From b9c2c2f6f05ca03cecb9e1bc7971e40f3f10fa37 Mon Sep 17 00:00:00 2001 From: Tim B Date: Fri, 6 Jan 2017 11:10:53 -0600 Subject: [PATCH] Move IfConfig.logIfNecessary call into bootstrap (#22455) This is related to #22116. A logIfNecessary() call makes a call to NetworkInterface.getInterfaceAddresses() requiring SocketPermission connect privileges. By moving this to bootstrap the logging call can be made before installing the SecurityManager. --- .../main/java/org/elasticsearch/bootstrap/Bootstrap.java | 4 ++++ .../java/org/elasticsearch/common/network/IfConfig.java | 6 +++--- .../org/elasticsearch/common/network/NetworkService.java | 1 - .../org/elasticsearch/bootstrap/BootstrapForTesting.java | 4 ++++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java b/core/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java index 2ee2d69baf390..fc39f8f36351c 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java @@ -40,6 +40,7 @@ import org.elasticsearch.common.logging.ESLoggerFactory; import org.elasticsearch.common.logging.LogConfigurator; import org.elasticsearch.common.logging.Loggers; +import org.elasticsearch.common.network.IfConfig; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.BoundTransportAddress; import org.elasticsearch.env.Environment; @@ -207,6 +208,9 @@ public void run() { throw new BootstrapException(e); } + // Log ifconfig output before SecurityManager is installed + IfConfig.logIfNecessary(); + // install SM after natives, shutdown hooks, etc. try { Security.configure(environment, BootstrapSettings.SECURITY_FILTER_BAD_DEFAULTS_SETTING.get(settings)); diff --git a/core/src/main/java/org/elasticsearch/common/network/IfConfig.java b/core/src/main/java/org/elasticsearch/common/network/IfConfig.java index 7fd4cc6d2f316..8ad851502997b 100644 --- a/core/src/main/java/org/elasticsearch/common/network/IfConfig.java +++ b/core/src/main/java/org/elasticsearch/common/network/IfConfig.java @@ -34,17 +34,17 @@ /** * Simple class to log {@code ifconfig}-style output at DEBUG logging. */ -final class IfConfig { +public final class IfConfig { private static final Logger logger = Loggers.getLogger(IfConfig.class); private static final String INDENT = " "; /** log interface configuration at debug level, if its enabled */ - static void logIfNecessary() { + public static void logIfNecessary() { if (logger.isDebugEnabled()) { try { doLogging(); - } catch (IOException | SecurityException e) { + } catch (IOException e) { logger.warn("unable to gather network information", e); } } diff --git a/core/src/main/java/org/elasticsearch/common/network/NetworkService.java b/core/src/main/java/org/elasticsearch/common/network/NetworkService.java index b72acf8064c30..a469de03208f8 100644 --- a/core/src/main/java/org/elasticsearch/common/network/NetworkService.java +++ b/core/src/main/java/org/elasticsearch/common/network/NetworkService.java @@ -90,7 +90,6 @@ public interface CustomNameResolver { public NetworkService(Settings settings, List customNameResolvers) { super(settings); - IfConfig.logIfNecessary(); this.customNameResolvers = customNameResolvers; } diff --git a/test/framework/src/main/java/org/elasticsearch/bootstrap/BootstrapForTesting.java b/test/framework/src/main/java/org/elasticsearch/bootstrap/BootstrapForTesting.java index ed8725fa008b3..d055811644849 100644 --- a/test/framework/src/main/java/org/elasticsearch/bootstrap/BootstrapForTesting.java +++ b/test/framework/src/main/java/org/elasticsearch/bootstrap/BootstrapForTesting.java @@ -25,6 +25,7 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.io.PathUtils; +import org.elasticsearch.common.network.IfConfig; import org.elasticsearch.plugins.PluginInfo; import org.junit.Assert; @@ -89,6 +90,9 @@ public class BootstrapForTesting { throw new RuntimeException("found jar hell in test classpath", e); } + // Log ifconfig output before SecurityManager is installed + IfConfig.logIfNecessary(); + // install security manager if requested if (systemPropertyAsBoolean("tests.security.manager", true)) { try {