Does Java security manager work with Dockerized SDC?

asked 2019-02-06 05:56:56 -0500

Liyi
21 ●2 ●3 ●4

updated 2019-02-06 09:13:25 -0500

5409 ●26 ●41 ●81 https://about.me/patpa...

Hi, I have big headache when enabling java security manger in SDC container. I have the issue reported in github. https://github.com/streamsets/datacol...

Can somebody kindly help me?

I have edit the sdc-security.policy by appending text:

grant codebase "file:///persistent/nsc_sdc/liyi/ns/libs/-" {
  permission java.security.AllPermission;
};
grant codebase "file:///persistent/nsc_sdc/input/-" {
  permission java.security.AllPermission;
};
grant codebase "file:///persistent/nsc_sdc/output/-" {
  permission java.security.AllPermission;
};

However, this seems not helping, and below is my sdc.log output:

2019-02-06 09:52:32,634 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - Build info:
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Version        : 3.7.1
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Date           : 2019-01-11T00:39Z
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Built by       : ubuntu
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Repo SHA       : 7794ed15f51489d083022b6c823000ec9831f693
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Source MD5     : ca4c16c35ae9d9ab4fc8e38c20983077
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - Runtime info:
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Java version  : 1.8.0_192-b12
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   SDC ID        : dcb5d92c-2948-11e9-ae65-8594ed7aecd3
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Runtime dir   : /opt/streamsets-datacollector-3.7.1
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Config dir    : /persistent/nsc_sdc/liyi/ns/conf
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Data dir      : /persistent/nsc_sdc/liyi/ns/data
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Log dir       : /logs
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Extra Libs dir: /persistent/nsc_sdc/liyi/ns/libs/extras
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Security Manager : ENABLED, policy file: file:///persistent/nsc_sdc/liyi/ns/conf/sdc-security.policy, implementation: java.lang.SecurityManager
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - Starting ...
2019-02-06 09:52:32,644 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,644 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Kerberos enabled: false
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main -   Unlimited cryptography enabled: true
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - -----------------------------------------------------------------
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO  Main - Starting ...
2019-02-06 09:52:32,657 [user ...

(more)

edit retag flag offensive close merge delete

Comments

Can you edit your question to include the entire content of sdc-security.policy and also its path?

metadaddy ( 2019-02-06 09:16:08 -0500 )edit

Are you using a custom written stage? If so, what is the path to the jar location?

jeff ( 2019-02-06 10:06:50 -0500 )edit

Sorry metadaddy, the Log is not really readable: 19-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Security Manager : ENABLED, policy file: file:///persistent/nsc_sdc/liyi/ns/conf/sdc-security.policy, implementation: java.lang.SecurityManager

Liyi ( 2019-02-06 14:44:56 -0500 )edit

The content of sdc-security.policy is the same as default one except I have append the lines I wrote above.

Liyi ( 2019-02-06 14:47:05 -0500 )edit

@jeff I did not use any custom written staging lib. However, I prepare for doing so. So I overwrite the default staging lib path by exporting env variables. You may notice this at the beginning of the logs. Before sdc start, I symbolic link staging lib into my new path.

Liyi ( 2019-02-06 14:54:39 -0500 )edit

see more comments

Does Java security manager work with Dockerized SDC?

Comments

1 Answer

Question Tools

Stats

Related questions

Does Java security manager work with Dockerized SDC? edit

Comments

1 Answer

Question Tools

Stats

Related questions

Does Java security manager work with Dockerized SDC?