RFR: 7193201: [OS X] The development launcher should be signed and given task_for_pid privileges
Nils Loodin
nils.loodin at oracle.com
Thu Sep 6 01:56:25 PDT 2012
Looks good!
/Nils Loodin
On 08/27/2012 04:13 PM, Staffan Larsen wrote:
> Can someone review this change, please?
>
> Thanks,
> /Staffan
>
> On 22 aug 2012, at 14:12, Staffan Larsen <staffan.larsen at oracle.com> wrote:
>
>> Please review the following change to the hotspot makefiles to give additional privileges on OS X for running SA tools. The SA tools use the task_for_pid system call to access another process. To do this, OS X requires the launching process to 1) have the SecTaskAccess key set in its plist and 2) be signed.
>>
>> We do the same thing for the JDK launchers jinfo, jmap and jstack. Since we don't have access to a "real" certificate during development, we use one that we use a self signed certificate. Instructions for creating one is in [1]. This is the same certificate name as used by the JDK launchers at development time.
>>
>> See the jdk/make/launchers/Makefile.launcher and jdk/make/common/Program.gmk for simliar code in the JDK.
>>
>> http://cr.openjdk.java.net/~sla/7193201/webrev.00/
>>
>>
>> Thanks,
>> /Staffan
>>
>>
>> [1] https://wikis.oracle.com/display/OpenJDK/Mac+OS+X+Port+Using+jsadebug%2C+jinfo%2C+jmap
>
More information about the hotspot-dev
mailing list