[jira] [Commented] (FELIX-5911) [Configurator] Too restrictive permissions.perm file
[ https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16688072#comment-16688072 ] Christoph Nölle commented on FELIX-5911: [~cziegeler], any chance for a release in the near future? > [Configurator] Too restrictive permissions.perm file > > > Key: FELIX-5911 > URL: https://issues.apache.org/jira/browse/FELIX-5911 > Project: Felix > Issue Type: Bug > Components: Configurator >Affects Versions: configurator-1.0.4, configurator-1.0.6 >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configurator-1.0.8 > > > Configurator currently requests > (java.io.FilePermission "-" "read,write,execute,delete") > in its permissions.perm file (the "-" means all files and subfolders within > and below the current working dir). However, the bundle tries to access files > in the bundle storage area as well, whose location we cannot anticipate here. > It can be configured by means of a framework property, for instance. The > correct permission would be > (java.io.FilePermission "<>" "read,write,execute,delete") -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (FELIX-5911) [Configurator] Too restrictive permissions.perm file
[ https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629226#comment-16629226 ] Karl Pauls commented on FELIX-5911: --- yup > [Configurator] Too restrictive permissions.perm file > > > Key: FELIX-5911 > URL: https://issues.apache.org/jira/browse/FELIX-5911 > Project: Felix > Issue Type: Bug > Components: Configurator >Affects Versions: configurator-1.0.4, configurator-1.0.6 >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configurator-1.0.8 > > > Configurator currently requests > (java.io.FilePermission "-" "read,write,execute,delete") > in its permissions.perm file (the "-" means all files and subfolders within > and below the current working dir). However, the bundle tries to access files > in the bundle storage area as well, whose location we cannot anticipate here. > It can be configured by means of a framework property, for instance. The > correct permission would be > (java.io.FilePermission "<>" "read,write,execute,delete") -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (FELIX-5911) [Configurator] Too restrictive permissions.perm file
[ https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629185#comment-16629185 ] Christoph Nölle commented on FELIX-5911: I was not referring to the permissions of the Java runtime. According to the security spec [50.2.1 Local Permissions, https://osgi.org/specification/osgi.core/7.0.0/service.condpermadmin.html#i1534520]: ??Local permissions are defined by a Bundle Permission Resource that is contained in the bundle; this resource defines a set of _permissions_. These permissions must be enforced by the Framework for the given bundle. That is, a bundle can get less permissions than the local permissions but it can never get more permissions.?? The remainder of the section is also very clear about it: adding a permission to ConditionalPermissionAdmin does not overwrite the local perms. > [Configurator] Too restrictive permissions.perm file > > > Key: FELIX-5911 > URL: https://issues.apache.org/jira/browse/FELIX-5911 > Project: Felix > Issue Type: Bug > Components: Configurator >Affects Versions: configurator-1.0.4, configurator-1.0.6 >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configurator-1.0.8 > > > Configurator currently requests > (java.io.FilePermission "-" "read,write,execute,delete") > in its permissions.perm file (the "-" means all files and subfolders within > and below the current working dir). However, the bundle tries to access files > in the bundle storage area as well, whose location we cannot anticipate here. > It can be configured by means of a framework property, for instance. The > correct permission would be > (java.io.FilePermission "<>" "read,write,execute,delete") -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (FELIX-5911) [Configurator] Too restrictive permissions.perm file
[
https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16628970#comment-16628970
]
Timothy Ward commented on FELIX-5911:
-
{quote}[~timothyjward]: as far as I understand the set of permissions granted
by the system admin/the person launching the framework can only be a subset of
the permissions requested in the permissions.perm file. More precisely, the
effective set of permissions is the intersection of the ones in
permissions.perm and the ones granted by the admin. It is hence not possible to
configure additional permissions. Did I get this wrong?
{quote}
You can still use PermissionAdmin/ConditionalPermissionAdmin to control the
permissions of a bundle and grant them wider permissions than they would
otherwise have. You are correct, however that the permissions for a bundle
cannot expand beyond those of the Java runtime as a whole.
> [Configurator] Too restrictive permissions.perm file
>
>
> Key: FELIX-5911
> URL: https://issues.apache.org/jira/browse/FELIX-5911
> Project: Felix
> Issue Type: Bug
> Components: Configurator
>Affects Versions: configurator-1.0.4, configurator-1.0.6
>Reporter: Christoph Nölle
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: configurator-1.0.8
>
>
> Configurator currently requests
> (java.io.FilePermission "-" "read,write,execute,delete")
> in its permissions.perm file (the "-" means all files and subfolders within
> and below the current working dir). However, the bundle tries to access files
> in the bundle storage area as well, whose location we cannot anticipate here.
> It can be configured by means of a framework property, for instance. The
> correct permission would be
> (java.io.FilePermission "<>" "read,write,execute,delete")
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (FELIX-5911) [Configurator] Too restrictive permissions.perm file
[ https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16628825#comment-16628825 ] Carsten Ziegeler commented on FELIX-5911: - I changed the title, I hope it fits better now. For other things like the use of reflection we should create different issues > [Configurator] Too restrictive permissions.perm file > > > Key: FELIX-5911 > URL: https://issues.apache.org/jira/browse/FELIX-5911 > Project: Felix > Issue Type: Bug > Components: Configurator >Affects Versions: configurator-1.0.4, configurator-1.0.6 >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configurator-1.0.8 > > > Configurator currently requests > (java.io.FilePermission "-" "read,write,execute,delete") > in its permissions.perm file (the "-" means all files and subfolders within > and below the current working dir). However, the bundle tries to access files > in the bundle storage area as well, whose location we cannot anticipate here. > It can be configured by means of a framework property, for instance. The > correct permission would be > (java.io.FilePermission "<>" "read,write,execute,delete") -- This message was sent by Atlassian JIRA (v7.6.3#76005)
