Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled)
This commit is contained in:
parent
5d682aa9e1
commit
4dc51a6a96
39
tomcat-8.0-catalina-policy.patch
Normal file
39
tomcat-8.0-catalina-policy.patch
Normal file
@ -0,0 +1,39 @@
|
||||
--- conf/catalina.policy~ 2016-06-17 10:20:17.649171968 -0400
|
||||
+++ conf/catalina.policy 2016-06-17 10:23:35.358309244 -0400
|
||||
@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
|
||||
permission java.security.AllPermission;
|
||||
};
|
||||
|
||||
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
||||
+
|
||||
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
||||
+// Specifying the individual jars that tomcat needs to function with the security manager
|
||||
+// is the safest way forward.
|
||||
+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/log4j.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/ecj.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+
|
||||
|
||||
// ========== CATALINA CODE PERMISSIONS =======================================
|
||||
|
@ -687,6 +687,7 @@ fi
|
||||
- Resolves: rhbz#1364056 The command tomcat-digest doesn't work
|
||||
- Resolves: rhbz#1363884 The tomcat-tool-wrapper script is broken
|
||||
- Resolves: rhbz#1347864 The systemd service unit does not allow tomcat to shut down gracefully
|
||||
- Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled)
|
||||
|
||||
* Wed Mar 2 2016 Ivan Afonichev <ivan.afonichev@gmail.com> - 1:8.0.32-4
|
||||
- Revert sysconfig migration changes, resolves: rhbz#1311771, rhbz#1311905
|
||||
|
Loading…
Reference in New Issue
Block a user