When a security manager is installed, by default the VM reads policy files specified in the VM installation's java.security file. By default this includes the following:
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
The user can also specify a policy file to use via system property java.security.policy. A special behavior of the value of that system property is if it starts with "=" then the policy files specified in java.security are ignored, and only the file set via the java.security.policy system property are used.
For example, this disables the use of the defaults:
See http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html for full details.
The bug is the Host Controller process' Main class handles parsing of system properties such that the value of a system property whose value begins with "=" instead becomes null. This causes the specified property file to be ignored, likely leading to permission problems on the host's servers, e.g.:
[Server:server-one] Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission module.path write)
[Server:server-one] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
[Server:server-one] at java.security.AccessController.checkPermission(AccessController.java:549)
[Server:server-one] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[Server:server-one] at java.lang.System.setProperty(System.java:741)
[Server:server-one] at org.jboss.modules.Main.main(Main.java:148)
Fix is present in the delivered bits. Verified.