2021-07-07 06:16:09 +00:00
|
|
|
--- conf/catalina.policy.orig 2021-07-07 10:25:53.461393329 +0800
|
|
|
|
|
+++ conf/catalina.policy 2021-07-07 10:27:47.688682404 +0800
|
|
|
|
|
@@ -56,6 +56,16 @@ grant codeBase "file:${java.home}/lib/ex
|
|
|
|
|
// permission java.security.AllPermission;
|
|
|
|
|
//};
|
2020-04-22 18:55:15 +00:00
|
|
|
|
2016-07-01 18:14:32 +00:00
|
|
|
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
|
|
|
|
+
|
2020-04-22 18:55:15 +00:00
|
|
|
+
|
2016-07-01 18:14:32 +00:00
|
|
|
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
|
|
|
|
+// Specifying the individual jars that tomcat needs to function with the security manager
|
|
|
|
|
+// is the safest way forward.
|
2020-04-22 18:55:15 +00:00
|
|
|
+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
|
2016-07-01 18:14:32 +00:00
|
|
|
+ permission java.security.AllPermission;
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
|
2021-07-07 06:16:09 +00:00
|
|
|
// ========== CATALINA CODE PERMISSIONS =======================================
|
2020-04-22 18:55:15 +00:00
|
|
|
|
2022-06-21 13:03:19 +00:00
|
|
|
@@ -261,4 +271,4 @@ grant codeBase "file:${catalina.home}/we
|
2021-07-07 06:16:09 +00:00
|
|
|
//
|
|
|
|
|
// The permissions granted to a specific JAR
|
|
|
|
|
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
|
|
|
|
|
-// };
|
|
|
|
|
\ No newline at end of file
|
|
|
|
|
+// };
|
