Juan Hernandez has uploaded a new change for review. Change subject: core: Disable PKCS#11 security provider ......................................................................
core: Disable PKCS#11 security provider The PKCS#11 security provider generates a native memory leak in RHEL 6.5. Currently we don't need this provider, so it can be safeley disabled. This patch disables it adding the following to our custom java.security file: security.provider.1=sun.security.provider.Sun Change-Id: I474b0ff84700f00c8dcab2c5eb8a6a2f3d13aeaf Bug-Url: https://bugzilla.redhat.com/1028966 Signed-off-by: Juan Hernandez <[email protected]> --- M packaging/etc/java.security 1 file changed, 18 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/27/21827/1 diff --git a/packaging/etc/java.security b/packaging/etc/java.security index b1b0ba8..0f058e2 100644 --- a/packaging/etc/java.security +++ b/packaging/etc/java.security @@ -2,3 +2,21 @@ # Use this file if you need to change any of the properties that will usually # go in the ${JAVA_HOME}/lib/security/java.security file. # + +# +# The default java.security contains the following security providers in some +# environments: +# +# security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg +# security.provider.2=sun.security.provider.Sun +# ... +# +# This means that the PKCS#11 providers is always loaded, even if no PKCS#11 +# hardware or software token is in use. We currently don't use or support any +# PKCS#11 token. Unfortunatelly this provider generates a serious off-heap +# memory leak in some environments, in recent EL6 distributions in particular. +# In order to avoid this leak we disable it and set the Sun provider as the +# first. Once the leak with the PKCS#11 provider is solved this line can be +# safely removed or commented out. +# +security.provider.1=sun.security.provider.Sun -- To view, visit http://gerrit.ovirt.org/21827 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I474b0ff84700f00c8dcab2c5eb8a6a2f3d13aeaf Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
