Bug 2100676

Summary: Revert to disabling system security properties and FIPS mode support together [rhel-9, openjdk-11]
Product: Red Hat Enterprise Linux 9 Reporter: Andrew John Hughes <ahughes>
Component: java-11-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: OpenJDK QA <java-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: fferrari, jandrlik, pmikova
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-11-openjdk-11.0.15.0.10-4.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2107868 (view as bug list) Environment:
Last Closed: 2022-11-15 10:09:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2107868    

Description Andrew John Hughes 2022-06-24 00:39:53 UTC 
This bug was initially created as a copy of Bug #2090378

I am copying this bug because: 

Need to sync with RHEL 9

Description of problem:
Right now there is no way to disable OpenJDK FIPS for all java applications running on a FIPS enabled host. I.e. let everything else - non-Java - be in FIPS mode, but disable it for OpenJDK applications.

Version-Release number of selected component (if applicable):
11.0.15+10

Actual results:
FIPS mode needs to be disabled with '-Dcom.redhat.fips=false -Djava.security.disableSystemPropertiesFile=true' for *every* Java application.

Expected results:
Modify some configuration file that changes this for all Java applications on the current host.

Additional Info:
Prior to the improved FIPS support patch, which didn't use /proc, there was the possibility to set security.useSystemPropertiesFile=false in java.security config file which disabled FIPS globally on the system.
Comment 11 errata-xmlrpc 2022-11-15 10:09:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (java-11-openjdk bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6694