[wildfly-dev] Permissions for Arquillian in test deployments

Hi, I am investigating failing tests in WildFly and WildFly Core testsuites [1,2] when security manager is enabled. There are test cases using org.jboss.as.arquillian.container.ManagementClient in non-runAsClient mode. While running with Java Security Manager without AllPermission assigned, the test cases fail. This is caused by insufficient permissions assigned to deployments -- deployments require permissions that Arquillian uses to create connection for ManagementClient, e.g. read FilePermission for modules/system/layers/base/org/jboss/xnio/nio/main/* (XNIO module), connect,resolve SocketPermission, * * MBeanPermission, getClassLoader RuntimePermission. There are probably about 27 such tests ([1,2] and other related issues). Adding permissions for Arquillian to a deployment could mask bugs related to such permissions. The demand of permissions for Arquillian should be shielded by Arquillian. Is it doable? In case it is not doable, there are several other ways how to solve adding permissions for Arquillian: * Adding such permissions to minimum-permissions set in security-manager subsystem * Adding such permissions to each permissions.xml * Creating a custom permission containing such permissions and adding it to each permissions.xml Which one do you consider the most correct? Or, is there another way? [1] https://issues.jboss.org/browse/WFLY-5169 [2] https://issues.jboss.org/browse/WFCORE-848 Thanks, Ondrej Kotek