Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1162882 - [GSS](6.4.0) JBTM-2188 - Some code that writes to the file store is missing PrivilidgedAction blocks
[GSS](6.4.0) JBTM-2188 - Some code that writes to the file store is missing P...
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Transaction Manager (Show other bugs)
6.3.2
Unspecified Unspecified
unspecified Severity unspecified
: DR11
: EAP 6.4.0
Assigned To: tom.jenkinson
Ondrej Chaloupka
:
Depends On:
Blocks: 1165728
  Show dependency treegraph
 
Reported: 2014-11-11 17:43 EST by Brad Maxwell
Modified: 2018-03-06 15:40 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, if Security Manager was enabled then Narayana Transaction Manager could not be allowed read or write from the files of object store managed by FileSystemStore class. This was because, when the security manager is used, it verifies that the code has permissions to access the file system. This process checks the entire method call chain, meaning there is a chance that some classes do not have permission to access the filesystem. The fix implemented in this release is to access the file system as a privileged entity, `AccessController.doPrivileged()`, which reduces the stack to classes that the security manager recognizes as privileged to have file system access.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBTM-2188 Major Closed Some code that writes to the file store is missing PrivilidgedAction blocks 2018-04-12 09:11 EDT

  None (edit)
Description Brad Maxwell 2014-11-11 17:43:53 EST 
When java security manager is enabled, com.arjuna.ats.internal.arjuna.objectstore.FileSystemStore throws the exception below: 

16:23:20,930 ERROR [stderr] (ServerService Thread Pool -- 48) java.security.AccessControlException: access denied ("java.io.FilePermission" "/tmp/jboss-eap-6.3.2/standalone/data/tx-object-store/ShadowNoFileLockStore/defaultStore/EISNAME" "read")
16:23:20,931 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
16:23:20,931 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.security.AccessController.checkPermission(AccessController.java:559)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.io.File.list(File.java:1111)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.io.File.list(File.java:1149)
16:23:20,933 ERROR [stderr] (ServerService Thread Pool -- 48) 	at com.arjuna.ats.internal.arjuna.objectstore.FileSystemStore.allObjUids(FileSystemStore.java:173)
Comment 3 tom.jenkinson 2014-11-12 12:27:36 EST 
Hi, I have merged this and it will be in 6.4 - thanks for the PR!
Comment 4 tom.jenkinson 2014-11-12 12:27:53 EST 
fixed upstream
Comment 5 Ondrej Chaloupka 2014-11-27 04:12:54 EST 
Verified for EAP 6.4.0.DR11.
Verified by AS testsuite - see bz: https://bugzilla.redhat.com/show_bug.cgi?id=1144943
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.