From e44d27c00a81da1ff82aedd693192bbf720a2d47 Mon Sep 17 00:00:00 2001
From: Geoff Bourne <itzgeoff@gmail.com>
Date: Wed, 4 Jan 2017 20:37:20 -0600
Subject: [PATCH] [es] Fine java security grants

Fixes #119
* also switch/upgrade base to openjdk 8u111
---
 elasticsearch/Dockerfile  | 3 ++-
 elasticsearch/java.policy | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 elasticsearch/java.policy

diff --git a/elasticsearch/Dockerfile b/elasticsearch/Dockerfile
index 2b4c1d63..97ee05f0 100755
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,4 +1,4 @@
-FROM java:8u92-jre-alpine
+FROM openjdk:8u111-jre-alpine
 
 MAINTAINER itzg
 
@@ -25,6 +25,7 @@ VOLUME ["/data","/conf"]
 
 WORKDIR $ES_HOME
 
+COPY java.policy /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
 COPY start /start
 COPY log4j2.properties $ES_HOME/config/
 
diff --git a/elasticsearch/java.policy b/elasticsearch/java.policy
new file mode 100644
index 00000000..87b3ede2
--- /dev/null
+++ b/elasticsearch/java.policy
@@ -0,0 +1,6 @@
+grant {
+  // JMX Java Management eXtensions
+  permission javax.management.MBeanTrustPermission "register";
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
+};