risdenk commented on code in PR #1066:
URL: https://github.com/apache/solr/pull/1066#discussion_r993503930
##########
solr/docker/templates/Dockerfile.body.template:
##########
@@ -45,6 +45,7 @@ ENV SOLR_USER="solr" \
SOLR_PID_DIR=/var/solr \
SOLR_LOGS_DIR=/var/solr/logs \
LOG4J_PROPS=/var/solr/log4j2.xml \
+ SOLR_SERVER_DIR="/opt/solr-${SOLR_VERSION}/server" \
Review Comment:
The gist of the issue is:
default as configured is `/opt/solr/server` - this gets set as `jetty.home`
which gets put in security manager policy to allow/read/write/readlink to
`/opt/solr/server`
Jetty when it starts up tries to read from the canonical location where
start.jar is located. This is not a symlink but
`/opt/solr-10.0.0-SNAPSHOT/server`. I think this is Java saying the current
path is `/opt/solr-10.0.0-SNAPSHOT/server` and not `/opt/solr/server`. When
Jetty then tries to read `start.ini` (an init file for Jetty) from
`/opt/solr-10.0.0-SNAPSHOT/server` - the security manager doesn't see that path
in the security policy - `/opt/solr/server` is there for `jetty.home`. This
causes security manager to deny access and Solr to not start up.
The fix I found is to set `SOLR_SERVER_DIR` to the canonical path
(`/opt/solr-10.0.0-SNAPSHOT/server`) which in turn sets `jetty.home` to that
path which then updates the security policy to the correct path. Solr install
dir and other dirs in the security policy still reference `/opt/solr/...` as
needed. This just ends up being a Jetty canonical path thing it looks like.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
