This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new 46f6df3a22c SOLR-17800: Security Manager should handle symlink on /tmp
(#3359)
46f6df3a22c is described below
commit 46f6df3a22c4f840d1472fc7c37d0614d1b579b6
Author: Kevin Risden <[email protected]>
AuthorDate: Mon Jun 30 09:04:36 2025 -0400
SOLR-17800: Security Manager should handle symlink on /tmp (#3359)
---
solr/CHANGES.txt | 2 ++
solr/bin/solr | 10 +++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 37e8beff119..facf2b07d94 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -134,6 +134,8 @@ Bug Fixes
* SOLR-16667: Fixed dense/sparse representation in LTR module. (Anna Ruggero,
Alessandro Benedetti)
+* SOLR-17800: Security Manager should handle symlink on /tmp (Kevin Risden)
+
Dependency Upgrades
---------------------
* SOLR-17471: Upgrade Lucene to 9.12.1. (Pierre Salagnac, Christine Poerschke)
diff --git a/solr/bin/solr b/solr/bin/solr
index da03e93dbee..ff97eda9425 100755
--- a/solr/bin/solr
+++ b/solr/bin/solr
@@ -515,9 +515,10 @@ function jetty_port() {
# useful for doing cross-platform work from the command-line using Java
function run_tool() {
- # shellcheck disable=SC2086
+ # shellcheck disable=SC2086,SC2164
"$JAVA" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_ZK_CREDS_AND_ACLS:-}
${SOLR_TOOL_OPTS:-} -Dsolr.install.dir="$SOLR_TIP" \
-Dlog4j.configurationFile="$DEFAULT_SERVER_DIR/resources/log4j2-console.xml"
-Dsolr.pid.dir="$SOLR_PID_DIR" \
+ -Djava.io.tmpdir="$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd -P)" \
-classpath
"$DEFAULT_SERVER_DIR/solr-webapp/webapp/WEB-INF/lib/*:$DEFAULT_SERVER_DIR/lib/ext/*:$DEFAULT_SERVER_DIR/lib/*"
\
org.apache.solr.cli.SolrCLI "$@"
@@ -537,8 +538,9 @@ function stop_solr() {
if [ -n "$SOLR_PID" ]; then
echo -e "Sending stop command to Solr running on port $SOLR_PORT ...
waiting up to $SOLR_STOP_WAIT seconds to allow Jetty process $SOLR_PID to stop
gracefully."
- # shellcheck disable=SC2086
- "$JAVA" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} -jar
"$DIR/start.jar" "STOP.PORT=$THIS_STOP_PORT" "STOP.KEY=$STOP_KEY" --stop || true
+ # shellcheck disable=SC2086,SC2164
+ "$JAVA" -Djava.io.tmpdir="$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd
-P)" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} \
+ -jar "$DIR/start.jar" "STOP.PORT=$THIS_STOP_PORT" "STOP.KEY=$STOP_KEY"
--stop || true
(loops=0
while true
do
@@ -1403,9 +1405,11 @@ function start_solr() {
echo "Java $JAVA_VER_NUM detected. Incubating Panama Vector APIs have been
enabled"
fi
+ # shellcheck disable=SC2164
SOLR_START_OPTS=('-server' "${JAVA_MEM_OPTS[@]}" "${GC_TUNE_ARR[@]}"
"${GC_LOG_OPTS[@]}" "${IP_ACL_OPTS[@]}" \
"${REMOTE_JMX_OPTS[@]}" "${CLOUD_MODE_OPTS[@]}"
-Dsolr.log.dir="$SOLR_LOGS_DIR" \
"-Djetty.port=$SOLR_PORT" "-DSTOP.PORT=$stop_port" "-DSTOP.KEY=$STOP_KEY" \
+ "-Djava.io.tmpdir=$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd -P)" \
# '-OmitStackTraceInFastThrow' ensures stack traces in errors,
# users who don't care about useful error msgs can override in SOLR_OPTS
with +OmitStackTraceInFastThrow
"${SOLR_HOST_ARG[@]}" "-Duser.timezone=$SOLR_TIMEZONE"
"-XX:-OmitStackTraceInFastThrow" \
