search

esnet / netshell

Kernel and companion software that support ENOS applications (NOT ACTIVELY MAINTAINED)
Other
6 stars 1 forks source link

ODL/Karaf cannot start properly due to SecurityManager #8

Closed lomaxfrog closed 8 years ago

lomaxfrog commented 9 years ago 
at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:255)

In main loop, we have serious trouble: java.lang.NullPointerException java.lang.NullPointerException at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:255) In main loop, we have serious trouble: java.lang.NullPointerException java.lang.NullPointerException at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:255) ^D

Goodbye NetShell In main loop, we have serious trouble: java.lang.NullPointerException java.lang.NullPointerException at org.apache.felix.fileinstall.internal.DirectoryWatcher.run(DirectoryWatcher.java:255) log4j:WARN No appenders could be found for logger (org.apache.karaf.service.guard). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. [WARN] Task failed net.es.netshell.kernel.security.ExitSecurityException: Cannot execute host processes at net.es.netshell.kernel.security.KernelSecurityManager.checkExec(KernelSecurityManager.java:301) at java.lang.ProcessBuilder.start(ProcessBuilder.java:1016) at java.lang.Runtime.exec(Runtime.java:617) at java.lang.Runtime.exec(Runtime.java:485) at jline.internal.TerminalLineSettings.exec(TerminalLineSettings.java:196) at jline.internal.TerminalLineSettings.exec(TerminalLineSettings.java:186) at jline.internal.TerminalLineSettings.stty(TerminalLineSettings.java:181) at jline.internal.TerminalLineSettings.set(TerminalLineSettings.java:78) at jline.NoInterruptUnixTerminal.restore(NoInterruptUnixTerminal.java:33) at jline.TerminalSupport$1.run(TerminalSupport.java:52) at jline.internal.ShutdownHooks.runTasks(ShutdownHooks.java:66) at jline.internal.ShutdownHooks.access$000(ShutdownHooks.java:22) at jline.internal.ShutdownHooks$1.run(ShutdownHooks.java:47)

lomaxfrog commented 9 years ago

After investigation, ODL tries to execute a shell script, both at start and shutdown time. This is potentially a huge security hole, so it might not be possible to just create an exception in Netshell's security manager: start time would perhaps be ok, but definitely not at shutdown time.

lomaxfrog commented 8 years ago

update: the NetShell overall security model is changing in a manner that will solve this issue:

ODL with an adapter using RabbitMQ will communicate with another instance of NetShell with the security turned on. In other words, separating ODL and NetShell in two different JVM.

This depends on the task of fully separating ODL and NetShell.