diff --git a/tomcat-9.0-catalina-policy.patch b/tomcat-9.0-catalina-policy.patch
index 3694929..f3a5007 100644
--- a/tomcat-9.0-catalina-policy.patch
+++ b/tomcat-9.0-catalina-policy.patch
@@ -1,6 +1,6 @@
---- conf/catalina.policy~	2016-06-17 10:20:17.649171968 -0400
-+++ conf/catalina.policy	2016-06-17 10:23:35.358309244 -0400
-@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
+--- conf/catalina.policy.orig	2018-03-16 12:18:17.835746805 -0400
++++ conf/catalina.policy	2018-06-13 13:52:33.586872659 -0400
+@@ -50,6 +50,21 @@ grant codeBase "file:${java.home}/lib/ex
          permission java.security.AllPermission;
  };
  
@@ -9,28 +9,13 @@
 +// Allowing everything in /usr/share/java allows too many unknowns to be permitted
 +// Specifying the individual jars that tomcat needs to function with the security manager
 +// is the safest way forward.
-+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
++grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
 +        permission java.security.AllPermission;
 +};
-+grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" {
++grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
 +        permission java.security.AllPermission;
 +};
-+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/log4j.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/ecj.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
++grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
 +        permission java.security.AllPermission;
 +};
 +
diff --git a/tomcat-9.0-digest.script b/tomcat-9.0-digest.script
index 731d4cf..d2b626c 100644
--- a/tomcat-9.0-digest.script
+++ b/tomcat-9.0-digest.script
@@ -22,22 +22,26 @@ fi
 
 set_javacmd
 
-# CLASSPATH munging
-if [ -n "$JSSE_HOME" ]; then
-  CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
-fi
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-api.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util-scan.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-coyote.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/catalina.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/servlet-api.jar"
 export CLASSPATH
 
 # Configuration
 MAIN_CLASS="org.apache.catalina.startup.Tool"
 BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
 BASE_OPTIONS=""
-BASE_JARS="tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
+#BASE_JARS="tomcat/tomcat-util tomcat/tomcat-util-scan"
+#BASE_JARS="${BASE_JARS} tomcat/tomcat-coyote tomcat/catalina"
+#BASE_JARS="${BASE_JARS} tomcat/servlet-api"
 
 # Set parameters
-set_classpath $BASE_JARS
+#set_classpath $BASE_JARS
 set_flags $BASE_FLAGS
 set_options $BASE_OPTIONS
 
diff --git a/tomcat-9.0-tool-wrapper.script b/tomcat-9.0-tool-wrapper.script
index 40e39ff..e427dbc 100644
--- a/tomcat-9.0-tool-wrapper.script
+++ b/tomcat-9.0-tool-wrapper.script
@@ -22,22 +22,26 @@ fi
 
 set_javacmd
 
-# CLASSPATH munging
-if [ -n "$JSSE_HOME" ]; then
-  CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
-fi
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-api.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util-scan.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-coyote.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/catalina.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/servlet-api.jar"
 export CLASSPATH
 
 # Configuration
 MAIN_CLASS="org.apache.catalina.startup.Tool"
 BASE_OPTIONS=""
 BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
-BASE_JARS="tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
+#BASE_JARS="tomcat/tomcat-util tomcat/tomcat-util-scan"
+#BASE_JARS="${BASE_JARS} tomcat/tomcat-coyote tomcat/catalina"
+#BASE_JARS="${BASE_JARS} tomcat/servlet-api"
 
 # Set parameters
-set_classpath $BASE_JARS
+#set_classpath $BASE_JARS
 set_flags $BASE_FLAGS
 set_options $BASE_OPTIONS
 
diff --git a/tomcat-9.0.conf b/tomcat-9.0.conf
index 3f43006..d680192 100644
--- a/tomcat-9.0.conf
+++ b/tomcat-9.0.conf
@@ -1,7 +1,6 @@
-# System-wide configuration file for tomcat services
 # This will be loaded by systemd as an environment file,
 # so please keep the syntax. For shell expansion support
-# place your custom files as /etc/tomcat/conf.d/*.conf
+# place your custom files as /etc/tomcat/conf.d/*.conf.
 #
 # There are 2 "classes" of startup behavior in this package.
 # The old one, the default service named tomcat.service.
@@ -15,37 +14,47 @@
 # This variable is used to figure out if config is loaded or not.
 TOMCAT_CFG_LOADED="1"
 
-# In new-style instances, if CATALINA_BASE isn't specified, it will
-# be constructed by joining TOMCATS_BASE and NAME.
-TOMCATS_BASE="/var/lib/tomcats/"
-
 # Where your java installation lives
-JAVA_HOME="/usr/lib/jvm/jre"
+#JAVA_HOME="/usr/lib/jvm/java"
 
 # Where your tomcat installation lives
+CATALINA_BASE="@@@TCHOME@@@"
 CATALINA_HOME="@@@TCHOME@@@"
-
-# System-wide tmp
-CATALINA_TMPDIR="/var/cache/tomcat/temp"
+CATALINA_TMPDIR="@@@TCTEMP@@@"
 
 # You can pass some parameters to java here if you wish to
 #JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
 
-# Use JAVA_OPTS to set java.library.path for libtcnative.so
-#JAVA_OPTS="-Djava.library.path=/usr/lib"
-
-# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
-JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
-
 # You can change your tomcat locale here
 #LANG="en_US"
 
 # Run tomcat under the Java Security Manager
 SECURITY_MANAGER="false"
 
-# Time to wait in seconds, before killing process
-# TODO(stingray): does nothing, fix.
-# SHUTDOWN_WAIT="30"
+# DEPRECATED VARIABLES
+# 
+# TOMCAT_USER has been deprecated. To update the tomcat process owner,
+# please see User in tomcat.service.
+#
+# TOMCAT_GROUP has been deprecated. To update the tomcat process group,
+# please see Group in tomcat.service.
+#
+# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
+# TimeoutStopSec in tomcat.service.
+#
+# SHUTDOWN_VERBOSE has been deprecated. There is no replacement for this behavior.
+#
+# CATALINA_PID has been deprecated. A replacement for this behavior is to set
+# PIDFile in tomcat.service.
+#
+# CONNECTOR_PORT has been deprecated. There is no replacement for this behavior.
+# Set init script output file
+#
+# TOMCAT_LOG has been deprecated. Output from start/stop/status operations are
+# logged to the system's journal.
+#
+# LOGGING_CONFIG has been deprecated. To update the logging properties in use, use:
+# LOGGING_PROPERTIES="${CATALINA_HOME}/lib/log4j.properties"
 
 # If you wish to further customize your tomcat environment,
 # put your own definitions here
diff --git a/tomcat-9.0.service b/tomcat-9.0.service
index 2b20aa0..bf90428 100644
--- a/tomcat-9.0.service
+++ b/tomcat-9.0.service
@@ -15,8 +15,7 @@ EnvironmentFile=-/etc/sysconfig/tomcat
 ExecStart=/usr/libexec/tomcat/server start
 SuccessExitStatus=143
 User=tomcat
-Group=tomcat
-
+UMask=027
 
 [Install]
 WantedBy=multi-user.target
diff --git a/tomcat-9.0.sysconfig b/tomcat-9.0.sysconfig
index 3117bf7..39db94a 100644
--- a/tomcat-9.0.sysconfig
+++ b/tomcat-9.0.sysconfig
@@ -7,5 +7,5 @@
 # CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME}
 #CATALINA_BASE="@@@TCHOME@@@"
 
-# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you
-# can override.
+# Please take a look at /etc/tomcat/tomcat.conf to have an idea
+# what you can override.
diff --git a/tomcat-named.service b/tomcat-named.service
index 9bbcb17..66cf45c 100644
--- a/tomcat-named.service
+++ b/tomcat-named.service
@@ -19,7 +19,7 @@ ExecStart=/usr/libexec/tomcat/server start
 ExecStop=/usr/libexec/tomcat/server stop
 SuccessExitStatus=143
 User=tomcat
-Group=tomcat
+UMask=027
 
 [Install]
 WantedBy=multi-user.target
diff --git a/tomcat-preamble b/tomcat-preamble
index 1271dca..c3c1183 100644
--- a/tomcat-preamble
+++ b/tomcat-preamble
@@ -42,7 +42,6 @@ if [ -n "$JSSE_HOME" ]; then
 fi
 CLASSPATH="${CLASSPATH}${CATALINA_HOME}/bin/bootstrap.jar"
 CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
-CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"
 
 if [ -z "$LOGGING_PROPERTIES" ] ; then
   LOGGING_PROPERTIES="${CATALINA_BASE}/conf/logging.properties"