Hello,
The permissions.perm file packaged with felix configadmin 1.9.26 and tested
on latest Karaf is missing RuntimePermission/PropertyPermission
java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"getenv.ORG_APACHE_FELIX_FILEINSTALL_DEPLOY_FELIX_FILEINSTALL_ACTIVE_LEVEL")
java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"getenv.ORG_OPS4J_PAX_URL_MVN_FELIX_FILEINSTALL_FILENAME")
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "getenv.ORG_OPS4J_PAX_LOGGING_COLOR_DEBUG")
There are similar for those 3 with PropertyPermission.
The following changes to permissions.perm fixes the issue:
# Environment/Property Support
(java.lang.RuntimePermission "*" "getenv.*")
(java.util.PropertyPermission "*" "read")
This is one of, if not the only, bundle in Karaf distrib i've seen with a
permissions.perm file.
You can confirm this issue by enabling osgi security and installing
framework-security on felix or running equinox (enabled by default).
A more general question:
Is there a plan for osgi-security past JDK17? I'm planning to use it to
verify JARs are signed from the proper groups before hot-deploying.
--
Chaz
