tomcat/tomcat-9.0-catalina-policy.patch
2021-07-07 14:16:09 +08:00

27 lines
979 B
Diff

--- conf/catalina.policy.orig 2021-07-07 10:25:53.461393329 +0800
+++ conf/catalina.policy 2021-07-07 10:27:47.688682404 +0800
@@ -56,6 +56,16 @@ grant codeBase "file:${java.home}/lib/ex
// permission java.security.AllPermission;
//};
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
+
+
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
+// Specifying the individual jars that tomcat needs to function with the security manager
+// is the safest way forward.
+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
+ permission java.security.AllPermission;
+};
+
// ========== CATALINA CODE PERMISSIONS =======================================
@@ -262,4 +272,4 @@ grant codeBase "file:${catalina.home}/we
//
// The permissions granted to a specific JAR
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
-// };
\ No newline at end of file
+// };