Add updated catalina.policy patch to allow ECJ usage under the Security Manager
This commit is contained in:
parent
eaac8d384c
commit
8d1457151e
@ -1,39 +1,20 @@
|
|||||||
--- conf/catalina.policy~ 2016-06-17 10:20:17.649171968 -0400
|
--- conf/catalina.policy.orig 2020-04-22 14:51:13.734893403 -0400
|
||||||
+++ conf/catalina.policy 2016-06-17 10:23:35.358309244 -0400
|
+++ conf/catalina.policy 2020-04-22 15:14:57.609677967 -0400
|
||||||
@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
|
@@ -51,6 +51,17 @@ grant codeBase "file:${java.home}/lib/ex
|
||||||
permission java.security.AllPermission;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
||||||
+
|
+
|
||||||
|
+
|
||||||
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
||||||
+// Specifying the individual jars that tomcat needs to function with the security manager
|
+// Specifying the individual jars that tomcat needs to function with the security manager
|
||||||
+// is the safest way forward.
|
+// is the safest way forward.
|
||||||
+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
|
+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/log4j.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/ecj.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
|
||||||
+};
|
|
||||||
+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
|
|
||||||
+ permission java.security.AllPermission;
|
+ permission java.security.AllPermission;
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
|
+
|
||||||
// ========== CATALINA CODE PERMISSIONS =======================================
|
// ========== CATALINA CODE PERMISSIONS =======================================
|
||||||
|
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@
|
|||||||
Name: tomcat
|
Name: tomcat
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: %{major_version}.%{minor_version}.%{micro_version}
|
Version: %{major_version}.%{minor_version}.%{micro_version}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
@ -81,6 +81,7 @@ Source32: tomcat-named.service
|
|||||||
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
|
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
|
||||||
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
|
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
|
||||||
Patch2: %{name}-build.patch
|
Patch2: %{name}-build.patch
|
||||||
|
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
@ -208,6 +209,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
|
|||||||
%patch0 -p0
|
%patch0 -p0
|
||||||
%patch1 -p0
|
%patch1 -p0
|
||||||
%patch2 -p0
|
%patch2 -p0
|
||||||
|
%patch3 -p0
|
||||||
|
|
||||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
|
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
|
||||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
|
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
|
||||||
@ -617,6 +619,9 @@ fi
|
|||||||
%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
|
%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 22 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-2
|
||||||
|
- Add updated catalina.policy patch to allow ECJ usage under the Security Manager
|
||||||
|
|
||||||
* Tue Apr 21 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-1
|
* Tue Apr 21 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-1
|
||||||
- Update to 9.0.34
|
- Update to 9.0.34
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user