You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by Uwe Schindler <uw...@thetaphi.de> on 2015/02/26 16:00:45 UTC

RE: svn commit: r1662465 - /lucene/dev/trunk/lucene/tools/junit4/tests.policy

Why not put:

permission java.io.FilePermission "${tests.linedocsfile}", "read";

This is passed as sysprop down, so it is also available to the policy file. If it's just the non-absolute path as of now, it also does not really hurt.

Uwe

-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: uwe@thetaphi.de


> -----Original Message-----
> From: rmuir@apache.org [mailto:rmuir@apache.org]
> Sent: Thursday, February 26, 2015 3:47 PM
> To: commits@lucene.apache.org
> Subject: svn commit: r1662465 -
> /lucene/dev/trunk/lucene/tools/junit4/tests.policy
> 
> Author: rmuir
> Date: Thu Feb 26 14:46:38 2015
> New Revision: 1662465
> 
> URL: http://svn.apache.org/r1662465
> Log:
> best effort support this reading out of sandbox
> 
> Modified:
>     lucene/dev/trunk/lucene/tools/junit4/tests.policy
> 
> Modified: lucene/dev/trunk/lucene/tools/junit4/tests.policy
> URL:
> http://svn.apache.org/viewvc/lucene/dev/trunk/lucene/tools/junit4/tests.p
> olicy?rev=1662465&r1=1662464&r2=1662465&view=diff
> ==========================================================
> ====================
> --- lucene/dev/trunk/lucene/tools/junit4/tests.policy (original)
> +++ lucene/dev/trunk/lucene/tools/junit4/tests.policy Thu Feb 26 14:46:38
> 2015
> @@ -28,6 +28,10 @@ grant {
>    // should be enclosed within common.dir, but just in case:
>    permission java.io.FilePermission "${junit4.childvm.cwd}", "read";
> 
> +  // jenkins wants to read outside its sandbox, to use a special linedocs file.
> +  // this is best effort and not really supported.
> +  permission java.io.FilePermission "/home/jenkins/lucene-
> data/enwiki.random.lines.txt", "read";
> +
>    // write only to sandbox
>    permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp",
> "read,write,delete";
>    permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-",
> "read,write,delete";



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: svn commit: r1662465 - /lucene/dev/trunk/lucene/tools/junit4/tests.policy

Posted by Robert Muir <rc...@gmail.com>.

See my reply on the mailing list. i dont want to overengineer the fix.
I have no idea what happens if this sysprop is not set or empty.


On Thu, Feb 26, 2015 at 10:00 AM, Uwe Schindler <uw...@thetaphi.de> wrote:
> Why not put:
>
> permission java.io.FilePermission "${tests.linedocsfile}", "read";
>
> This is passed as sysprop down, so it is also available to the policy file. If it's just the non-absolute path as of now, it also does not really hurt.
>
> Uwe
>
> -----
> Uwe Schindler
> H.-H.-Meier-Allee 63, D-28213 Bremen
> http://www.thetaphi.de
> eMail: uwe@thetaphi.de
>
>
>> -----Original Message-----
>> From: rmuir@apache.org [mailto:rmuir@apache.org]
>> Sent: Thursday, February 26, 2015 3:47 PM
>> To: commits@lucene.apache.org
>> Subject: svn commit: r1662465 -
>> /lucene/dev/trunk/lucene/tools/junit4/tests.policy
>>
>> Author: rmuir
>> Date: Thu Feb 26 14:46:38 2015
>> New Revision: 1662465
>>
>> URL: http://svn.apache.org/r1662465
>> Log:
>> best effort support this reading out of sandbox
>>
>> Modified:
>>     lucene/dev/trunk/lucene/tools/junit4/tests.policy
>>
>> Modified: lucene/dev/trunk/lucene/tools/junit4/tests.policy
>> URL:
>> http://svn.apache.org/viewvc/lucene/dev/trunk/lucene/tools/junit4/tests.p
>> olicy?rev=1662465&r1=1662464&r2=1662465&view=diff
>> ==========================================================
>> ====================
>> --- lucene/dev/trunk/lucene/tools/junit4/tests.policy (original)
>> +++ lucene/dev/trunk/lucene/tools/junit4/tests.policy Thu Feb 26 14:46:38
>> 2015
>> @@ -28,6 +28,10 @@ grant {
>>    // should be enclosed within common.dir, but just in case:
>>    permission java.io.FilePermission "${junit4.childvm.cwd}", "read";
>>
>> +  // jenkins wants to read outside its sandbox, to use a special linedocs file.
>> +  // this is best effort and not really supported.
>> +  permission java.io.FilePermission "/home/jenkins/lucene-
>> data/enwiki.random.lines.txt", "read";
>> +
>>    // write only to sandbox
>>    permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp",
>> "read,write,delete";
>>    permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-",
>> "read,write,delete";
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org