RFR: 7193201: [OS X] The development launcher should be signed and given task_for_pid privileges
Staffan Larsen
staffan.larsen at oracle.com
Mon Aug 27 07:13:17 PDT 2012
Can someone review this change, please?
Thanks,
/Staffan
On 22 aug 2012, at 14:12, Staffan Larsen <staffan.larsen at oracle.com> wrote:
> Please review the following change to the hotspot makefiles to give additional privileges on OS X for running SA tools. The SA tools use the task_for_pid system call to access another process. To do this, OS X requires the launching process to 1) have the SecTaskAccess key set in its plist and 2) be signed.
>
> We do the same thing for the JDK launchers jinfo, jmap and jstack. Since we don't have access to a "real" certificate during development, we use one that we use a self signed certificate. Instructions for creating one is in [1]. This is the same certificate name as used by the JDK launchers at development time.
>
> See the jdk/make/launchers/Makefile.launcher and jdk/make/common/Program.gmk for simliar code in the JDK.
>
> http://cr.openjdk.java.net/~sla/7193201/webrev.00/
>
>
> Thanks,
> /Staffan
>
>
> [1] https://wikis.oracle.com/display/OpenJDK/Mac+OS+X+Port+Using+jsadebug%2C+jinfo%2C+jmap
More information about the hotspot-dev
mailing list