Bug 1128815
Summary: | Git + SSH Cloning of Business Central Git Repository Fails if Java Security Manager is Enabled | ||
---|---|---|---|
Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Joe Hunt <jdhunt> |
Component: | Business Central | Assignee: | Alexandre Porcelli <porcelli> |
Status: | CLOSED EOL | QA Contact: | Karel Suta <ksuta> |
Severity: | low | Docs Contact: | |
Priority: | high | ||
Version: | 6.0.2 | CC: | cdolphy, jdhunt, kverlaen, maurizio.antillon, mbaluch, porcelli, rrajasek |
Target Milestone: | ER4 | ||
Target Release: | 6.1.0 | ||
Hardware: | Unspecified | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-27 19:12:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1175682 | ||
Bug Blocks: |
Description
Joe Hunt
2014-08-11 15:21:43 UTC
We've updated sshd to 0.12.0 for 6.1.x product (sshd-332 is fixed on this version). Cannot be verified in 6.1.0.ER4, testing blocked by BZ1175682 . Tried with 6.1.0.ER6, but still doesn't work. With security manager disabled it is possible to clone repository using SSH, when security manager is enabled then it isn't possible to authenticate - got message "Permission denied, please try again." Security manager enabled by adding this line to standalone.conf: JAVA_OPTS="$JAVA_OPTS -Djboss.modules.policy-permissions=true -Djava.security.manager \"-Djava.security.policy=$DIRNAME/security.policy\" \"-Dkie.security.policy=$DIRNAME/kie.policy\"" The change in sshd-332 appears to have just been wrapping some of the nio call with a AccessController.doPrivileged block. This means that the caller doesn't need to have the permission to do the nio, just the sshd library. End result is that some permission might still need to be added to the policy, but at least the application won't have to add the same permission. Can you add -Djava.security.debug=access:failure and reproduce the issue? This should give an error message that will help determine the missing permission. |