From 2c35e20b2fbe8edcda2dc77d2d10b7f6d0c9beb7 Mon Sep 17 00:00:00 2001 From: Coty Sutherland Date: Thu, 21 Jun 2018 13:33:12 -0400 Subject: [PATCH] Add newly required ant, ant-launcher, and tools jars to the catalina.policy so that tomcat can access them when running under the SecurityManager --- pki-servlet-container.spec | 4 ++-- tomcat-9.0-catalina-policy.patch | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/pki-servlet-container.spec b/pki-servlet-container.spec index bb8ee5d..3fd202d 100644 --- a/pki-servlet-container.spec +++ b/pki-servlet-container.spec @@ -87,7 +87,7 @@ Source32: tomcat-named.service Patch0: tomcat-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch Patch1: tomcat-%{major_version}.%{minor_version}-tomcat-users-webapp.patch Patch2: tomcat-8.0.36-CompilerOptionsV9.patch -Patch3: disableJavadocFailOnWarning.patch +Patch3: tomcat-%{major_version}.%{minor_version}-catalina-policy.patch BuildArch: noarch @@ -166,7 +166,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name " %patch0 -p0 %patch1 -p0 %patch2 -p0 -#%%patch3 -p0 +%patch3 -p0 # Since we don't support ECJ in RHEL anymore, remove the class that requires it %{__rm} -f java/org/apache/jasper/compiler/JDTCompiler.java diff --git a/tomcat-9.0-catalina-policy.patch b/tomcat-9.0-catalina-policy.patch index f3a5007..c8c5c08 100644 --- a/tomcat-9.0-catalina-policy.patch +++ b/tomcat-9.0-catalina-policy.patch @@ -1,6 +1,6 @@ ---- conf/catalina.policy.orig 2018-03-16 12:18:17.835746805 -0400 -+++ conf/catalina.policy 2018-06-13 13:52:33.586872659 -0400 -@@ -50,6 +50,21 @@ grant codeBase "file:${java.home}/lib/ex +--- conf/catalina.policy.orig 2018-06-21 13:30:04.074492012 -0400 ++++ conf/catalina.policy 2018-06-21 13:30:02.111479809 -0400 +@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex permission java.security.AllPermission; }; @@ -18,6 +18,15 @@ +grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" { + permission java.security.AllPermission; +}; ++grant codeBase "file:/usr/share/java/ant.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/share/java/ant-launcher.jar" { ++ permission java.security.AllPermission; ++}; ++grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" { ++ permission java.security.AllPermission; ++}; + // ========== CATALINA CODE PERMISSIONS =======================================