private static final Logger LOGGER = LoggerFactory.getLogger(EsSettings.class);
private static final String STANDALONE_NODE_NAME = "sonarqube";
+ private static final String SECCOMP_PROPERTY = "bootstrap.system_call_filter";
private final Props props;
private final EsInstallation fileSystem;
configureFileSystem(builder);
configureNetwork(builder);
configureCluster(builder);
- configureAction(builder);
+ configureOthers(builder);
return builder;
}
builder.put("node.master", valueOf(true));
}
- private static void configureAction(Map<String, String> builder) {
+ private void configureOthers(Map<String, String> builder) {
builder.put("action.auto_create_index", String.valueOf(false));
+ if (props.value("sonar.search.javaAdditionalOpts", "").contains("-D" + SECCOMP_PROPERTY + "=false")) {
+ builder.put(SECCOMP_PROPERTY, "false");
+ }
}
}
assertThat(settings.get("http.enabled")).isEqualTo("true");
}
+ @Test
+ public void enable_seccomp_filter_by_default() throws Exception {
+ Props props = minProps(CLUSTER_DISABLED);
+ Map<String, String> settings = new EsSettings(props, new EsInstallation(props), System2.INSTANCE).build();
+
+ assertThat(settings.get("bootstrap.system_call_filter")).isNull();
+ }
+
+ @Test
+ public void disable_seccomp_filter_if_configured_in_search_additional_props() throws Exception {
+ Props props = minProps(CLUSTER_DISABLED);
+ props.set("sonar.search.javaAdditionalOpts", "-Xmx1G -Dbootstrap.system_call_filter=false -Dfoo=bar");
+ Map<String, String> settings = new EsSettings(props, new EsInstallation(props), System2.INSTANCE).build();
+
+ assertThat(settings.get("bootstrap.system_call_filter")).isEqualTo("false");
+ }
+
private Props minProps(boolean cluster) throws IOException {
File homeDir = temp.newFolder();
Props props = new Props(new Properties());
projects / sonarqube.git / commitdiff