[
https://issues.apache.org/jira/browse/LUCENE-4337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13444497#comment-13444497
]
Uwe Schindler commented on LUCENE-4337:
---------------------------------------
The approach is also good - and can also be configured via sysprops! Funny: you
also added readlink permission, but i left that out as we are on Java 6.
The good thing with being explicit is my experience from today: because today I
found lots of places where e.g. Solr was opening ports on 0.0.0.0 instead of
localhost(127.0.0.1)-only which is bad for tests (I was always clicking on
Windows-Firewall to allow that, krrrrr). So we should limit the tests as much
as possible - a strict policy rule is the best. It's also a good test of Lucene
and Solr if it works with a real J2EE security manager...
If we add new features, the policy file is edited quickly. If later JDK
versions add new Permissions, its also no problem, because we won't use them at
the moment.
> Create Java security manager for forcible asserting behaviours in testing
> -------------------------------------------------------------------------
>
> Key: LUCENE-4337
> URL: https://issues.apache.org/jira/browse/LUCENE-4337
> Project: Lucene - Core
> Issue Type: Bug
> Affects Versions: 4.1, 5.0, 4.0
> Reporter: Greg Bowyer
> Assignee: Greg Bowyer
> Attachments: ChrootSecurityManager.java,
> ChrootSecurityManagerTest.java, LUCENE-4337.patch, LUCENE-4337.patch,
> LUCENE-4337.patch
>
>
> Following on from conversations about mutation testing, there is an interest
> in building a Java security manager that is able to assert / guarantee
> certain behaviours
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
