risdenk commented on code in PR #1066:
URL: https://github.com/apache/solr/pull/1066#discussion_r993539100
##########
solr/docker/templates/Dockerfile.body.template:
##########
@@ -45,6 +45,7 @@ ENV SOLR_USER="solr" \
SOLR_PID_DIR=/var/solr \
SOLR_LOGS_DIR=/var/solr/logs \
LOG4J_PROPS=/var/solr/log4j2.xml \
+ SOLR_SERVER_DIR="/opt/solr-${SOLR_VERSION}/server" \
Review Comment:
Java understands symlinks - but only if that was the requested path I think.
Jetty seems to explicitly request the canonical path.
```
permission java.io.FilePermission "/opt/solr-*",
"read,write,delete,readlink";
permission java.io.FilePermission "/opt/solr-*${/}-",
"read,write,delete,readlink";
```
this just ends up hardcoding a path. Very few paths should be hardcoded in
the security policy. Most are passed in as system properties.
another way to do it would be to find a way to expand the symlink in bash
and pass it in as another property to the security policy - but I couldn't find
a cross platform way to do that.
so setting SOLR_SERVER_DIR seems like the best way forward for now. and it
also seems like it is the reason that env variable is exposed...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
