Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NB config: disable TopSecurityManager and enable exit logging #8169

Merged
merged 1 commit into from
Jan 20, 2025
Merged

NB config: disable TopSecurityManager and enable exit logging #8169

merged 1 commit into from
Jan 20, 2025
+1 −1

Conversation

mbien
Copy link
Member

@mbien mbien commented Jan 17, 2025
edited
Loading

Suggestion came up on apache slack to do another release without applying #3386 or #7928 but disabling TopSecurityManager instead.

this PR:

  • replaces -Djava.security.manager=allow' with -DTopSecurityManager.disable=trueand-Djava.lang.Runtime.level=FINE`
  • allows launching NB builds on JDK 17-24

cons:

  • contrary to Remove SecurityManager layer #7928, no tests ran on JDK 24 with this config (and CI will continue testing on JDK 23 as upper bound)
  • even though I run those flags since NB 23 on JDK 23, I didn't actually test it on JDK 24 (I tested the removal PR instead)
  • -> current confidence level regarding JDK 24 + topsec disabled: "works on my machine"

pros:

  • can be switched on again if problems are encountered

@mbien
NB config: disable TopSecurityManager and enable exit logging
7b22ad7 
 - replaces '-Djava.security.manager=allow' with
   '-DTopSecurityManager.disable=true' and
   '-Djava.lang.Runtime.level=FINE'
 - allows launching NB builds on JDK 17-24
@mbien mbien added Platform [ci] enable platform tests (platform/*) ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) labels Jan 17, 2025
@mbien mbien added this to the NB25 milestone Jan 17, 2025
@mbien mbien mentioned this pull request Jan 17, 2025
Open
@matthiasblaesing
Copy link
Contributor

Would make sense from my POV.

@mbien
Copy link
Member Author

mbien commented Jan 19, 2025

planning to merge this on monday so that it is in a few days before freeze unless told otherwise.

@eirikbakke
Copy link
Contributor

Reading the discussions from #3386 this seems like a good idea. Perhaps not all of the old SecurityManager-related functionality is really necessary anymore. It will be useful to know what (if anything) breaks when we simply disable it by default for a while. (That was my understanding of the discussion, anyway.)

I'll run with TopSecurityManager.disable=true on my MacOS/OpenJDK 21 setup from now on and watch out for any issues. I see that others have done the same for a while on their own machines.

@mbien
Copy link
Member Author

mbien commented Jan 19, 2025
edited
Loading

Reading the discussions from #3386 this seems like a good idea.

in a perfect world we would have set this for NB 24 already - but back then we couldn't since the launcher wasn't fixed yet. I have some concerns doing this so late since it pushes everything back to the very last minute but there is no time for anything else anyway at this point (+ I wished there was more discussion on the dev list threads). As long as we integrate one of the SM removal PRs early during NB 26 so that we can finally start running tests on JDK 24 and catch up so to speak.

@eirikbakke
Copy link
Contributor

As long as we integrate one of the SM removal PRs early during NB 26 so that we can finally start running tests on JDK 24 and catch up so to speak.

Disabling the SecurityManager with an easily revertible flag for one release first seems like a good separate step. It's a bit of a "rip the band-aid" situation, but eventually OpenJDK will rip it for us.

I wished there was more discussion on the dev list threads

I saw the discussions myself but never quite managed to understand what the SecurityManager was doing that was essential. I just understood the part about protection from System.exit(), which seemed like something we could live without. And there seems to be a lot of other things which are mainly diagnostic in nature. Though it sounds like there are a lot of tests that break without it.

If problems do arise from this PR, I bet more people will get involved in the discussion.

@mbien
Copy link
Member Author

mbien commented Jan 19, 2025
edited
Loading

Disabling the SecurityManager with an easily revertible flag for one release first seems like a good separate step. It's a bit of a "rip the band-aid" situation, but eventually OpenJDK will rip it for us.

I never had anything against this idea, except the timing - the consequence is that NB 25 will be released with nb-javac 24 while having CI still test on JDK 23. The only PR which did test on JDK 24 so far was #7928.

I saw the discussions myself but never quite managed to understand what the SecurityManager was doing that was essential. I just understood the part about protection from System.exit(), which seemed like something we could live without. And there seems to be a lot of other things which are mainly diagnostic in nature. Though it sounds like there are a lot of tests that break without it.

the linked PR does list a few things and discusses them / gives alternatives where applicable

@mbien
Copy link
Member Author

mbien commented Jan 20, 2025

planning to merge this on monday so that it is in a few days before freeze unless told otherwise.

saw no change requests (PR was also linked to the dev list) -> merging

@mbien mbien merged commit 5df292f into apache:master Jan 20, 2025
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci:dev-build [ci] produce a dev-build zip artifact (7 days expiration, see link on workflow summary page) Platform [ci] enable platform tests (platform/*)
Projects
None yet
Milestone
NB25
Development

Successfully merging this pull request may close these issues.
3 participants
@mbien @matthiasblaesing @eirikbakke