github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-19 04:45:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

Remove unnecessary network entitlements from server (#126799)

Browse source 
These entitlements should not be necessary. Server does not directly
create any outbound connections, and netty is not a dependency of server
so it should not exist within the server policy.
This commit is contained in:
Ryan Ernst 2025-04-15 11:39:29 -07:00 committed by GitHub
parent d3d40db062
commit bf53927d71
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 0 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
View file

@ -230,7 +230,6 @@ public class EntitlementInitialization {
new ReadStoreAttributesEntitlement(),
new CreateClassLoaderEntitlement(),
new InboundNetworkEntitlement(),
new OutboundNetworkEntitlement(),
new LoadNativeLibrariesEntitlement(),
new ManageThreadsEntitlement(),
new FilesEntitlement(serverModuleFileDatas)
@ -238,7 +237,6 @@ public class EntitlementInitialization {
),
new Scope("java.desktop", List.of(new LoadNativeLibrariesEntitlement())),
new Scope("org.apache.httpcomponents.httpclient", List.of(new OutboundNetworkEntitlement())),
new Scope("io.netty.transport", List.of(new InboundNetworkEntitlement(), new OutboundNetworkEntitlement())),
new Scope(
"org.apache.lucene.core",
List.of(