Blame SOURCES/tomcat-9.0-catalina-policy.patch

23bf51
--- conf/catalina.policy.orig	2018-06-21 13:30:04.074492012 -0400
23bf51
+++ conf/catalina.policy	2018-06-21 13:30:02.111479809 -0400
23bf51
@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex
23bf51
         permission java.security.AllPermission;
23bf51
 };
23bf51
 
23bf51
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
23bf51
+
23bf51
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
23bf51
+// Specifying the individual jars that tomcat needs to function with the security manager
23bf51
+// is the safest way forward.
23bf51
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+grant codeBase "file:/usr/share/java/ant.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+grant codeBase "file:/usr/share/java/ant-launcher.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
23bf51
+        permission java.security.AllPermission;
23bf51
+};
23bf51
+
23bf51
 
23bf51
 // ========== CATALINA CODE PERMISSIONS =======================================
23bf51