magibney commented on a change in pull request #304:
URL: https://github.com/apache/solr/pull/304#discussion_r716732732
##########
File path: gradle/testing/randomization/policies/solr-tests.policy
##########
@@ -226,4 +226,8 @@ grant {
permission java.io.FilePermission "${gradle.worker.jar}", "read";
// Allow reading from classpath JARs (resources).
permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
+ // Allow reading from local Lucene development repository, if used.
+ permission java.io.FilePermission "${lucene-dev-repo.dir}${/}-", "read";
+ // Allow reading jars from mavenLocal repository
+ permission java.io.FilePermission
"${user.home}${/}.m2${/}repository${/}org${/}apache${/}lucene${/}-", "read";
Review comment:
One side-effect of needing to set the `lucene-dev-repo.dir` property so
that it's accessible in the security policy here is that if that property is
left _unset_, the entire associated `permission...` line is ignored. I'm sure
it's not a big deal one way or another, but we'd have the option of taking an
analogous approach `mavenLocal`. A couple of benefits, maybe more theoretical
than practical:
1. the additional permission line would only have an effect in the cases
where it's relevant
2. the construction and addition of the mavenLocal path could be kept within
the build tool, which seems perhaps cleaner than building it directly (and
unconditionally) in the java security policy file
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
