Writing to ./fwdir

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Writing to ./fwdir

Felix Natter
Administrator
hello Dimitry,

freeplane 1.5.9 fails to start if <org.freeplane.basedirectory>/fwdir cannot be written to:

felix@debianunstable:/tmp/yyy$ freeplane
org.knopflerfish.framework.readonly=true
org.knopflerfish.gosg.jars=reference:file:/usr/share/knopflerfish/core/
org.freeplane.basedirectory=/usr/share/knopflerfish
java.security.policy=/usr/share/knopflerfish/freeplane.policy
org.osgi.framework.storage=/usr/share/knopflerfish/fwdir
Exception in thread "main" java.security.AccessControlException: access denied ("java.util.PropertyPermission" "*" "read,write")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.security.AccessController.checkPermission(AccessController.java:884)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
        at java.lang.System.getProperties(System.java:630)
        at org.knopflerfish.framework.Main.populateSysProps(Main.java:1125)
        at org.knopflerfish.framework.Main.<init>(Main.java:163)
        at org.knopflerfish.framework.Main.main(Main.java:152)
        at org.freeplane.launcher.Launcher.run(Launcher.java:91)
        at org.freeplane.launcher.Launcher.launch(Launcher.java:56)
        at org.freeplane.launcher.Launcher.main(Launcher.java:49)

Shall I modify org.freeplane.launcher.Launcher.setDefines() to create a
temporary directory and put that in org.osgi.framework.storage?

Do we want this for Linux packages only or are there other use cases
where freeplane is launched from a non-writable directory?
(fixing it upstream might make it easier to other package devs)

Thanks and Best Regards,
--
Felix Natter
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Writing to ./fwdir

Dimitry Polivaev
Administrator
Hello Felix,

Freeplane 1.5.9 needs two empty directories named condperm and perms inside the fwdir.
It happens because of a knopflerfisch bug I already have reported. So the solution is to use our own
readonly fwdir directory containing directories condperm and perms.

Regards,
Dimitry

> hello Dimitry,
>
> freeplane 1.5.9 fails to start if <org.freeplane.basedirectory>/fwdir cannot be written to:
>
> felix@debianunstable:/tmp/yyy$ freeplane
> org.knopflerfish.framework.readonly=true
> org.knopflerfish.gosg.jars=reference:file:/usr/share/knopflerfish/core/
> org.freeplane.basedirectory=/usr/share/knopflerfish
> java.security.policy=/usr/share/knopflerfish/freeplane.policy
> org.osgi.framework.storage=/usr/share/knopflerfish/fwdir
> Exception in thread "main" java.security.AccessControlException: access denied
> ("java.util.PropertyPermission" "*" "read,write")
>          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>          at java.security.AccessController.checkPermission(AccessController.java:884)
>          at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>          at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
>          at java.lang.System.getProperties(System.java:630)
>          at org.knopflerfish.framework.Main.populateSysProps(Main.java:1125)
>          at org.knopflerfish.framework.Main.<init>(Main.java:163)
>          at org.knopflerfish.framework.Main.main(Main.java:152)
>          at org.freeplane.launcher.Launcher.run(Launcher.java:91)
>          at org.freeplane.launcher.Launcher.launch(Launcher.java:56)
>          at org.freeplane.launcher.Launcher.main(Launcher.java:49)
>
> Shall I modify org.freeplane.launcher.Launcher.setDefines() to create a
> temporary directory and put that in org.osgi.framework.storage?
>
> Do we want this for Linux packages only or are there other use cases
> where freeplane is launched from a non-writable directory?
> (fixing it upstream might make it easier to other package devs)
>
> Thanks and Best Regards,
> --
> Felix Natter
>
>
> ----------------------------------------------------------------------------------------------------
> If you reply to this email, your message will be added to the discussion below:
> http://freeplane-developer.996965.n3.nabble.com/Writing-to-fwdir-tp929.html
> To start a new topic under Freeplane Developer, email [hidden email]
> To unsubscribe from Freeplane Developer, click here
> <
> NAML
> <
http://freeplane-developer.996965.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Writing to ./fwdir

Felix Natter
Administrator
hello Dimitry,

looks like fwdir/** is not the problem:
$ find /usr/share/freeplane/fwdir/
/usr/share/freeplane/fwdir/
/usr/share/freeplane/fwdir/perms
/usr/share/freeplane/fwdir/condperm

> Exception in thread "main" java.security.AccessControlException: access denied
> ("java.util.PropertyPermission" "*" "read,write")

--> knopflerfish simply does a:
final Properties systemProperties = System.getProperties();
I wonder why this only occurs if freeplane is launched from a read-only
directory or in the Debian package?

In ScriptingPolicy there is this:
permissions.add(new PropertyPermission("*", "read,write"));
--> could it be too late?

Thanks and Best Regards,
Felix
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Writing to ./fwdir

Dimitry Polivaev
Administrator
Now I got it.

Freeplane now contains file freeplane.policy which is needed to grant security access to freeplane
own jars. If the jars are at different places you should adapt its content. Call me if you do not
know how.

Regards,
Dimitry

> hello Dimitry,
>
> looks like fwdir/** is not the problem:
> $ find /usr/share/freeplane/fwdir/
> /usr/share/freeplane/fwdir/
> /usr/share/freeplane/fwdir/perms
> /usr/share/freeplane/fwdir/condperm
>
>  > Exception in thread "main" java.security.AccessControlException: access denied
>  > ("java.util.PropertyPermission" "*" "read,write")
>
> --> knopflerfish simply does a:
> final Properties systemProperties = System.getProperties();
> I wonder why this only occurs if freeplane is launched from a read-only
> directory / in the Debian package?
>
> Thanks and Best Regards,
> Felix
>
> ----------------------------------------------------------------------------------------------------
> If you reply to this email, your message will be added to the discussion below:
> http://freeplane-developer.996965.n3.nabble.com/Writing-to-fwdir-tp929p931.html
> To start a new topic under Freeplane Developer, email [hidden email]
> To unsubscribe from Freeplane Developer, click here
> <
> NAML
> <
http://freeplane-developer.996965.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Writing to ./fwdir

Felix Natter
Administrator
In reply to this post by Felix Natter
I tried with another read-only directory, and it worked.

Could this be a problem with my java version?

 java -version
openjdk version "1.8.0_77-Debian"
OpenJDK Runtime Environment (build 1.8.0_77-Debian-8u77-b03-3+b1-b1)
OpenJDK 64-Bit Server VM (build 25.77-b1, mixed mode)

Many Thanks and Best Regards,
Felix
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Writing to ./fwdir

Felix Natter
Administrator
In reply to this post by Dimitry Polivaev
hi DImitry,

I also needed to adapt frameworkDir in Launcher.java, because the
framework.jar is not located in /usr/share/freeplane on Debian.
Then, I added to the policy and now it seems to work fine.

Yay, Thanks!
Loading...