[
https://issues.apache.org/jira/browse/LUCENE-4632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13533217#comment-13533217
]
Uwe Schindler edited comment on LUCENE-4632 at 12/16/12 12:16 AM:
------------------------------------------------------------------
Here is the patch. I am running all tests, will commit this once it passes.
The tests are now completely sandboxed and cannot write outside their own
temporary working directory (J0, J1,...). In addition, the test framework can
write to its temp dir for communication files and clover database (if
available).
Dawid: The new sysprop would not have been possible, the JVM sets $\{user.dir\}
to the CWD on JVM startup:
http://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html
In addition the new randomizedrunner framework prints the JVM pids on startup
of each JVM.
was (Author: thetaphi):
Here is the patch. I am running all tests, will commit this once it passes.
The tests are now completely sandboxed and cannot write outside their own
temporary working directory (J0, J1,...). In addition, the test framework can
write to its temp dir for communication files and clover database (if
available).
Dawid: The new sysprop would not have been possible, the JVM sets ${user.dir}
to the CWD on JVM startup:
http://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html
In addition the new randomizedrunner framework prints the JVM pids on startup
of each JVM.
> Restrict test-framework's write permissions more: Only allow write to per-JVM
> CWD and the clover.db.dir
> -------------------------------------------------------------------------------------------------------
>
> Key: LUCENE-4632
> URL: https://issues.apache.org/jira/browse/LUCENE-4632
> Project: Lucene - Core
> Issue Type: Improvement
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Fix For: 4.1, 5.0
>
> Attachments: LUCENE-4632.patch
>
>
> Currently we restring wrting to tests.tempDir after SOLR-4195, but it would
> be better to restrict more and only let child JVMs write to their working dir
> and not outside (and maybe corrumpt other JVMs).
> The problem with current setup is that the child JVM's policy file does not
> know the runner number nor the absolute working directory (it must be
> absolute and platform-specific with backslash/slash/... -> new
> File(".").getAbsolutePath().
> Dawid will release a new Junit4 package with a new sysprop passed to every
> child with its full CWD: junit4.childvm.cwd
> In that case the policy file would use this property (and the clover.db.dir)
> to allow write access and allow only read/execute access for the rest of the
> filesystem.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
