Wrap a call to QatZipper with AccessController.doPrivileged. #211
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com>
mulugetam
requested review from
andrross,
reta,
nknize and
sarthakaggarwal97
as code owners
reta
requested changes
Jan 9, 2025
There was a problem hiding this comment.
@mulugetam this permission in general should never be granted (especially, in case of codecs), and usually indicates the issue in other places (caller site). I believe you have to wrap the call into AccessController.doPriveledged instead
|
@reta will do that. |
Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com>
mulugetam
changed the title
reta
approved these changes
Jan 10, 2025
|
Thanks @mulugetam , I see the failing CI check, will fix it first thing tomorrow (if you have an opportunity, please apply the changes from opensearch-project/ml-commons#3223, thank you) |
|
@mulugetam could you please rebase? thank you! |
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
|
Just did. Thank you @reta |
reta
reviewed
Jan 10, 2025
| env: | ||
| ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | ||
|
|
||
| options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }} |
There was a problem hiding this comment.
Interesting, this change is in main already ...
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jan 10, 2025
* Grant qat-java a permission to modify arbitrary thread. Signed-off-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com> * Wrap a QatZipper() inside AccessController.doPrivileged(). Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com> * Fix GitHib action workflows (#212) Signed-off-by: Andriy Redko <andriy.redko@aiven.io> --------- Signed-off-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Co-authored-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Co-authored-by: Andriy Redko <andriy.redko@aiven.io> (cherry picked from commit 9de7fd3) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
reta
added a commit
that referenced
this pull request
Jan 10, 2025
…214) * Grant qat-java a permission to modify arbitrary thread. * Wrap a QatZipper() inside AccessController.doPrivileged(). * Fix GitHib action workflows (#212) --------- (cherry picked from commit 9de7fd3) Signed-off-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Signed-off-by: Mulugeta Mammo <mulugeta.mammo@intel.com> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Ubuntu <ubuntu@ip-172-31-60-200.us-west-2.compute.internal> Co-authored-by: Andriy Redko <andriy.redko@aiven.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A customer reached out to inform us that they were unable to use
qat_deflateandqat_lz4. Upon investigation, I discovered thatisQATAvailable()was returningfalsedue to ajava.securitypermission fail in here. This behavior is unexpected, as my initial PR did not require it (as far as I can remember).This PR addresses the issue by adding the necessary permission to the
qat-javacodebase.@sarthakaggarwal97
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.