|
 |
04fb17 |
--- conf/catalina.policy~ 2016-06-17 10:20:17.649171968 -0400
|
|
|
04fb17 |
+++ conf/catalina.policy 2016-06-17 10:23:35.358309244 -0400
|
|
|
04fb17 |
@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
|
|
|
04fb17 |
permission java.security.AllPermission;
|
|
|
04fb17 |
};
|
|
|
04fb17 |
|
|
|
04fb17 |
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
|
|
04fb17 |
+
|
|
|
04fb17 |
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
|
|
04fb17 |
+// Specifying the individual jars that tomcat needs to function with the security manager
|
|
|
04fb17 |
+// is the safest way forward.
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/omcat-jsp-2.2-api.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/log4j.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/ecj.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
|
|
|
04fb17 |
+ permission java.security.AllPermission;
|
|
|
04fb17 |
+};
|
|
|
04fb17 |
+
|
|
|
04fb17 |
|
|
|
04fb17 |
// ========== CATALINA CODE PERMISSIONS =======================================
|
|
|
04fb17 |
|