From 539b768c373fd0034e2d35028d393aca40f1e8e2 Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Mon, 24 Feb 2025 13:15:19 -0800
Subject: [PATCH 1/2] Remove unnecessary temp dir access

All modules have read/write access to the temp dir. This commit removes
unnecessarily adding the temp dir explicitly to the server policy.
---
 .../entitlement/initialization/EntitlementInitialization.java   | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
index 6c9e12fd984fe..14e7501796dec 100644
--- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
+++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
@@ -175,7 +175,6 @@ private static PolicyManager createPolicyManager() {
                     new FilesEntitlement(
                         List.of(
                             // Base ES directories
-                            FileData.ofPath(bootstrapArgs.tempDir(), READ_WRITE),
                             FileData.ofPath(bootstrapArgs.configDir(), READ),
                             FileData.ofPath(bootstrapArgs.logsDir(), READ_WRITE),
                             FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE),
@@ -212,7 +211,6 @@ private static PolicyManager createPolicyManager() {
                     new FilesEntitlement(
                         List.of(
                             FileData.ofPath(bootstrapArgs.configDir(), READ),
-                            FileData.ofPath(bootstrapArgs.tempDir(), READ),
                             FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE)
                         )
                     )

From 97768d2cdb199510de883b8e1587d2af5c9885bf Mon Sep 17 00:00:00 2001
From: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Date: Mon, 24 Feb 2025 21:22:33 +0000
Subject: [PATCH 2/2] [CI] Auto commit changes from spotless

---
 .../initialization/EntitlementInitialization.java            | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
index 14e7501796dec..b45fe5230aee6 100644
--- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
+++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java
@@ -209,10 +209,7 @@ private static PolicyManager createPolicyManager() {
                     new LoadNativeLibrariesEntitlement(),
                     new ManageThreadsEntitlement(),
                     new FilesEntitlement(
-                        List.of(
-                            FileData.ofPath(bootstrapArgs.configDir(), READ),
-                            FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE)
-                        )
+                        List.of(FileData.ofPath(bootstrapArgs.configDir(), READ), FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE))
                     )
                 )
             ),