From a9d085cf6a8029cf0d206d87270e8b4a0023460d Mon Sep 17 00:00:00 2001
From: Jake Landis <jake.landis@elastic.co>
Date: Thu, 21 Nov 2024 17:04:06 -0600
Subject: [PATCH] fix permission issue

---
 .../elasticsearch/repositories/hdfs/HdfsSecurityContext.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java b/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
index 98aa9951172ba..ce6acd79a0bb9 100644
--- a/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
+++ b/plugins/repository-hdfs/src/main/java/org/elasticsearch/repositories/hdfs/HdfsSecurityContext.java
@@ -47,7 +47,8 @@ class HdfsSecurityContext {
             // 2) allow hadoop to add credentials to our Subject
             new AuthPermission("modifyPrivateCredentials"),
             // 3) RPC Engine requires this for re-establishing pooled connections over the lifetime of the client
-            new PrivateCredentialPermission("org.apache.hadoop.security.Credentials * \"*\"", "read") };
+            new PrivateCredentialPermission("org.apache.hadoop.security.Credentials * \"*\"", "read"),
+            new RuntimePermission("getClassLoader") };
 
         // If Security is enabled, we need all the following elevated permissions:
         KERBEROS_AUTH_PERMISSIONS = new Permission[] {