Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JEP 486: Permanently Disable the Security Manager #20563

Open
pshipton opened this issue Nov 11, 2024 · 13 comments
Open

JEP 486: Permanently Disable the Security Manager #20563

pshipton opened this issue Nov 11, 2024 · 13 comments
Assignees
@theresa-m
Labels
comp:test comp:vm JEP
Milestone
Java 24 (0.50)

Comments

@pshipton
Copy link
Member

See https://openjdk.org/jeps/486
@pshipton pshipton added this to the Java 24 milestone Nov 11, 2024
@github-actions GitHub Actions
Copy link

Issue Number: 20563
Status: Open
Recommended Components: comp:vm, comp:jclextensions, comp:build
Recommended Assignees: jasonfengj9, babsingh, longyuzhang

@pshipton
Copy link
Member Author

@tajila

@tajila
Copy link
Contributor

tajila commented Nov 11, 2024

@theresa-m Please take a look at this

@theresa-m
Copy link
Contributor

theresa-m commented Nov 12, 2024
edited
Loading

https://bugs.openjdk.org/browse/JDK-8338412 contains a list of JCL specification changes.

The following classes will need to be updated in j9:

@pshipton pshipton mentioned this issue Nov 13, 2024
Merged
@pshipton
Copy link
Member Author

FYI #20586

@JasonFengJ9
Copy link
Member

#20586 unblocks the JDK24 merging & abuild jobs.
There are still other issues to be addressed as per #20563 (comment)

@theresa-m theresa-m mentioned this issue Nov 18, 2024
Merged
@theresa-m theresa-m mentioned this issue Nov 28, 2024
Open
@theresa-m
Copy link
Contributor

theresa-m commented Dec 5, 2024
edited
Loading

This is a list of work to be done after #20625 fyi @JasonFengJ9

@JasonFengJ9
Copy link
Member

JasonFengJ9 commented Dec 10, 2024
edited
Loading

openjdknext_j9_sanity.system_aarch64_linux

15:01:36  TESTING:
15:01:36  Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:36  	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:36  	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:36  	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:36  	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:36  -----------------------------------
15:01:36  MachineInfo_0_FAILED

15:01:41  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:41  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:41  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:41  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:41  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:41  Generation failed
15:01:41  -----------------------------------
15:01:41  TestJlmLocal_0_FAILED

15:01:44  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:44  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:44  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:44  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:44  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:44  Generation failed
15:01:44  -----------------------------------
15:01:44  TestJlmRemoteMemoryAuth_0_FAILED

15:01:46  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:46  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:46  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:46  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:46  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:46  Generation failed
15:01:46  -----------------------------------
15:01:46  TestJlmRemoteMemoryNoAuth_0_FAILED

15:01:50  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:50  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:50  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:50  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:50  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:50  Generation failed
15:01:50  -----------------------------------
15:01:50  TestIBMJlmLocal_0_FAILED

15:01:52  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:52  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:52  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:52  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:52  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:52  Generation failed
15:01:52  -----------------------------------
15:01:52  TestIBMJlmRemoteClassNoAuth_0_FAILED

15:01:56  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:56  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:56  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:56  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:56  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:56  Generation failed
15:01:56  -----------------------------------
15:01:56  ParallelStreamsLoadTest_CS_0_FAILED

15:01:58  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:58  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:58  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:58  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:58  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:58  Generation failed
15:01:58  -----------------------------------
15:01:58  MathLoadTest_bigdecimal_5m_0_FAILED

15:02:01  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:01  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:01  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:01  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:01  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:01  Generation failed
15:02:01  -----------------------------------
15:02:01  MauveMultiThrdLoad_5m_0_FAILED

15:02:06  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:06  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:06  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:06  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:06  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:06  Generation failed
15:02:06  -----------------------------------
15:02:06  CpMp_MP_0_FAILED

15:02:11  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:11  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:11  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:11  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:11  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:11  Generation failed
15:02:11  -----------------------------------
15:02:11  InternalAPIs_0_FAILED

15:02:13  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:13  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:13  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:13  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:13  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:13  Generation failed
15:02:13  -----------------------------------
15:02:13  AutoMod1_0_FAILED

15:02:14  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:14  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:14  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:14  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:14  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:14  Generation failed
15:02:14  -----------------------------------
15:02:14  AutoMod_Impl1_0_FAILED

15:02:15  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:15  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:15  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:15  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:15  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:15  Generation failed
15:02:15  -----------------------------------
15:02:15  AutoMod_Impl3_0_FAILED

15:02:18  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:18  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:18  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:18  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:18  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:18  Generation failed
15:02:18  -----------------------------------
15:02:18  PatMod_AppMod_0_FAILED

15:02:19  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:19  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:19  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:19  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:19  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:19  Generation failed
15:02:19  -----------------------------------
15:02:19  PatModImg_PlatMod_0_FAILED

15:02:20  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:20  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:20  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:20  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:20  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:20  Generation failed
15:02:20  -----------------------------------
15:02:20  PatModImg_AppMod_0_FAILED

15:02:22  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:22  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:22  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:22  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:22  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:22  Generation failed
15:02:22  -----------------------------------
15:02:22  PatModImg_Unex_0_FAILED

15:02:27  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:27  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:27  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:27  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:27  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:27  Generation failed
15:02:27  -----------------------------------
15:02:27  Jlink_AddMLimitM_0_FAILED

15:02:28  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:28  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:28  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:28  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:28  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:28  Generation failed
15:02:28  -----------------------------------
15:02:28  CpMpJlink_0_FAILED

15:02:30  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:30  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:30  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:30  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:30  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:30  Generation failed
15:02:30  -----------------------------------
15:02:30  Jlink_GenOpt_0_FAILED

15:02:36  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:02:36  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:02:36  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:02:36  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:02:36  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:02:36  Generation failed
15:02:36  -----------------------------------
15:02:36  NioLoadTest_5m_1_FAILED

15:01:39  GEN stderr Exception in thread "(unnamed thread)" java/lang/Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported.
15:01:39  GEN stderr 	at java/lang/System.initSecurityManager (java.base@24-internal/System.java:913)
15:01:39  GEN stderr 	at java/lang/ClassLoader.initializeClassLoaders (java.base@24-internal/ClassLoader.java:227)
15:01:39  GEN stderr 	at java/lang/Thread.initialize (java.base@24-internal/Thread.java:2722)
15:01:39  GEN stderr 	at java/lang/Thread.<init> (java.base@24-internal/Thread.java:2773)
15:01:39  Generation failed
15:01:39  -----------------------------------
15:01:39  DaaLoadTest_daa2_5m_1_FAILED

@theresa-m
Copy link
Contributor

Thanks @JasonFengJ9 I opened adoptium/aqa-tests#5817 to remove -Djava.security.manager=allow from system tests. I will run some tests to see what fails.

@theresa-m
Copy link
Contributor

theresa-m commented Dec 12, 2024
edited
Loading

I ran a grinder with adoptium/aqa-tests#5817 resulting in 32 failing sanity system tests https://hyc-runtimes-jenkins.swg-devops.com/view/Test_grinder/job/Grinder/45811/. Some of these are from github.com/eclipse-openj9/openj9-systemtest.git and some from github.com/adoptium/aqa-systemtest.git. I will get in touch with the adoptium team about the best approach to fixing or disabling these.

DaaLoadTest_daa1_5m
DaaLoadTest_daa2_5m
DaaLoadTest_daa3_5m
TestIBMJlmRemoteClassAuth
TestIBMJlmRemoteClassNoAuth
TestIBMJlmRemoteMemoryAuth
TestIBMJlmRemoteMemoryNoAuth
MathLoadTest_autosimd_5m
MathLoadTest_bigdecimal_5m
ClassLoadingTest_CS_5m
ClassLoadingTest_5m
CLLoad
DaaLoadTest_daa1_CS_5m
DaaLoadTest_daa2_CS_5m
DaaLoadTest_daa3_CS_5m
LambdaLoadTest_CS_5m
LambdaLoadTest_J9_5m
MathLoadTest_autosimd_CS_5m
MathLoadTest_bigdecimal_CS_5m
MauveMultiThrdLoad_5m
MauveSingleInvocLoad_J9_5m
MauveSingleThrdLoad_J9_5m
NioLoadTest_5m
ParallelStreamsLoadTest_CS
ParallelStreamsLoadTest_J9
TestJlmRemoteClassAuth
TestJlmRemoteClassNoAuth
TestJlmRemoteMemoryAuth
TestJlmRemoteMemoryNoAuth
TestJlmRemoteNotifierProxyAuth
TestJlmRemoteThreadAuth
TestJlmRemoteThreadNoAuth

@JasonFengJ9
Copy link
Member

Some of these are from github.com/eclipse-openj9/openj9-systemtest.git and some from github.com/adoptium/aqa-systemtest.git.

FYI @llxia

@theresa-m
Copy link
Contributor

theresa-m commented Dec 13, 2024
edited
Loading

Most of the remaining failures are caused by a dependence on the security manager in the system test framework. I opened adoptium/STF#142.

Update: I'm going to disable these tests for now since this issue needs more discussion to be resolved.

@theresa-m
Copy link
Contributor

fyi @JasonFengJ9 the failing system tests have been disabled adoptium/aqa-tests#5817

@theresa-m theresa-m mentioned this issue Dec 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theresa-m theresa-m

Labels
comp:test comp:vm JEP
Projects
None yet
Milestone
Java 24 (0.50)
Development

No branches or pull requests
4 participants
@tajila @theresa-m @JasonFengJ9 @pshipton