[
https://issues.apache.org/jira/browse/SOLR-4195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13532976#comment-13532976
]
Uwe Schindler commented on SOLR-4195:
-------------------------------------
The other idea to handle this (without stopping to copy test-files before the
build) would be to change the lucene/tools/juni4/tests.policy file to also
disallow access to test-files inside the build directory.
The problem with that is: Java's security framework only allows "grants" but no
"denys", so once you explicitely enabled write access to the build directory,
it is no longer possible to disallow for a subdirectory of that granted one.
But in LUCENE-4337 the original idea was to more and more harden the policy, so
a test can only write to its own "per-jvm" working directory in the future (and
some other specific directories, the Junit framework itsself needs for
inter-process communication). So we could work on this, I can assist with
further hardening the test sandbox.
> chmod a-x build/**/test-files when running tests
> ------------------------------------------------
>
> Key: SOLR-4195
> URL: https://issues.apache.org/jira/browse/SOLR-4195
> Project: Solr
> Issue Type: Improvement
> Reporter: Hoss Man
> Attachments: SOLR-4195.patch
>
>
> Until recently, I thought the solr test framework was setup such that every
> test got it's own copy of the "test-files/solr" directory to use as it's Solr
> Home Dir -- then mark committed r1421543, to fix a problem where that test
> was writing a file (that would later be removed) to the solr conf dir, which
> would confuse another currently running test and cause it to fail.
> This made me realize that what i was remembering is that the ant build files
> copy the src/test-files directories into build/ prior to running the tests --
> but all tests (in that module) still share the same copy.
> Subsequent discussions with folks on IRC lead me to the following
> realizations..
> * making a copy of the test-files dir for each test would help eliminate
> confusing by reducing non-reproducible failures if tests collide -- but might
> be slow
> * making a copy of the test-files dir for each test would not help identify
> situations were code was mistakenly/unexpectedly writing to the solr home dir
> * what would probably make the most sense, would be to make the
> build/test-files directory "read only". that way by default tests would get
> a read only solr home dir -- triggering failures if the code is broken and
> tries to write to that dir. tests that want/need to write to the solr home
> dir would have to go out of their way to clone the read only test-files/solr
> directory and use it as their solr home.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
