b6a0d1
--- conf/catalina.policy.orig	2022-11-04 16:17:41.227506990 +0800
b6a0d1
+++ conf/catalina.policy	2022-11-04 16:21:51.393351415 +0800
b6a0d1
@@ -56,6 +56,15 @@ grant codeBase "file:${java.home}/lib/ex
b6a0d1
 //        permission java.security.AllPermission;
b6a0d1
 //};
b6a0d1
 
b6a0d1
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
b6a0d1
+
b6a0d1
+
b6a0d1
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
b6a0d1
+// Specifying the individual jars that tomcat needs to function with the security manager
b6a0d1
+// is the safest way forward.
b6a0d1
+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
b6a0d1
+        permission java.security.AllPermission;
b6a0d1
+};
b6a0d1
 
b6a0d1
 // ========== CATALINA CODE PERMISSIONS =======================================
b6a0d1
 
b6a0d1
@@ -261,4 +270,4 @@ grant codeBase "file:${catalina.home}/we
b6a0d1
 //
b6a0d1
 // The permissions granted to a specific JAR
b6a0d1
 // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
b6a0d1
-// };
b6a0d1
\ No newline at end of file
b6a0d1
+// };