RFR: 8228434: jdk/net/Sockets/Test.java fails after JDK-8227642

Severin Gehwolf sgehwolf at redhat.com
Fri Jul 19 16:55:07 UTC 2019


On Fri, 2019-07-19 at 17:40 +0100, Alan Bateman wrote:
> On 19/07/2019 16:21, Claes Redestad wrote:
> > On 2019-07-19 17:07, Severin Gehwolf wrote:
> > > Do you have objections, to go with that, Claes?
> > > 
> > > http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8228434/01/webrev/
> > 
> > While I think the privilegedGetProperty alternative would work just
> > fine regardless of security settings, I don't object to this if you're
> > more comfortable with it.
> privilegedGetProperty will work for the Sockets test because its policy 
> file allows the test lib classes to read all properties:
> 
> grant codeBase "file:${test.classes}/../../../../test/lib/-" {
>      permission java.util.PropertyPermission "*", "read";
>      permission java.io.FilePermission "/etc/release", "read";
>      permission java.io.FilePermission "<<ALL FILES>>", "execute";
> };

Yes.

> There might be other tests with policy files where this is not the case.

My issue is with finding those tests :-/ If we know the set of *all*
tests affected by the breakage we could do approach 2. Approach 1 (or
3) seems safer.

> Severin - how about a combination of the two approaches, meaning add 
> Docker.DOCKER_COMMAND as per the first version but use 
> privilegedGetProperty to read the value. That way only container tests 
> using a SM and their own policy files will need to grant the permission 
> to read this property.

Sure, fine with me. Here you go:
http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8228434/02/webrev/

Thoughts?

Thanks,
Severin



More information about the core-libs-dev mailing list