Skip to content

Commit 9db5e67

Browse files
retareta
authored
Fix security policy for Windows based builds and deployments (#17878)
Signed-off-by: Andriy Redko <[email protected]>
1 parent 8964f63 commit 9db5e67

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

server/src/main/resources/org/opensearch/bootstrap/security.policy

+7
Original file line numberDiff line numberDiff line change
@@ -91,30 +91,37 @@ grant codeBase "${codebase.zstd-jni}" {
9191
// repository-azure plugin and server side streaming
9292
grant codeBase "${codebase.reactor-core}" {
9393
permission java.net.SocketPermission "*", "connect,resolve";
94+
permission java.net.NetPermission "accessUnixDomainSocket";
9495
};
9596

9697
grant codeBase "${codebase.opensearch-cli}" {
9798
permission java.net.SocketPermission "*", "connect,resolve";
99+
permission java.net.NetPermission "accessUnixDomainSocket";
98100
};
99101

100102
grant codeBase "${codebase.opensearch-core}" {
101103
permission java.net.SocketPermission "*", "connect,resolve";
104+
permission java.net.NetPermission "accessUnixDomainSocket";
102105
};
103106

104107
grant codeBase "${codebase.jackson-core}" {
105108
permission java.net.SocketPermission "*", "connect,resolve";
109+
permission java.net.NetPermission "accessUnixDomainSocket";
106110
};
107111

108112
grant codeBase "${codebase.opensearch-common}" {
109113
permission java.net.SocketPermission "*", "connect,resolve";
114+
permission java.net.NetPermission "accessUnixDomainSocket";
110115
};
111116

112117
grant codeBase "${codebase.opensearch-x-content}" {
113118
permission java.net.SocketPermission "*", "connect,resolve";
119+
permission java.net.NetPermission "accessUnixDomainSocket";
114120
};
115121

116122
grant codeBase "${codebase.opensearch}" {
117123
permission java.net.SocketPermission "*", "connect,resolve";
124+
permission java.net.NetPermission "accessUnixDomainSocket";
118125
};
119126

120127
//// Everything else:

server/src/main/resources/org/opensearch/bootstrap/test-framework.policy

+3
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ grant codeBase "${codebase.lucene-test-framework}" {
8181
permission java.nio.file.LinkPermission "hard";
8282
// needed for RAMUsageTester
8383
permission java.lang.RuntimePermission "accessDeclaredMembers";
84+
permission java.net.NetPermission "accessUnixDomainSocket";
8485
};
8586

8687
grant codeBase "${codebase.randomizedtesting-runner}" {
@@ -92,6 +93,7 @@ grant codeBase "${codebase.randomizedtesting-runner}" {
9293
permission org.opensearch.secure_sm.ThreadPermission "modifyArbitraryThreadGroup";
9394
// needed for TestClass creation
9495
permission java.lang.RuntimePermission "accessDeclaredMembers";
96+
permission java.net.NetPermission "accessUnixDomainSocket";
9597
};
9698

9799
grant codeBase "${codebase.junit}" {
@@ -176,4 +178,5 @@ grant {
176178
permission org.opensearch.secure_sm.ThreadContextPermission "stashAndMergeHeaders";
177179
permission org.opensearch.secure_sm.ThreadContextPermission "stashWithOrigin";
178180
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
181+
permission java.net.NetPermission "accessUnixDomainSocket";
179182
};

0 commit comments

Comments
 (0)