rpms / pki-servlet-engine

Clone
Source Code
GIT

Blame SOURCES/tomcat-9.0-catalina-policy.patch

c8-beta-stream-10.6 c8-stream-10.6 c8s-stream-10.6 c9 c9-beta
  1.   c8-beta-stream-10.6
  2.   SOURCES
  3.   tomcat-9.0-catalina-policy.patch
Blob History Raw
9a1c5c 
--- conf/catalina.policy.orig	2021-12-09 13:29:38.000000000 -0500
9a1c5c 
+++ conf/catalina.policy	2022-06-24 14:57:25.418254977 -0400
9a1c5c 
@@ -56,6 +56,30 @@ grant codeBase "file:${java.home}/lib/ex
9a1c5c 
 //        permission java.security.AllPermission;
9a1c5c 
 //};
37323f
37323f 
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
37323f 
+
37323f 
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
37323f 
+// Specifying the individual jars that tomcat needs to function with the security manager
37323f 
+// is the safest way forward.
37323f 
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+grant codeBase "file:/usr/share/java/ant.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+grant codeBase "file:/usr/share/java/ant-launcher.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
37323f 
+        permission java.security.AllPermission;
37323f 
+};
37323f 
+
37323f
37323f 
 // ========== CATALINA CODE PERMISSIONS =======================================
37323f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation