Blame SOURCES/tomcat-9.0-catalina-policy.patch

787a36
diff -up ./conf/catalina.policy.orig ./conf/catalina.policy
787a36
--- ./conf/catalina.policy.orig	2022-03-04 08:49:08.246538215 -0500
787a36
+++ ./conf/catalina.policy	2022-03-04 08:50:31.842356329 -0500
787a36
@@ -56,6 +56,36 @@ grant codeBase "file:${java.home}/lib/ex
787a36
 //        permission java.security.AllPermission;
787a36
 //};
e52055
 
e52055
+// This permission is required when using javac to compile JSPs on Java 9
e52055
+// onwards
e52055
+grant codeBase "jrt:/jdk.compiler" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+
e52055
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
e52055
+
e52055
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
e52055
+// Specifying the individual jars that tomcat needs to function with the security manager
e52055
+// is the safest way forward.
e52055
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+grant codeBase "file:/usr/share/java/ant.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+grant codeBase "file:/usr/share/java/ant-launcher.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
e52055
+        permission java.security.AllPermission;
e52055
+};
e52055
+
e52055
 
e52055
 // ========== CATALINA CODE PERMISSIONS =======================================
e52055