[
https://issues.apache.org/jira/browse/FLINK-21306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17279754#comment-17279754
]
Piotr Nowojski commented on FLINK-21306:
----------------------------------------
I would like to clarify here. This ticket is about a concern, that some Flink
(non-user) `System.exit()` calls could be incorrectly ignored. Example of such
case might be all code paths leading to {{FatalExitExceptionHandler}}, for
example via {{FutureUtils#assertNoException}}. It is just a safety net, that's
used to handle very very unexpected bugs in Flink itself, as normally all kind
of errors/exceptions should be handled more gracefully. Which is for example
used in {{CheckpointedInputGate#waitForPriorityEvents}}. However bugs can
happen, and if {{FutureUtils#assertNoException}} is triggered, it should never
be ignored, regardless of the {{FlinkSecurityManager}} configuration.
> FlinkSecurityManager might avoid fatal system exits
> ---------------------------------------------------
>
> Key: FLINK-21306
> URL: https://issues.apache.org/jira/browse/FLINK-21306
> Project: Flink
> Issue Type: Bug
> Components: Runtime / Task
> Affects Versions: 1.13.0
> Reporter: Robert Metzger
> Priority: Critical
>
> In FLINK-15156, we introduced a feature that allows users to log or
> completely disable calls to System.exit().
> This feature is enabled for certain threads / code sections intended to
> execute user-code.
> However, some user code calls might still lead to fatal errors, which we want
> to handle by killing the Flink process.
> It is likely that this new change (which is disabled by default) can lead to
> a situation where Flink should exit immediately, but it doesn't (thus leaving
> the system in an inconsistent state)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
