Bug 1117862
Summary: | Need a means to set jboss-modules option -secmgr in conf files | ||
---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Carlo de Wolf <cdewolf> |
Component: | Scripts and Commands | Assignee: | James Perkins <jperkins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Slavicek <pslavice> |
Severity: | low | Docs Contact: | |
Priority: | urgent | ||
Version: | 6.3.0 | CC: | david.lloyd, fnasser, jperkins, kkhan, myarboro, pgier, pslavice |
Target Milestone: | DR4 | ||
Target Release: | EAP 6.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1145960 | ||
Bug Blocks: | 1117701 |
Description
Carlo de Wolf
2014-07-09 14:30:26 UTC
https://github.com/jbossas/jboss-eap/pull/1516 replaces 1509. From talks with QE -Djava.security.manager should remain the primary mechanism for EAP 6.3. It is too late in the process to change this and to recommend -secmgr as the primary mechanism. The PR allows passing in of -secmgr via module options. For standalone mode this is trivial. For domain mode, again -secmgr can be passed in via module options. Now from the PR two things can happen: 1) In the absence of -Djava.security.manager in the host controller options this (-secmgr) is propagated throughout the domain to the host controller and the servers. Note that it is not possible to determine if -secmgrmodule was used, so in effect this will be translated into a plain -secmgr. This should be fine for 6.3.0 since https://bugzilla.redhat.com/show_bug.cgi?id=1117862#c2 indicates that the MODULES_OPT is unsupported. 2) If -Djava.security.manager is present in the host controller options, then no -secmgr is added to the host-controller or its servers. In other words security manager propagation will work in a domain as it has been up to this point. Verification failed due to bug 1145960. Moving back to modified since linked issue is at modified. Verified in EAP 6.4.0.DR11. |