[ https://issues.apache.org/jira/browse/FLINK-21306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17279754#comment-17279754 ]
Piotr Nowojski commented on FLINK-21306: ---------------------------------------- I would like to clarify here. This ticket is about a concern, that some Flink (non-user) `System.exit()` calls could be incorrectly ignored. Example of such case might be all code paths leading to {{FatalExitExceptionHandler}}, for example via {{FutureUtils#assertNoException}}. It is just a safety net, that's used to handle very very unexpected bugs in Flink itself, as normally all kind of errors/exceptions should be handled more gracefully. Which is for example used in {{CheckpointedInputGate#waitForPriorityEvents}}. However bugs can happen, and if {{FutureUtils#assertNoException}} is triggered, it should never be ignored, regardless of the {{FlinkSecurityManager}} configuration. > FlinkSecurityManager might avoid fatal system exits > --------------------------------------------------- > > Key: FLINK-21306 > URL: https://issues.apache.org/jira/browse/FLINK-21306 > Project: Flink > Issue Type: Bug > Components: Runtime / Task > Affects Versions: 1.13.0 > Reporter: Robert Metzger > Priority: Critical > > In FLINK-15156, we introduced a feature that allows users to log or > completely disable calls to System.exit(). > This feature is enabled for certain threads / code sections intended to > execute user-code. > However, some user code calls might still lead to fatal errors, which we want > to handle by killing the Flink process. > It is likely that this new change (which is disabled by default) can lead to > a situation where Flink should exit immediately, but it doesn't (thus leaving > the system in an inconsistent state) -- This message was sent by Atlassian Jira (v8.3.4#803005)