8 rokov pred · bc16162d21
--- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
+++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
@@ -56,7 +56,7 @@ grant {
 
				   permission org.elasticsearch.SpecialPermission;
			
 
				 
			
 
				   // Allow connecting to the internet anywhere
			
 
				-  permission java.net.SocketPermission "*", "accept,connect,resolve";
			
 
				+  permission java.net.SocketPermission "*", "connect,resolve";
			
 
				 
			
 
				   // Allow read access to all system properties
			
 
				   permission java.util.PropertyPermission "*", "read";
			
--- a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy
+++ b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy
@@ -62,3 +62,8 @@ grant codeBase "${codebase.junit-4.11.jar}" {
 
				   // needed for TestClass creation
			
 
				   permission java.lang.RuntimePermission "accessDeclaredMembers";
			
 
				 };
			
 
				+
			
 
				+grant codeBase "${codebase.mocksocket-1.1.jar}" {
			
 
				+  // mocksocket accepts socket connections
			
 
				+  permission java.net.SocketPermission "*", "accept";
			
 
				+};
			
--- a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy
+++ b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy
@@ -17,6 +17,11 @@
 
				  * under the License.
			
 
				  */
			
 
				 
			
 
				+grant {
			
 
				+   // netty accepts socket connections
			
 
				+   permission java.net.SocketPermission "*", "accept";
			
 
				+};
			
 
				+
			
 
				 grant codeBase "${codebase.netty-common-4.1.7.Final.jar}" {
			
 
				    // for reading the system-wide configuration for the backlog of established sockets
			
 
				    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";