Bug 2100675

Summary: Revert to disabling system security properties and FIPS mode support together [rhel-8, openjdk-8]
Product: Red Hat Enterprise Linux 8 Reporter: Andrew John Hughes <ahughes>
Component: java-1.8.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: OpenJDK QA <java-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.6CC: fferrari, jandrlik, jvanek, pmikova
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-1.8.0-openjdk-1.8.0.332.b09-5.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2108564 2108565 (view as bug list) Environment:
Last Closed: 2022-11-08 09:47:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2108564, 2108565    

Description Andrew John Hughes 2022-06-24 00:38:22 UTC 
This bug was initially created as a copy of Bug #2090378

I am copying this bug because: 

Also needs to be fixed in 8

Description of problem:
Right now there is no way to disable OpenJDK FIPS for all java applications running on a FIPS enabled host. I.e. let everything else - non-Java - be in FIPS mode, but disable it for OpenJDK applications.

Version-Release number of selected component (if applicable):
11.0.15+10

Actual results:
FIPS mode needs to be disabled with '-Dcom.redhat.fips=false -Djava.security.disableSystemPropertiesFile=true' for *every* Java application.

Expected results:
Modify some configuration file that changes this for all Java applications on the current host.

Additional Info:
Prior to the improved FIPS support patch, which didn't use /proc, there was the possibility to set security.useSystemPropertiesFile=false in java.security config file which disabled FIPS globally on the system.
Comment 12 errata-xmlrpc 2022-11-08 09:47:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (java-1.8.0-openjdk bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6299