From a6082eb5637741f8689723de6e8c7ca5e5cf6512 Mon Sep 17 00:00:00 2001 From: Jason Tedor Date: Mon, 28 Nov 2016 18:47:32 -0500 Subject: [PATCH] Grant Netty permission to read system somaxconn When Netty listens on a socket, it specifies the established connection backlog for the socket. On Linux, Netty tries to read the system-wide configuration for this from /proc/sys/net/core/somaxconn and falls back to a default value when it can not read this value. This commit grants Netty permission to read this file so that it can honor the system-wide configuration for the connection backlog for sockets that it is listening on. This also removes an obnoxious stack trace that appears when Netty logging is set to debug logging. Relates #21840 --- .../src/main/plugin-metadata/plugin-security.policy | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy index 902bfdee231..ce39869d2fb 100644 --- a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy +++ b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy @@ -17,8 +17,13 @@ * under the License. */ +grant codeBase "${codebase.netty-common-4.1.6.Final.jar}" { + // for reading the system-wide configuration for the backlog of established sockets + permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read"; +}; + grant codeBase "${codebase.netty-transport-4.1.6.Final.jar}" { // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854 // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely! permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write"; -}; \ No newline at end of file +};