java.security.AccessControlException: access denied can't be fixed in security/java.policy
Question
I'm using SonarQube and embedding addon there When I run SonarQube it gives an exception
java.security.AccessControlException: access denied ("java.io.FilePermission" "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/conf" "write")
I tried to solve it using
/etc/java-11-openjdk/security/java.policy
adding there smth like
grant {
// SonarQube plugin allow
permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk8/-", "read,write";
};
but this did not help I tried also
permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/conf", "read,write";
or
permission java.io.FilePermission "/opt/sonarqube/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF/*", "read,write";
That did not help
I even tried this
permission java.security.AllPermission;
but in this case ElasticSearch gives an error
ERROR: [1] bootstrap checks failed. You must address the points described in the following [1] lines before starting Elasticsearch. bootstrap check failure [1] of [1]: granting the all permission effectively disables security ERROR: Elasticsearch did not exit normally - check the logs at /opt/sonarqube/logs/sonarqube.log
I wonder - how can I allow JDK to create a file there?
1 answers
solution1
0 2022-05-12 14:14:47
I was able to solve the issue by just downgrading SonarQube from 9.4 to 8.9.8 LTS version of the application Now all the stuff is created where it needs to be created even without modifying /etc/java-11-openjdk/security/java.policy
pwd
/opt/sonarqube-8.9.8.54436/data/web/deploy/plugins/JbcSonarPluginjdk11/META-INF
ls -l
total 20
drwxr-xr-x 2 sonarqube sonarqube 4096 May 12 16:58 conf
drwxr-xr-x 4 sonarqube sonarqube 4096 May 12 16:58 lib
drwxr-xr-x 3 sonarqube sonarqube 4096 May 12 16:58 log
drwxr-xr-x 3 sonarqube sonarqube 4096 May 12 16:58 log_T24
-rw-r--r-- 1 sonarqube sonarqube 1 May 12 16:58 uid
-rw-r--r-- 1 sonarqube sonarqube 0 May 12 16:58 uid_lock
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.