shalinmangar commented on a change in pull request #1082: SOLR-13984: add
(experimental, disabled by default) security manager support
URL: https://github.com/apache/lucene-solr/pull/1082#discussion_r360646424
##########
File path: solr/bin/solr
##########
@@ -2071,6 +2071,17 @@ else
REMOTE_JMX_OPTS=()
fi
+# Enable java security manager (limiting filesystem access and other things)
+# Don't cache DNS lookups forever, set the value back to the original JDK
default.
+if [ "$SOLR_SECURITY_MANAGER_ENABLED" == "true" ]; then
+ SECURITY_MANAGER_OPTS=('-Djava.security.manager' \
+ "-Djava.security.policy=${SOLR_SERVER_DIR}/etc/security.policy" \
+ '-Dsun.net.inetaddr.ttl=30' \
Review comment:
Shouldn't this be configurable by the user? Perhaps we keep this default but
make it configurable with a `SOLR_NETWORKADDRESS_CACHE_TTL` variable.
Although most (all?) JVMs still honor the `sun.net.inetaddr.ttl` but it is
officially deprecated so we should use `-Dnetworkaddress.cache.ttl`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
