RFR: 8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
Severin Gehwolf
sgehwolf at redhat.com
Fri Jul 19 16:55:07 UTC 2019
On Fri, 2019-07-19 at 17:40 +0100, Alan Bateman wrote:
> On 19/07/2019 16:21, Claes Redestad wrote:
> > On 2019-07-19 17:07, Severin Gehwolf wrote:
> > > Do you have objections, to go with that, Claes?
> > >
> > > http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8228434/01/webrev/
> >
> > While I think the privilegedGetProperty alternative would work just
> > fine regardless of security settings, I don't object to this if you're
> > more comfortable with it.
> privilegedGetProperty will work for the Sockets test because its policy
> file allows the test lib classes to read all properties:
>
> grant codeBase "file:${test.classes}/../../../../test/lib/-" {
> permission java.util.PropertyPermission "*", "read";
> permission java.io.FilePermission "/etc/release", "read";
> permission java.io.FilePermission "<<ALL FILES>>", "execute";
> };
Yes.
> There might be other tests with policy files where this is not the case.
My issue is with finding those tests :-/ If we know the set of *all*
tests affected by the breakage we could do approach 2. Approach 1 (or
3) seems safer.
> Severin - how about a combination of the two approaches, meaning add
> Docker.DOCKER_COMMAND as per the first version but use
> privilegedGetProperty to read the value. That way only container tests
> using a SM and their own policy files will need to grant the permission
> to read this property.
Sure, fine with me. Here you go:
http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8228434/02/webrev/
Thoughts?
Thanks,
Severin
More information about the core-libs-dev
mailing list