> On Oct 18, 2016, at 8:34 PM, Uwe Schindler <uschind...@apache.org> wrote:
> ...

> Nevertheless, the "original" issue with the symlinked home directory should 
> be solved separately. I made a proposal to Max (Weijun Wang) how to fix this 
> while reading the policy file. We fixed the problem locally by fixing the 
> Jenkins User account running the tests to not have a symlinked user.home dir 
> anymore.

I still feel hesitated to grant an extra permission for all FilePermission in a 
policy file, because that might not be what the user always wanted.

How about adding a modifier to the line, something like

   permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", 
"read", canonicalized;

which means when the permission is created its name should be canonicalized. 

With this modifier, if the canonicalized name is different, it will not permit 
access using the symlink.

The format is backward compatible with jdk8 because the modifier will be 


To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to