Add Security Manager Policy #127
Description
Hey!
While trying to use jmxtrans-agent for Elasticsearch it seems that they enforce usage of the Java Security Manager so I had to create a short policy for jmxtrans-agent to work under Elasticsearch.
It would be nice if this is something that jmxtrans-agent could provide for it self. If I've understood it correctly you can provide it but you don't have to turn it on by default (but you can) so everything should work normally for everyone except for those who want to use the SM.
Naturally all tests must also be run with the SM disabled and enabled to catch any policy violations.
Here is my very basic one which allows JMX and connecting to Graphite:
grant {
// java.security.AccessControlException: access denied ("javax.management.MBeanPermission" "-#-[-]" "queryNames")
permission javax.management.MBeanPermission "*", "queryNames";
// org.jmxtrans.agent.Query - Failed to fetch attribute for 'java.lang:type=Memory'#HeapMemoryUsage, exception: access denied ("javax.management.MBeanPermission" "sun.management.MemoryImpl#HeapMemoryUsage[java.lang:type=Memory]" "getAttribute")
permission javax.management.MBeanPermission "*", "getAttribute";
// java.security.AccessControlException: access denied ("java.net.SocketPermission" "193.11.30.134:2003" "connect,resolve")
permission java.net.SocketPermission "*", "connect,resolve";
};
Here are some docs on SM and the policy files but I'm sure you can find better tutorials out there:
https://docs.oracle.com/javase/8/docs/api/index.html?java/lang/SecurityManager.html
https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html