Access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/plugins/lang-python/jython-standalone-2.7.0.jar\" \"read\")


(Jamie “Neproshennie” Ivanov) #1

I'm frazzled because I can't find anything that covers this issue... I just installed the Python plugin and I get an access denied error that makes no sense as filesystem permissions are absolutely perfect.

This issue is happening on CentOS 7 and FreeBSD 10. Any help would be most appreciated because this is very very very disappointing.

╭─jivanov@irony  /usr/local/lib/elasticsearch
╰─$ sudo bin/plugin install lang-python
-> Installing lang-python...
Trying https://download.elastic.co/elasticsearch/release/org/elasticsearch/plugin/lang-python/2.3.0/lang-python-2.3.0.zip ...
Downloading ...
Verifying https://download.elastic.co/elasticsearch/release/org/elasticsearch/plugin/lang-python/2.3.0/lang-python-2.3.0.zip checksums if available ...
Downloading .DONE
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: plugin requires additional permissions     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission createClassLoader
* java.lang.RuntimePermission getClassLoader
* org.elasticsearch.script.ClassPermission <<STANDARD>>
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
Installed lang-python into /usr/local/lib/elasticsearch/plugins/lang-python
╭─jivanov@irony  /usr/local/lib/elasticsearch
╰─$ sudo service elasticsearch restart
Stopping elasticsearch.
Starting elastic search.

Then trying to run a simple Python script gives me:

{
    "error": {
        "failed_shards": [
            {
                "index": "super_secret_government_documents",
                "node": "Vy1crz7SS3-qxux8TGjbiw",
                "reason": {
                    "caused_by": {
                        "reason": "access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/plugins/lang-python/jython-standalone-2.7.0.jar\" \"read\")",
                        "type": "security_exception"
                    },
                    "reason": "py_exception: null",
                    "type": "py_exception"
                },
                "shard": 0
            }
        ],
        "grouped": true,
        "phase": "query",
        "reason": "all shards failed",
        "root_cause": [
            {
                "reason": "py_exception: null",
                "type": "py_exception"
            }
        ],
        "type": "search_phase_execution_exception"
    },
    "status": 500
}

FreeBSD 10:

╭─jivanov@irony  /usr/local/lib/elasticsearch/plugins/lang-python
╰─$ ls -alh
total 36401
drwxr-xr-x  2 root  wheel     6B Oct  5 00:14 .
drwxr-xr-x  3 root  wheel     3B Oct  5 00:14 ..
-rw-r--r--  1 root  wheel    35M Oct  5 00:14 jython-standalone-2.7.0.jar
-rw-r--r--  1 root  wheel    14K Oct  5 00:14 lang-python-2.3.0.jar
-rw-r--r--  1 root  wheel   2.6K Oct  5 00:14 plugin-descriptor.properties
-rw-r--r--  1 root  wheel   1.1K Oct  5 00:14 plugin-security.policy

CentOS:

╭─jivanov@logrhythm01  /usr/share/elasticsearch/plugins/lang-python
╰─$ ls -alh
total 36M
drwxr-xr-x. 2 elasticsearch elasticsearch 4.0K Oct  5 00:14 .
drwxr-xr-x. 4 elasticsearch elasticsearch   35 Oct  5 00:14 ..
-rw-r--r--. 1 elasticsearch elasticsearch  36M Oct  5 00:14 jython-standalone-2.7.0.jar
-rw-r--r--. 1 elasticsearch elasticsearch  14K Oct  5 00:14 lang-python-2.4.0.jar
-rw-r--r--. 1 elasticsearch elasticsearch 2.7K Oct  5 00:14 plugin-descriptor.properties
-rw-r--r--. 1 elasticsearch elasticsearch 1.2K Oct  5 00:14 plugin-security.policy

(system) #2