From 127bdd9bf9c7ba83a938153999143de8e32304b3 Mon Sep 17 00:00:00 2001 From: Nikola Grcevski <6207777+grcevski@users.noreply.github.com> Date: Mon, 18 Apr 2022 19:33:00 -0400 Subject: [PATCH] Remove references to bootstrap.system_call_filter (#85964) --- docs/reference/setup/bootstrap-checks.asciidoc | 5 ++--- .../org/elasticsearch/bootstrap/BootstrapSettings.java | 7 +------ .../org/elasticsearch/bootstrap/BootstrapChecksTests.java | 7 +------ 3 files changed, 4 insertions(+), 15 deletions(-) diff --git a/docs/reference/setup/bootstrap-checks.asciidoc b/docs/reference/setup/bootstrap-checks.asciidoc index f68b0259bb98a..993fe10e1989b 100644 --- a/docs/reference/setup/bootstrap-checks.asciidoc +++ b/docs/reference/setup/bootstrap-checks.asciidoc @@ -195,10 +195,9 @@ filters are installed to prevent the ability to execute system calls related to forking as a defense mechanism against arbitrary code execution attacks on Elasticsearch. The system call filter check ensures that if system call filters are enabled, then they were successfully -installed. To pass the system call filter check you must either fix any +installed. To pass the system call filter check you must fix any configuration errors on your system that prevented system call filters -from installing (check your logs), or *at your own risk* disable system -call filters by setting `bootstrap.system_call_filter` to `false`. +from installing (check your logs). === OnError and OnOutOfMemoryError checks diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapSettings.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapSettings.java index 498a91256ccac..3569a8ee37537 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapSettings.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapSettings.java @@ -23,12 +23,7 @@ private BootstrapSettings() {} ); public static final Setting MEMORY_LOCK_SETTING = Setting.boolSetting("bootstrap.memory_lock", false, Property.NodeScope); - public static final Setting SYSTEM_CALL_FILTER_SETTING = Setting.boolSetting( - "bootstrap.system_call_filter", - true, - Property.DeprecatedWarning, - Property.NodeScope - ); + public static final Setting CTRLHANDLER_SETTING = Setting.boolSetting("bootstrap.ctrlhandler", true, Property.NodeScope); } diff --git a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java index e6bb2395a28bc..2397e51d1e68f 100644 --- a/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java +++ b/server/src/test/java/org/elasticsearch/bootstrap/BootstrapChecksTests.java @@ -441,12 +441,7 @@ String getUseSerialGC() { public void testSystemCallFilterCheck() throws NodeValidationException { final AtomicBoolean isSystemCallFilterInstalled = new AtomicBoolean(); - final BootstrapContext context; - if (randomBoolean()) { - context = createTestContext(Settings.builder().put("bootstrap.system_call_filter", true).build(), null); - } else { - context = emptyContext; - } + final BootstrapContext context = emptyContext; final BootstrapChecks.SystemCallFilterCheck systemCallFilterEnabledCheck = new BootstrapChecks.SystemCallFilterCheck() {