janhoy commented on code in PR #4471:
URL: https://github.com/apache/solr/pull/4471#discussion_r3328589298
##########
solr/solr-ref-guide/modules/configuration-guide/pages/solr-properties.adoc:
##########
@@ -92,6 +92,12 @@ NOTE: Properties marked with "!" indicate inverted meaning
between pre Solr 10 a
|solr.responses.stacktrace.enabled|!solr.hideStackTrace|false|Controls whether
stack traces are included in responses. When set to `true`, stack traces are
included in responses.
+|solr.security.agent.extra.policy||`${server.dir}/etc/agent-security-extra.policy`|Path
to the operator extension policy file for the Solr security agent. Overrides
the default location. An absent file is silently skipped.
+
+|solr.security.agent.mode||`warn`|Enforcement mode for the Solr security
agent: `warn` (log violations, continue) or `enforce` (log violations, block
the operation with `SecurityException`).
+
+|solr.security.agent.skip||`false`|If set to `true`, omits the `-javaagent:`
flag from the JVM command line, disabling all Solr security agent controls.
Intended for temporary troubleshooting only.
Review Comment:
Yes, they can be set as env vars. PolicyPropertyExpander.getPropertyOrEnv()
checks the system property first, then falls back to the corresponding env var
(SOLR_SECURITY_AGENT_MODE, SOLR_SECURITY_AGENT_EXTRA_POLICY,
SOLR_SECURITY_AGENT_SKIP) using the standard SOLR_FOO_BAR convention. The env
vars are documented in the agent section of the ref guide.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
