risdenk commented on code in PR #1066: URL: https://github.com/apache/solr/pull/1066#discussion_r993539100
########## solr/docker/templates/Dockerfile.body.template: ########## @@ -45,6 +45,7 @@ ENV SOLR_USER="solr" \ SOLR_PID_DIR=/var/solr \ SOLR_LOGS_DIR=/var/solr/logs \ LOG4J_PROPS=/var/solr/log4j2.xml \ + SOLR_SERVER_DIR="/opt/solr-${SOLR_VERSION}/server" \ Review Comment: Java understands symlinks - but only if that was the requested path I think. Jetty seems to explicitly request the canonical path. ``` permission java.io.FilePermission "/opt/solr-*", "read,write,delete,readlink"; permission java.io.FilePermission "/opt/solr-*${/}-", "read,write,delete,readlink"; ``` this just ends up hardcoding a path. Very few paths should be hardcoded in the security policy. Most are passed in as system properties. another way to do it would be to find a way to expand the symlink in bash and pass it in as another property to the security policy - but I couldn't find a cross platform way to do that. so setting SOLR_SERVER_DIR seems like the best way forward for now. and it also seems like it is the reason that env variable is exposed... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org