From 9b2ce37f4687540ec5db7e875bd3aff5f4d33224 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Tue, 15 Apr 2025 11:39:29 -0700 Subject: [PATCH] Remove unnecessary network entitlements from server (#126799) These entitlements should not be necessary. Server does not directly create any outbound connections, and netty is not a dependency of server so it should not exist within the server policy. --- .../entitlement/initialization/EntitlementInitialization.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java index ff6d210ce580f..46250a6dd87ad 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java @@ -231,7 +231,6 @@ private static PolicyManager createPolicyManager() { new ReadStoreAttributesEntitlement(), new CreateClassLoaderEntitlement(), new InboundNetworkEntitlement(), - new OutboundNetworkEntitlement(), new LoadNativeLibrariesEntitlement(), new ManageThreadsEntitlement(), new FilesEntitlement(serverModuleFileDatas) @@ -239,7 +238,6 @@ private static PolicyManager createPolicyManager() { ), new Scope("java.desktop", List.of(new LoadNativeLibrariesEntitlement())), new Scope("org.apache.httpcomponents.httpclient", List.of(new OutboundNetworkEntitlement())), - new Scope("io.netty.transport", List.of(new InboundNetworkEntitlement(), new OutboundNetworkEntitlement())), new Scope( "org.apache.lucene.core", List.of(