java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/os-release" "read") (#10018)
Motivation: Modifications: - Wrap the code and execute with an AccessController - Ignore SecurityException (by just logging it) - Add some more debug logging Result: Fixes https://github.com/netty/netty/issues/10017
This commit is contained in:
parent
1859170e69
commit
713e0aa68a
@ -118,7 +118,10 @@ public final class PlatformDependent {
|
|||||||
private static final ThreadLocalRandomProvider RANDOM_PROVIDER;
|
private static final ThreadLocalRandomProvider RANDOM_PROVIDER;
|
||||||
private static final Cleaner CLEANER;
|
private static final Cleaner CLEANER;
|
||||||
private static final int UNINITIALIZED_ARRAY_ALLOCATION_THRESHOLD;
|
private static final int UNINITIALIZED_ARRAY_ALLOCATION_THRESHOLD;
|
||||||
|
// For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html
|
||||||
|
private static final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"};
|
||||||
|
private static final String LINUX_ID_PREFIX = "ID=";
|
||||||
|
private static final String LINUX_ID_LIKE_PREFIX = "ID_LIKE=";
|
||||||
public static final boolean BIG_ENDIAN_NATIVE_ORDER = ByteOrder.nativeOrder() == ByteOrder.BIG_ENDIAN;
|
public static final boolean BIG_ENDIAN_NATIVE_ORDER = ByteOrder.nativeOrder() == ByteOrder.BIG_ENDIAN;
|
||||||
|
|
||||||
private static final Cleaner NOOP = new Cleaner() {
|
private static final Cleaner NOOP = new Cleaner() {
|
||||||
@ -212,16 +215,15 @@ public final class PlatformDependent {
|
|||||||
"instability.");
|
"instability.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// For specifications, see https://www.freedesktop.org/software/systemd/man/os-release.html
|
final Set<String> allowedClassifiers = Collections.unmodifiableSet(
|
||||||
final String[] OS_RELEASE_FILES = {"/etc/os-release", "/usr/lib/os-release"};
|
new HashSet<String>(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS)));
|
||||||
final String LINUX_ID_PREFIX = "ID=";
|
final Set<String> availableClassifiers = new LinkedHashSet<String>();
|
||||||
final String LINUX_ID_LIKE_PREFIX = "ID_LIKE=";
|
for (final String osReleaseFileName : OS_RELEASE_FILES) {
|
||||||
Set<String> allowedClassifiers = new HashSet<String>(Arrays.asList(ALLOWED_LINUX_OS_CLASSIFIERS));
|
|
||||||
allowedClassifiers = Collections.unmodifiableSet(allowedClassifiers);
|
|
||||||
Set<String> availableClassifiers = new LinkedHashSet<String>();
|
|
||||||
|
|
||||||
for (String osReleaseFileName : OS_RELEASE_FILES) {
|
|
||||||
final File file = new File(osReleaseFileName);
|
final File file = new File(osReleaseFileName);
|
||||||
|
boolean found = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
|
||||||
|
@Override
|
||||||
|
public Boolean run() {
|
||||||
|
try {
|
||||||
if (file.exists()) {
|
if (file.exists()) {
|
||||||
BufferedReader reader = null;
|
BufferedReader reader = null;
|
||||||
try {
|
try {
|
||||||
@ -232,15 +234,19 @@ public final class PlatformDependent {
|
|||||||
String line;
|
String line;
|
||||||
while ((line = reader.readLine()) != null) {
|
while ((line = reader.readLine()) != null) {
|
||||||
if (line.startsWith(LINUX_ID_PREFIX)) {
|
if (line.startsWith(LINUX_ID_PREFIX)) {
|
||||||
String id = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_PREFIX.length()));
|
String id = normalizeOsReleaseVariableValue(
|
||||||
|
line.substring(LINUX_ID_PREFIX.length()));
|
||||||
addClassifier(allowedClassifiers, availableClassifiers, id);
|
addClassifier(allowedClassifiers, availableClassifiers, id);
|
||||||
} else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) {
|
} else if (line.startsWith(LINUX_ID_LIKE_PREFIX)) {
|
||||||
line = normalizeOsReleaseVariableValue(line.substring(LINUX_ID_LIKE_PREFIX.length()));
|
line = normalizeOsReleaseVariableValue(
|
||||||
|
line.substring(LINUX_ID_LIKE_PREFIX.length()));
|
||||||
addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+"));
|
addClassifier(allowedClassifiers, availableClassifiers, line.split("[ ]+"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (IOException ignored) {
|
} catch (SecurityException e) {
|
||||||
// Ignore
|
logger.debug("Unable to read {}", osReleaseFileName, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
logger.debug("Error while reading content of {}", osReleaseFileName, e);
|
||||||
} finally {
|
} finally {
|
||||||
if (reader != null) {
|
if (reader != null) {
|
||||||
try {
|
try {
|
||||||
@ -251,6 +257,16 @@ public final class PlatformDependent {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// specification states we should only fall back if /etc/os-release does not exist
|
// specification states we should only fall back if /etc/os-release does not exist
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} catch (SecurityException e) {
|
||||||
|
logger.debug("Unable to check if {} exists", osReleaseFileName, e);
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if (found) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user