magibney commented on a change in pull request #304:
URL: https://github.com/apache/solr/pull/304#discussion_r717003635
##########
File path: gradle/testing/randomization/policies/solr-tests.policy
##########
@@ -226,4 +226,8 @@ grant {
permission java.io.FilePermission "${gradle.worker.jar}", "read";
// Allow reading from classpath JARs (resources).
permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
+ // Allow reading from local Lucene development repository, if used.
+ permission java.io.FilePermission "${lucene-dev-repo.dir}${/}-", "read";
+ // Allow reading jars from mavenLocal repository
+ permission java.io.FilePermission
"${user.home}${/}.m2${/}repository${/}org${/}apache${/}lucene${/}-", "read";
Review comment:
I'm all for simplicity, and certainly defer to you wrt security policy
stuff. I guess I was reading the purpose of the security policy file as: to
keep things as locked-down as possible to avoid any local filesystem
dependencies that aren't explicitly declared. Either way, as I mentioned I
agree this is unlikely to present a practical problem. Maybe a note about
why/when this access is needed then? (another benefit of setting a property
specific to the permission is to give a clue that can be used to trace the
purpose of the permission without resorting to `git blame`, etc. ...)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
