[
https://issues.apache.org/jira/browse/SOLR-5617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13864505#comment-13864505
]
Shawn Heisey edited comment on SOLR-5617 at 1/7/14 9:44 PM:
------------------------------------------------------------
Here's a stacktrace from my attempted start on 4.6.0 without the option to
allow unsafe resource loading. The solr home is /index/solr4:
{noformat}
ERROR - 2014-01-07 14:37:05.493; org.apache.solr.common.SolrException;
null:org.apache.solr.common.SolrException: SolrCore 's1build' is not available
due to init failure: Could not load config file
/index/solr4/cores/s1_0/solrconfig.xml
at org.apache.solr.core.CoreContainer.getCore(CoreContainer.java:825)
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:293)
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:201)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1476)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:724)
Caused by: org.apache.solr.common.SolrException: Could not load config file
/index/solr4/cores/s1_0/solrconfig.xml
at
org.apache.solr.core.CoreContainer.createFromLocal(CoreContainer.java:532)
at org.apache.solr.core.CoreContainer.create(CoreContainer.java:599)
at org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:253)
at org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:245)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
... 1 more
Caused by: org.apache.solr.common.SolrException: org.xml.sax.SAXParseException;
systemId: solrres:/solrconfig.xml; lineNumber: 7; columnNumber: 70; An include
with href '../../../config/common/luceneMatchVersion.xml'failed, and no
fallback element was found.
at org.apache.solr.core.Config.<init>(Config.java:148)
at org.apache.solr.core.Config.<init>(Config.java:86)
at org.apache.solr.core.SolrConfig.<init>(SolrConfig.java:129)
at
org.apache.solr.core.CoreContainer.createFromLocal(CoreContainer.java:529)
... 11 more
Caused by: org.xml.sax.SAXParseException; systemId: solrres:/solrconfig.xml;
lineNumber: 7; columnNumber: 70; An include with href
'../../../config/common/luceneMatchVersion.xml'failed, and no fallback element
was found.
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:441)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:325)
at
com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler.reportError(XIncludeHandler.java:2326)
at
com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler.reportFatalError(XIncludeHandler.java:2321)
at
com.sun.org.apache.xerces.internal.xinclude.XIncludeHandler.emptyElement(XIncludeHandler.java:948)
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:353)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2717)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:607)
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:116)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:489)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:835)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
at
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:237)
at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
at org.apache.solr.core.Config.<init>(Config.java:134)
... 14 more
{noformat}
was (Author: elyograg):
I will have to double-check, but I probably have the specifics that required me
to turn off the safety checking wrong. It may have been configuration
components gathered via xinclude, not jarfiles. Either way, I am sure that
everything is under the solr home.
> Default classloader restrictions may be too tight
> -------------------------------------------------
>
> Key: SOLR-5617
> URL: https://issues.apache.org/jira/browse/SOLR-5617
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.6
> Reporter: Shawn Heisey
> Labels: security
> Fix For: 5.0, 4.7
>
>
> SOLR-4882 introduced restrictions for the Solr class loader that cause
> resources outside the instanceDir to fail to load. This is a very good goal,
> but what if you have common resources like included config files that are
> outside instanceDir but are still fully inside the solr home?
> I can understand not wanting to load resources from an arbitrary path, but
> the solr home and its children should be about as trustworthy as instanceDir.
> Ideally I'd like to have anything that's in $\{solr.solr.home\} trusted
> automatically. If I need to define a system property to make this happen,
> I'm OK with that -- as long as I don't have to turn off the safety checking
> entirely.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
