Add updated catalina.policy patch to allow ECJ usage under the Security Manager
This commit is contained in:
parent
eaac8d384c
commit
8d1457151e
@ -1,39 +1,20 @@
|
||||
--- conf/catalina.policy~ 2016-06-17 10:20:17.649171968 -0400
|
||||
+++ conf/catalina.policy 2016-06-17 10:23:35.358309244 -0400
|
||||
@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
|
||||
permission java.security.AllPermission;
|
||||
--- conf/catalina.policy.orig 2020-04-22 14:51:13.734893403 -0400
|
||||
+++ conf/catalina.policy 2020-04-22 15:14:57.609677967 -0400
|
||||
@@ -51,6 +51,17 @@ grant codeBase "file:${java.home}/lib/ex
|
||||
};
|
||||
|
||||
|
||||
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
|
||||
+
|
||||
+
|
||||
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
|
||||
+// Specifying the individual jars that tomcat needs to function with the security manager
|
||||
+// is the safest way forward.
|
||||
+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/log4j.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/ecj.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
|
||||
+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
|
||||
+ permission java.security.AllPermission;
|
||||
+};
|
||||
+
|
||||
|
||||
+
|
||||
// ========== CATALINA CODE PERMISSIONS =======================================
|
||||
|
||||
|
||||
|
@ -59,7 +59,7 @@
|
||||
Name: tomcat
|
||||
Epoch: 1
|
||||
Version: %{major_version}.%{minor_version}.%{micro_version}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
|
||||
|
||||
License: ASL 2.0
|
||||
@ -81,6 +81,7 @@ Source32: tomcat-named.service
|
||||
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
|
||||
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
|
||||
Patch2: %{name}-build.patch
|
||||
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
@ -208,6 +209,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
|
||||
%patch0 -p0
|
||||
%patch1 -p0
|
||||
%patch2 -p0
|
||||
%patch3 -p0
|
||||
|
||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
|
||||
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
|
||||
@ -617,6 +619,9 @@ fi
|
||||
%attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
|
||||
|
||||
%changelog
|
||||
* Wed Apr 22 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-2
|
||||
- Add updated catalina.policy patch to allow ECJ usage under the Security Manager
|
||||
|
||||
* Tue Apr 21 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-1
|
||||
- Update to 9.0.34
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user