Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 51946 invoked from network); 1 Sep 2006 06:50:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Sep 2006 06:50:46 -0000 Received: (qmail 12460 invoked by uid 500); 1 Sep 2006 06:50:46 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 12428 invoked by uid 500); 1 Sep 2006 06:50:46 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 12419 invoked by uid 99); 1 Sep 2006 06:50:46 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 Aug 2006 23:50:46 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 Aug 2006 23:50:45 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 6D2FE41001E for ; Fri, 1 Sep 2006 06:47:23 +0000 (GMT) Message-ID: <22361310.1157093243444.JavaMail.jira@brutus> Date: Thu, 31 Aug 2006 23:47:23 -0700 (PDT) From: "Myrna van Lunteren (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-1241) When booting a database under security manager, boot may fail with message java.sql.SQLException: Java exception: 'access denied (java.io.FilePermission for logmirror.ctrl if database was not shutdown cleanly after previous access In-Reply-To: <4089075.1145576105782.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-1241?page=all ] Myrna van Lunteren updated DERBY-1241: -------------------------------------- Attachment: DERBY-1421_101_20060802.diff Attaching the promised 10.1 patch. This is the merge comamnd I couldn't get to work: svn merge -r 427795:427796 https://svn.apache.org/repos/asf/derby/code/trunk It gave me an error: svn: REPORT request failed on '/repos/asf/!svn/vcc/default' svn: Cannot replace a directory from within with the patched 10.1.3.1 insane jars derbyall ran with only 1 failed test: JapanCodeConversion (because of using a jre rather than jdk path). > When booting a database under security manager, boot may fail with message java.sql.SQLException: Java exception: 'access denied (java.io.FilePermission for logmirror.ctrl if database was not shutdown cleanly after previous access > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: DERBY-1241 > URL: http://issues.apache.org/jira/browse/DERBY-1241 > Project: Derby > Issue Type: Bug > Components: Store > Reporter: Suresh Thalamati > Assigned To: Myrna van Lunteren > Priority: Critical > Fix For: 10.2.1.0 > > Attachments: DERBY-1241_20060801.diff, DERBY-1421_101_20060802.diff, derby_tests.policy > > > logmirror.ctrl is getting accessed outside the privileged block when the checkpoint instant is invalid on log factory boot method and cause this failure on boot if the database was not shutdown cleanly. The reproduction (see comment) shows that can happens after database creation. > This problem was reported on the derby-dev list by Olav Sandstaa , filing jira entry for it. > Olav Sandstaa wrote: > > Rick Hillegas wrote: > > > > java.sql.SQLException: Java exception: 'access denied (java.io.FilePermission /export/home/tmp/derbyjdbc4/DerbyNetClient/TestConnectionMethods/wombat/log/logmirror.ctrl read): java.security.AccessControlException'. > > at java.security.AccessControlContext.checkPermission(AccessControlContext.java:321) > > at java.security.AccessController.checkPermission(AccessController.java:546) > > at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) > > at java.lang.SecurityManager.checkRead(SecurityManager.java:871) > > at java.io.File.exists(File.java:731) > > at org.apache.derby.impl.store.raw.log.LogToFile.boot(LogToFile.java:2940) > > at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996) > > at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290) > > at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542) > > at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418) > > at org.apache.derby.impl.store.raw.data.BaseDataFileFactory.bootLogFactory(BaseDataFileFactory.java:1762) > > at org.apache.derby.impl.store.raw.data.BaseDataFileFactory.setRawStoreFactory(BaseDataFileFactory.java:1218) > > at org.apache.derby.impl.store.raw.RawStore.boot(RawStore.java:250) > > at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996) > > at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290) > > at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542) > > at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418) > > at org.apache.derby.impl.store.access.RAMAccessManager.boot(RAMAccessManager.java:987) > > at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996) > > at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290) > > at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542) > > at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418) > > at org.apache.derby.impl.db.BasicDatabase.bootStore(BasicDatabase.java:738) > > at org.apache.derby.impl.db.BasicDatabase.boot(BasicDatabase.java:178) > > at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996) > > at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290) > > at org.apache.derby.impl.services.monitor.BaseMonitor.bootService(BaseMonitor.java:1831) > > at org.apache.derby.impl.services.monitor.BaseMonitor.startProviderService(BaseMonitor.java:1697) > > at org.apache.derby.impl.services.monitor.BaseMonitor.findProviderAndStartService(BaseMonitor.java:1577) > > at org.apache.derby.impl.services.monitor.BaseMonitor.startPersistentService(BaseMonitor.java:990) > > at org.apache.derby.iapi.services.monitor.Monitor.startPersistentService(Monitor.java:541) > > at org.apache.derby.impl.jdbc.EmbedConnection.bootDatabase(EmbedConnection.java:1586) > > at org.apache.derby.impl.jdbc.EmbedConnection.(EmbedConnection.java:216) > > at org.apache.derby.impl.jdbc.EmbedConnection30.(EmbedConnection30.java:72) > > at org.apache.derby.impl.jdbc.EmbedConnection40.(EmbedConnection40.java:48) > > at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Driver40.java:62) > > at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:199) > > at org.apache.derby.impl.drda.Database.makeConnection(Database.java:231) > > at org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseName(DRDAConnThread.java:1147) > > at org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword(DRDAConnThread.java:1125) > > at org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(DRDAConnThread.java:2709) > > at org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection(DRDAConnThread.java:987) > > at org.apache.derby.impl.drda.DRDAConnThread.processCommands(DRDAConnThread.java:830) > > at org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:236) > > > > The security exception is raised when Derby tries to get access to the > > log/logmirror.ctrl file during the second startup of the database. I > > would have expected that since this file was created earlier during > > the initial startup of the test, the test should already have the > > required security permissions to access it during the second startup? > > > > Anyway, the best solution to this problem would be to be able to reuse > > functionality that already might exist in the test framework. Any > > suggestions are appreciated. > > > > Regards, > > Olav > > > By looking at the stack it looks like log/logmirror.ctrl is not getting accessed in the privileged block at line 2940 in LogToFile.java. > if (checkpointInstant == LogCounter.INVALID_LOG_INSTANT && getMirrorControlFileName().exists()) > Not sure how you got checkpointInstant to be INVALID , may be your test program might have exited before a first valid checkpoint. Any one fixing this bugs should make sure that is the case. > In any case call to exists should have been privExists(getMirrorControlFileName()). > Please file a Jira entry with information on how to reproduce this bug. > Thanks > -suresh -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira