rmuir commented on a change in pull request #1082: SOLR-13984: add (experimental, disabled by default) security manager support URL: https://github.com/apache/lucene-solr/pull/1082#discussion_r360654988
########## File path: solr/bin/solr ########## @@ -2071,6 +2071,17 @@ else REMOTE_JMX_OPTS=() fi +# Enable java security manager (limiting filesystem access and other things) +# Don't cache DNS lookups forever, set the value back to the original JDK default. +if [ "$SOLR_SECURITY_MANAGER_ENABLED" == "true" ]; then + SECURITY_MANAGER_OPTS=('-Djava.security.manager' \ + "-Djava.security.policy=${SOLR_SERVER_DIR}/etc/security.policy" \ + '-Dsun.net.inetaddr.ttl=30' \ Review comment: @shalinmangar i added a commit with a custom `java.security.properties` file, to override this via the `networkaddress.cache.ttl`, setting it back to the default of 30 (same as when no security manager is active). It does the same thing as before, just in a more roundabout way... If users want to mess with java security properties, they must edit java security properties files either way: no variables can be supported since they are not system properties and can't be set with `-D`. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org