[ https://issues.apache.org/jira/browse/SOLR-13986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985468#comment-16985468 ]
Robert Muir commented on SOLR-13986: ------------------------------------ I implemented patch with my workaround from before. Note that 2 tests still fail: HdfsThreadLeakTest, TestHdfsCloudBackupRestore The problem is hadoop test code (MiniDFSCluster.createPermissionsDiagnosisString): https://github.com/apache/hadoop/blob/7a3188d054481b9bd563e337901e93476303ce7f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java#L1260 It calls File.canExecute, but doesn't handle SecurityException. This is clearly documented in the java.io.File api: https://docs.oracle.com/javase/7/docs/api/java/io/File.html#canExecute() I think I can hack around it but someone should really do something about this hadoop code. > remove "execute" permission from solr-tests.policy > -------------------------------------------------- > > Key: SOLR-13986 > URL: https://issues.apache.org/jira/browse/SOLR-13986 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Robert Muir > Priority: Major > Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch > > > If we don't really need to execute processes, we can take the permission > away. That way any attempt to execute something results in a > SecurityException rather than running a process. > It is necessary to first fix the tests policy before thinking about > supporting securitymanager in solr. This way we can ensure functionality does > not break via our tests. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org