diff options
| author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2018-04-24 22:01:41 +0200 |
|---|---|---|
| committer | SonarTech <sonartech@sonarsource.com> | 2018-04-25 20:20:49 +0200 |
| commit | 47b6860dcd8520b6a2d7cdf66f26a6c41b26bbfb (patch) | |
| tree | fed8f63dd906bba1af00dccca4e5e799ffe13cd3 | |
| parent | a7d7420a719ee56590e5c09d70bfd1a75a14abdf (diff) | |
| download | sonarqube-47b6860dcd8520b6a2d7cdf66f26a6c41b26bbfb.tar.gz sonarqube-47b6860dcd8520b6a2d7cdf66f26a6c41b26bbfb.zip | |
SONAR-10607 fix ability to disable Elasticsearch seccomp check
| -rw-r--r-- | server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java | 8 | ||||
| -rw-r--r-- | server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java | 17 |
2 files changed, 23 insertions, 2 deletions
diff --git a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java index b4231f3f75f..dc99e13d24e 100644 --- a/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java +++ b/server/sonar-main/src/main/java/org/sonar/application/es/EsSettings.java @@ -44,6 +44,7 @@ public class EsSettings { private static final Logger LOGGER = LoggerFactory.getLogger(EsSettings.class); private static final String STANDALONE_NODE_NAME = "sonarqube"; + private static final String SECCOMP_PROPERTY = "bootstrap.system_call_filter"; private final Props props; private final EsInstallation fileSystem; @@ -75,7 +76,7 @@ public class EsSettings { configureFileSystem(builder); configureNetwork(builder); configureCluster(builder); - configureAction(builder); + configureOthers(builder); return builder; } @@ -146,7 +147,10 @@ public class EsSettings { builder.put("node.master", valueOf(true)); } - private static void configureAction(Map<String, String> builder) { + private void configureOthers(Map<String, String> builder) { builder.put("action.auto_create_index", String.valueOf(false)); + if (props.value("sonar.search.javaAdditionalOpts", "").contains("-D" + SECCOMP_PROPERTY + "=false")) { + builder.put(SECCOMP_PROPERTY, "false"); + } } } diff --git a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java index 16fb18bbe74..a6cb8597f16 100644 --- a/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java +++ b/server/sonar-main/src/test/java/org/sonar/application/es/EsSettingsTest.java @@ -311,6 +311,23 @@ public class EsSettingsTest { assertThat(settings.get("http.enabled")).isEqualTo("true"); } + @Test + public void enable_seccomp_filter_by_default() throws Exception { + Props props = minProps(CLUSTER_DISABLED); + Map<String, String> settings = new EsSettings(props, new EsInstallation(props), System2.INSTANCE).build(); + + assertThat(settings.get("bootstrap.system_call_filter")).isNull(); + } + + @Test + public void disable_seccomp_filter_if_configured_in_search_additional_props() throws Exception { + Props props = minProps(CLUSTER_DISABLED); + props.set("sonar.search.javaAdditionalOpts", "-Xmx1G -Dbootstrap.system_call_filter=false -Dfoo=bar"); + Map<String, String> settings = new EsSettings(props, new EsInstallation(props), System2.INSTANCE).build(); + + assertThat(settings.get("bootstrap.system_call_filter")).isEqualTo("false"); + } + private Props minProps(boolean cluster) throws IOException { File homeDir = temp.newFolder(); Props props = new Props(new Properties()); |