Commit 19417b83 authored by philipp.schumacher's avatar philipp.schumacher
Browse files

make sure ic fileitemstore is added to JSM policy before open-xchange service...

make sure ic fileitemstore is added to JSM policy before open-xchange service is started and fileitemstore can be registered
parent 07474de8
......@@ -173,6 +173,24 @@ if [[ "${FEATURE_IMAGECONVERTER}" = true ]]; then
mkdir -p /var/opt/fileitemstore
chown open-xchange:open-xchange /var/opt/fileitemstore
waitTillAppsuiteReady
if [ ! -z ${FEATURE_JAVA_SECURITY_MANAGER} ] || [ ${FEATURE_JAVA_SECURITY_MANAGER} ];then
echo "if JSM is active, some things have to do here"
if ! grep -q "Allow fileitemstore" /opt/open-xchange/etc/security/policies.policy;then
echo "Setting FilePermission for Java Security manager..."
sed -i '/\"name of permission\"/a\
\nALLOW { \
( java.io.FilePermission "/var/opt/fileitemstore" "READ,WRITE" ) \
} "Allow fileitemstore"' /opt/open-xchange/etc/security/policies.policy
restartService open-xchange
waitTillAppsuiteReady
else
echo "Setting FilePermission for Java Security manager is already present"
fi
fi
restartService open-xchange
waitTillAppsuiteReady
# Prevent fileitemstore from being used as default middleware filestore by providing '-x 0' flag
/opt/open-xchange/sbin/registerfilestore -t file:///var/opt/fileitemstore \
......@@ -220,21 +238,6 @@ if [[ "${FEATURE_IMAGECONVERTER}" = true ]]; then
touch /opt/open-xchange/etc/000-ox-restart-required
fi
if [ ! -z ${FEATURE_JAVA_SECURITY_MANAGER} ] || [ ${FEATURE_JAVA_SECURITY_MANAGER} ];then
echo "if JSM is active, some things have to do here"
if ! grep -q "Allow fileitemstore" /opt/open-xchange/etc/security/policies.policy;then
echo "Setting FilePermission for Java Security manager..."
sed -i '/DENY {/i \
ALLOW { \
( java.io.FilePermission "/var/opt/fileitemstore" "READ,WRITE" ) \
} "Allow fileitemstore" \
' /opt/open-xchange/etc/security/policies.policy
# Touching restart required flag
touch /opt/open-xchange/etc/000-ox-restart-required
else
echo "Setting FilePermission for Java Security manager is already present"
fi
fi
elif [[ "${FEATURE_ENABLE}" = false ]]; then
echo "Disabling FEATURE_IMAGECONVERTER ..."
if [[ "${IMG_SERVER}" = true ]]; then
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment