Specifications
Sample Policy File
perm = new java.io.FilePermission("/tmp/abc","read");
In this, the target name is "/tmp/abc" and the action string is "read".
A policy file specifies what permissions are allowed for code from specified code sources. An
example policy file entry granting code from the /home/sysadmin directory read access to the file
/tmp/abc is:
grant codeBase "file:/home/sysadmin/" {ξ
permissionjava.io.FilePermission "/tmp/abc", "read"; };
Sample Policy File
The following sample policy file includes the minimum permissions required to run the LifeKeeper
GUI. This policy file is installed in /opt/LifeKeeper/htdoc/java.policy by the LifeKeeper GUI
package.
/*
* Permissions needed by the LifeKeeper GUI. You may want toξ
* restrict this by codebase. However, if you do this, remember
* that the recovery kits can have an arbitrary jar component
* with an arbitrary codebase, so you'll need to alter the grant
* to cover these as well.
*/
grant {
/*
* Need to be able to do this to all machines in the
* LifeKeeper cluster. You may restrict the network
* specification accordingly.
*/
permission java.net.SocketPermission"*", "accept,connect,resolve";
/*
* We use URLClassLoaders to get remote properties files and
* jar pieces.ξ
*/
permission java.lang.RuntimePermission"createClassLoader";
/*
* The following are needed only for the GUI to run as an
* application (the default RMI security manager is more
* restrictive than the one a browser installs for its
* applets.
*/
permission java.util.PropertyPermission "*","read";
permission java.awt.AWTPermission "*";
permission java.io.FilePermission "<<ALL FILES>>","read,execute";
};
164User Guide