to 8192 bytes. >> Increase the limit with @Limit, ignore it >> completely with @SuppressSysoutChecks or run with >> -Dtests.verbose=true >> at __randomizedtesting.SeedInfo.seed([3E554FE0FEE122B9]:0) >> at >> org.apache.lucene.tests.util.TestRuleLimitSysouts.afterIfSuccessful(TestRuleLimitSysouts.java:283) >> at >> com.carrotsearch.randomizedtesting.rules.TestRuleAdapter$1.afterIfSuccessful(TestRuleAdapter.java:36) >> at >> com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:37) >> at >> org.apache.lucene.tests.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53) >> at >> org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43) >> at >> org.apache.lucene.tests.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:44) >> at >> org.apache.lucene.tests.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:60) >> at >> org.apache.lucene.tests.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:47) >> at org.junit.rules.RunRules.evaluate(RunRules.java:20) >> at >> com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36) >> at >> com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390) >> at >> com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:850) >> at java.base/java.lang.Thread.run(Thread.java:829) >> >> org.apache.lucene.codecs.simpletext.TestSimpleTextPostingsFormat > >> test suite's output saved to >> /tmp/smoke_lucene_9.8.0_d914b3722bd5b8ef31ccf7e8ddc638a87fd648db/unpack/lucene-9 >> .8.0/lucene/codecs/build/test-results/test/outputs/OUTPUT-org.apache.lucene.codecs.simpletext.TestSimpleTextPostingsFormat.txt, >> copied below: >> 2> java.lang.reflect.InvocationTargetException >> 2> at >> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native >> Method) >> 2> at >> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> 2> at >> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> 2> at java.base/java.lang.reflect.Method.invoke(Method.java:566) >> 2> at >> java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513) >> 2> at >> java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallAgentmain(InstrumentationImpl.java:535) >> 2> Caused by: java.security.AccessControlException: access denied >> ("java.lang.RuntimePermission" >> "accessClassInPackage.jdk.internal.org.objectweb.asm") >> 2> at >> java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) >> 2> at >> java.base/java.security.AccessController.checkPermission(AccessController.java:897) >> 2> at >> java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) >> 2> at >> java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) >> 2> at >> java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:174) >> 2> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:527) >> 2> at Log4jHotPatch.asmVersion(Log4jHotPatch.java:71) >> 2> at Log4jHotPatch.agentmain(Log4jHotPatch.java:93) >> 2> ... 6 more >> >> On Sat, Sep 23, 2023 at 12:46 PM Jan Høydahl <jan....@cominvent.com> wrote: >>> Smoke tester only >>> >>> SUCCESS! [1:22:37.441415] >>> >>> +1 (binding) >>> >>> Jan >>> >>> 22. sep. 2023 kl. 07:48 skrev Patrick Zhai <zhai7...@gmail.com>: >>> >>> Please vote for release candidate 1 for Lucene 9.8.0 >>> >>> The artifacts can be downloaded from: >>> https://dist.apache.org/repos/dist/dev/lucene/lucene-9.8.0-RC1-rev-d914b3722bd5b8ef31ccf7e8ddc638a87fd648db >>> >>> You can run the smoke tester directly with this command: >>> >>> python3 -u dev-tools/scripts/smokeTestRelease.py \ >>> https://dist.apache.org/repos/dist/dev/lucene/lucene-9.8.0-RC1-rev-d914b3722bd5b8ef31ccf7e8ddc638a87fd648db >>> >>> The vote will be open for at least 72 hours, as there's a weekend, the vote >>> will last until 2023-09-27 06:00 UTC. >>> >>> [ ] +1 approve >>> [ ] +0 no opinion >>> [ ] -1 disapprove (and reason why) >>> >>> Here is my +1 (non-binding) >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org >> For additional commands, e-mail: dev-h...@lucene.apache.org >> > -- > Uwe Schindler > Achterdiek 19, D-28357 Bremen > https://www.thetaphi.de > eMail: u...@thetaphi.de > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org > For additional commands, e-mail: dev-h...@lucene.apache.org >
