honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add a hack for windows

This commit is contained in:
Robert Muir 2015-05-02 12:41:38 -04:00
parent bdd6d9c705
commit 8c0d03c3ee
1 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -31,10 +31,6 @@ import java.nio.charset.StandardCharsets;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.NoSuchFileException; import java.nio.file.NoSuchFileException;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.URIParameter;
/** /**
* Initializes securitymanager with necessary permissions. * Initializes securitymanager with necessary permissions.
@ -53,8 +49,6 @@ class Security {
*/ */
static void configure(Environment environment) throws IOException { static void configure(Environment environment) throws IOException {
ESLogger log = Loggers.getLogger(Security.class); ESLogger log = Loggers.getLogger(Security.class);
//String prop = System.getProperty("java.io.tmpdir");
//log.trace("java.io.tmpdir {}", prop);
// init lucene random seed. it will use /dev/urandom where available. // init lucene random seed. it will use /dev/urandom where available.
StringHelper.randomId(); StringHelper.randomId();
InputStream config = Security.class.getResourceAsStream(POLICY_RESOURCE); InputStream config = Security.class.getResourceAsStream(POLICY_RESOURCE);
@ -63,22 +57,12 @@ class Security {
} }
Path newConfig = processTemplate(config, environment); Path newConfig = processTemplate(config, environment);
System.setProperty("java.security.policy", newConfig.toString()); System.setProperty("java.security.policy", newConfig.toString());
// retrieve the parsed policy we created: its useful if something goes wrong
Policy policy = null;
try {
policy = Policy.getInstance("JavaPolicy", new URIParameter(newConfig.toUri()));
} catch (NoSuchAlgorithmException impossible) {
throw new RuntimeException(impossible);
}
PermissionCollection permissions = policy.getPermissions(Security.class.getProtectionDomain());
log.trace("generated permissions: {}", permissions);
System.setSecurityManager(new SecurityManager()); System.setSecurityManager(new SecurityManager());
try { try {
// don't hide securityexception here, it means java.io.tmpdir is not accessible! // don't hide securityexception here, it means java.io.tmpdir is not accessible!
Files.delete(newConfig); Files.delete(newConfig);
} catch (SecurityException broken) { } catch (SecurityException broken) {
log.error("unable to properly access temporary files, permissions: {}", permissions); log.error("unable to properly access temporary files, run with -Djava.security.debug=policy for more information");
throw broken; throw broken;
} catch (IOException ignore) { } catch (IOException ignore) {
// e.g. virus scanner on windows // e.g. virus scanner on windows
@ -108,6 +92,11 @@ class Security {
addPath(writer, environment.configFile(), "read,readlink,write,delete"); addPath(writer, environment.configFile(), "read,readlink,write,delete");
addPath(writer, environment.logsFile(), "read,readlink,write,delete"); addPath(writer, environment.logsFile(), "read,readlink,write,delete");
addPath(writer, environment.pluginsFile(), "read,readlink,write,delete"); addPath(writer, environment.pluginsFile(), "read,readlink,write,delete");
// generate explicit perms for actual temp dir:
// (in case there is java.io.tmpdir sheistiness on windows)
addPath(writer, processed.getParent(), "read,readlink,write,delete");
for (Path path : environment.dataFiles()) { for (Path path : environment.dataFiles()) {
addPath(writer, path, "read,readlink,write,delete"); addPath(writer, path, "read,readlink,write,delete");
} }