From david.holmes at oracle.com Wed Apr 18 21:40:45 2012 From: david.holmes at oracle.com (David Holmes) Date: Thu, 19 Apr 2012 14:40:45 +1000 Subject: jtreg fails if the test requires a security manager! Message-ID: <4F8F974D.9000200@oracle.com> Hi Jon, I have a new test that requires that a security manager be installed, so I have: @run main/othervm -Djava.security.manager but this causes jtreg itself to encounter a security exception: Exception in thread "main" java.security.AccessControlException: access denied ("java.io.FilePermission" "/scratch/dh198349/dev-work/b11/linux-i586-dh/testoutput/jdk_util/JTwork/classes/java/util/concurrent/atomic/AtomicUpdaters.jta" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:364) at java.security.AccessController.checkPermission(AccessController.java:555) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.FileInputStream.(FileInputStream.java:121) at java.io.FileInputStream.(FileInputStream.java:87) at java.io.FileReader.(FileReader.java:58) at com.sun.javatest.regtest.MainWrapper.main(MainWrapper.java:45) What can I do to fix this? Thanks, David From jonathan.gibbons at oracle.com Fri Apr 20 15:18:15 2012 From: jonathan.gibbons at oracle.com (Jonathan Gibbons) Date: Fri, 20 Apr 2012 15:18:15 -0700 Subject: jtreg fails if the test requires a security manager! In-Reply-To: <4F8F974D.9000200@oracle.com> References: <4F8F974D.9000200@oracle.com> Message-ID: <4F91E0A7.1010800@oracle.com> jtreg has special handling and support for security managers, so that it can ensure it has permissions to do its job as well as let you do yours. I've not played much in this area, but reading the tag-spec [1] I see the following sections. > /policy= > > Define the Java system property "java.security.policy" to have the value > "=${TESTSRC}/", where TESTSRC is the name of the directory containing the > defining file of the test. This definition has the effect of making the given > file the sole source of security policies to be used by the security manager. > In particular, the system security policy and the user's security policy will > be ignored. If the /secure option is not used then the default security > manager will be installed. > > Property expansion will be performed in the policy file as usual; in > particular, the "test.src" and "test.classes" properties will name the source > and class directories of the test being run (see DIRECTORY CONTEXT below). > > This option may only be used in conjunction with the /othervm option. > > /secure= > > Specify a subclass of java.lang.SecurityManager to be installed as the security > manager. An appropriate @build tag should be provided to ensure that the class > is compiled. If the /secure option is used without the /policy option then the > system's built-in policy, equivalent to the original sandbox policy, will be > assumed. > > This option may only be used in conjunction with the /othervm option. Seems to me that you want /secure=java.lang.SecurityManager. I agree your use of -Djava.security.manager is intuitive and should be considered as an RFE. -- Jon [1] http://openjdk.java.net/jtreg/tag-spec.txt On 04/18/2012 09:40 PM, David Holmes wrote: > Hi Jon, > > I have a new test that requires that a security manager be installed, > so I have: > > @run main/othervm -Djava.security.manager > > but this causes jtreg itself to encounter a security exception: > > Exception in thread "main" java.security.AccessControlException: > access denied ("java.io.FilePermission" > "/scratch/dh198349/dev-work/b11/linux-i586-dh/testoutput/jdk_util/JTwork/classes/java/util/concurrent/atomic/AtomicUpdaters.jta" > "read") > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:364) > at > java.security.AccessController.checkPermission(AccessController.java:555) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at java.io.FileInputStream.(FileInputStream.java:121) > at java.io.FileInputStream.(FileInputStream.java:87) > at java.io.FileReader.(FileReader.java:58) > at com.sun.javatest.regtest.MainWrapper.main(MainWrapper.java:45) > > What can I do to fix this? > > Thanks, > David From david.holmes at oracle.com Sun Apr 22 15:47:13 2012 From: david.holmes at oracle.com (David Holmes) Date: Mon, 23 Apr 2012 08:47:13 +1000 Subject: jtreg fails if the test requires a security manager! In-Reply-To: <4F91E0A7.1010800@oracle.com> Message-ID: <4F948A71.2020404@oracle.com> Hi Jon, Jonathon Gibbons wrote: > Seems to me that you want /secure=java.lang.SecurityManager. I agree > your use of -Djava.security.manager is intuitive and should be > considered as an RFE. Unfortunately using /secure doesn't work: ACTION: build -- Not run. Test running... REASON: Named class compiled on demand TIME: java.lang.SecurityManager seconds messages: command: build .secure=java.lang.SecurityManager reason: Named class compiled on demand TEST RESULT: Error. Can't find source file: /secure=java/lang/SecurityManager.java in directory-list: /java/embedded/users/dh198349/dev-work/jdk-7103570/test/java/util/concurrent/atomic David ----- From jonathan.gibbons at oracle.com Mon Apr 23 08:11:57 2012 From: jonathan.gibbons at oracle.com (Jonathan Gibbons) Date: Mon, 23 Apr 2012 08:11:57 -0700 Subject: jtreg fails if the test requires a security manager! In-Reply-To: <4F948A71.2020404@oracle.com> References: <4F948A71.2020404@oracle.com> Message-ID: <4F95713D.4030100@oracle.com> OK, I'll have to investigate this further and consult Other Authorities and get back to you. -- Jon On 04/22/2012 03:47 PM, David Holmes wrote: > Hi Jon, > > Jonathon Gibbons wrote: > > Seems to me that you want /secure=java.lang.SecurityManager. I agree > > your use of -Djava.security.manager is intuitive and should be > > considered as an RFE. > > Unfortunately using /secure doesn't work: > > ACTION: build -- Not run. Test running... > REASON: Named class compiled on demand > TIME: java.lang.SecurityManager seconds > messages: > command: build .secure=java.lang.SecurityManager > reason: Named class compiled on demand > > TEST RESULT: Error. Can't find source file: > /secure=java/lang/SecurityManager.java in directory-list: > /java/embedded/users/dh198349/dev-work/jdk-7103570/test/java/util/concurrent/atomic > > David > -----