Hi Chaz,
Thanks for the report, I will take a look and let you know.
About osgi-security, I think there's already a JDK21+ bundle
available. I have to check as well.
Regards
JB
On Wed, Sep 18, 2024 at 9:16 PM <apache-karaf-...@pyr3x.com.invalid> wrote:
>
> Hello,
>
> The permissions.perm file packaged with felix configadmin 1.9.26 and tested
> on latest Karaf is missing RuntimePermission/PropertyPermission
>
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission"
> "getenv.ORG_APACHE_FELIX_FILEINSTALL_DEPLOY_FELIX_FILEINSTALL_ACTIVE_LEVEL")
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission"
> "getenv.ORG_OPS4J_PAX_URL_MVN_FELIX_FILEINSTALL_FILENAME")
> java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "getenv.ORG_OPS4J_PAX_LOGGING_COLOR_DEBUG")
>
> There are similar for those 3 with PropertyPermission.
>
> The following changes to permissions.perm fixes the issue:
>
> # Environment/Property Support
> (java.lang.RuntimePermission "*" "getenv.*")
> (java.util.PropertyPermission "*" "read")
>
> This is one of, if not the only, bundle in Karaf distrib i've seen with a
> permissions.perm file.
>
> You can confirm this issue by enabling osgi security and installing
> framework-security on felix or running equinox (enabled by default).
>
> A more general question:
>
> Is there a plan for osgi-security past JDK17? I'm planning to use it to
> verify JARs are signed from the proper groups before hot-deploying.
>
> --
> Chaz
