rmuir commented on a change in pull request #1082: SOLR-13984: add 
(experimental, disabled by default) security manager support
URL: https://github.com/apache/lucene-solr/pull/1082#discussion_r360654988
 
 

 ##########
 File path: solr/bin/solr
 ##########
 @@ -2071,6 +2071,17 @@ else
   REMOTE_JMX_OPTS=()
 fi
 
+# Enable java security manager (limiting filesystem access and other things)
+# Don't cache DNS lookups forever, set the value back to the original JDK 
default.
+if [ "$SOLR_SECURITY_MANAGER_ENABLED" == "true" ]; then
+  SECURITY_MANAGER_OPTS=('-Djava.security.manager' \
+    "-Djava.security.policy=${SOLR_SERVER_DIR}/etc/security.policy" \
+    '-Dsun.net.inetaddr.ttl=30' \
 
 Review comment:
   @shalinmangar i added a commit with a custom `java.security.properties` 
file, to override this via the `networkaddress.cache.ttl`, setting it back to 
the default of 30 (same as when no security manager is active). It does the 
same thing as before, just in a more roundabout way...
   
   If users want to mess with java security properties, they must edit java 
security properties files either way: no variables can be supported since they 
are not system properties and can't be set with `-D`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to