This is exactly the kind of things I was planning for my next deployment: a jail and finer permission tuning (besides closing the port and changing flag configuration). Exactly I was running ES libraries as root embedded in a Tomcat app.
However, I think software should fit for purpose and delegate security in other specialized programs. Making the specific warnings, this policy looks ok to me. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d92b6677-35a3-4fec-b19f-813e854fce86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
