java.security.AccessControlException caused on new app
332 views
Skip to first unread message
Takuya ASADA
Jun 5, 2014, 4:37:49 PM6/5/14
to Osv Dev
I made following patch for adding Apache Derby module:
https://gist.githubusercontent.com/syuu1228/3eba6d0042d5f0c91ca6/raw/520e66d66f499b0a9b5df037571d3ba12ff47312/0001-Add-Apache-Derby.patchBut it causes AccessControlException, even "permission java.security.AllPermission;" applied on security policy.
$ ./scripts/run.py -n
OSv v0.09-11-g8a7f5e8
eth0: 192.168.122.89
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.1")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkExit(SecurityManager.java:761)
at java.lang.Runtime.exit(Runtime.java:107)
at java.lang.System.exit(System.java:962)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at io.osv.ContextIsolator.runMain(ContextIsolator.java:220)
at io.osv.ContextIsolator.access$400(ContextIsolator.java:29)
at io.osv.ContextIsolator$3.run(ContextIsolator.java:107)
Exception was caught while running -cp /db-derby/lib/derby.jar:/db-derby/lib/derbynet.jar:/db-derby/lib/derbytools.jar:/db-derby/lib/derbyclient.jar org.apache.derby.drda.NetworkServerControl start exception: io.osv.ContextFailedException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.1")
io.osv.ContextFailedException: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.1")
at io.osv.Context.join(Context.java:63)
at io.osv.ContextIsolator.runSync(ContextIsolator.java:136)
at io.osv.MultiJarLoader$RunOnThread.run(MultiJarLoader.java:113)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.1")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkExit(SecurityManager.java:761)
at java.lang.Runtime.exit(Runtime.java:107)
at java.lang.System.exit(System.java:962)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at io.osv.ContextIsolator.runMain(ContextIsolator.java:220)
at io.osv.ContextIsolator.access$400(ContextIsolator.java:29)
at io.osv.ContextIsolator$3.run(ContextIsolator.java:107)
Exception in thread "Thread-0" java.security.AccessControlException: access denied ("java.util.logging.LoggingPermission" "control")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.util.logging.LogManager.checkPermission(LogManager.java:1376)
at java.util.logging.LogManager.reset(LogManager.java:1127)
at io.osv.jul.IsolatingLogManager.reset(IsolatingLogManager.java:58)
at java.util.logging.LogManager$Cleaner.run(LogManager.java:248)
Exception in thread "Thread-1" java.security.AccessControlException: access denied ("java.util.logging.LoggingPermission" "control")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.util.logging.LogManager.checkPermission(LogManager.java:1376)
at java.util.logging.LogManager.reset(LogManager.java:1127)
at java.util.logging.LogManager$Cleaner.run(LogManager.java:248)
Tomasz Grabiec
Jun 6, 2014, 9:35:22 AM6/6/14
to Takuya ASADA, Osv Dev
On Thu, Jun 5, 2014 at 10:37 PM, Takuya ASADA <sy...@cloudius-systems.com> wrote:
I made following patch for adding Apache Derby module:https://gist.githubusercontent.com/syuu1228/3eba6d0042d5f0c91ca6/raw/520e66d66f499b0a9b5df037571d3ba12ff47312/0001-Add-Apache-Derby.patch
But it causes AccessControlException, even "permission java.security.AllPermission;" applied on security policy.
We get this exception because derby tries to execute System.exit() for which its domain does not have permission. It turns out that it should, the original java Launcher gives the "exitVM" permission explicitly to all classes loaded via default system classloader, so we should probably emulate this behavior. I will send a patch for that.
Btw, derby installs security manager by default since https://issues.apache.org/jira/browse/DERBY-2196. To disable this we can just pass "-noSecurityManager" as an argument to "start" command, but we shouldn't do that for security reasons.
Another question is, why does it try to call System.exit(1). Turns out that there is an exception thrown from installSecurityManager() which is caught and results in System.exit(1) being called. It also turns out that unless you set "-Dderby.drda.debug=true", derby will not print this exception before exiting (!). The exception is:
java.util.MissingResourceException: Can't find bundle for base name org.apache.derby.loc.drda.messages, locale en
at java.util.ResourceBundle.throwMissingResourceException(ResourceBundle.java:1499)
at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1322)
at java.util.ResourceBundle.getBundle(ResourceBundle.java:795)
at org.apache.derby.iapi.tools.i18n.LocalizedResource.setResource(LocalizedResource.java:184)
at org.apache.derby.iapi.tools.i18n.LocalizedResource.getTextMessage(LocalizedResource.java:311)
at org.apache.derby.iapi.tools.i18n.LocalizedResource.getTextMessage(LocalizedResource.java:273)
at org.apache.derby.impl.drda.NetworkServerControlImpl.localizeMessage(NetworkServerControlImpl.java:3536)
at org.apache.derby.impl.drda.NetworkServerControlImpl.localizeMessage(NetworkServerControlImpl.java:3492)
at org.apache.derby.drda.NetworkServerControl.installSecurityManager(NetworkServerControl.java:705)
The bundle actually exists and resides in derbynet.jar but since we have a SecurityManager installed and runjava.jar domain, which is a parent of derbynet.jar, does not have permissions for reading other jars than itself we fail on permission check inside the class loader. When the same code is run on the host it passes the check because derbynet.jar is invoked directly from an all-privileged context. I think the solution is to make our runjava.jar all-privileged by default. One way to do that is to grant the permissions explicitly in the java.policy file, or put runjava.jar in the extensions directory (/usr/lib/jvm/jre/lib/ext). The latter is simpler so I will send a patch with that approach.
--
You received this message because you are subscribed to the Google Groups "OSv Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tomasz Grabiec
Jun 12, 2014, 7:10:17 AM6/12/14
to Takuya ASADA, Osv Dev
The fix is upstream, you can retest now.
Reply all
Reply to author
Forward
0 new messages