Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 825955 Details for
Bug 1017032
RHCS81 could not run on RHEL5.9 and RHEL5.10
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
pki-ca.policy
pki-ca.policy (text/plain), 10.41 KB, created by
euroford
on 2013-11-19 08:43:41 UTC
(
hide
)
Description:
pki-ca.policy
Filename:
MIME Type:
Creator:
euroford
Created:
2013-11-19 08:43:41 UTC
Size:
10.41 KB
patch
obsolete
>// ============================================================================ >// catalina.corepolicy - Security Policy Permissions for Tomcat 5 >// >// This file contains a default set of security policies to be enforced (by the >// JVM) when Catalina is executed with the "-security" option. In addition >// to the permissions granted here, the following additional permissions are >// granted to the codebase specific to each web application: >// >// * Read access to the document root directory >// >// $Id: catalina.policy 393732 2006-04-13 06:32:25Z pero $ >// ============================================================================ > > >// ========== SYSTEM CODE PERMISSIONS ========================================= > > >// These permissions apply to javac >grant codeBase "file:${java.home}/lib/-" { > permission java.security.AllPermission; >}; > >// These permissions apply to all shared system extensions >grant codeBase "file:${java.home}/jre/lib/ext/-" { > permission java.security.AllPermission; >}; > >// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre >grant codeBase "file:${java.home}/../lib/-" { > permission java.security.AllPermission; >}; > >// These permissions apply to all shared system extensions when >// ${java.home} points at $JAVA_HOME/jre >grant codeBase "file:${java.home}/lib/ext/-" { > permission java.security.AllPermission; >}; > > >// ========== CATALINA CODE PERMISSIONS ======================================= > > >// These permissions apply to the launcher code >grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" { > permission java.security.AllPermission; >}; > >// These permissions apply to the daemon code >grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { > permission java.security.AllPermission; >}; > >// These permissions apply to the commons-logging API >grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" { > permission java.security.AllPermission; >}; > >// These permissions apply to the server startup code >grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { > permission java.security.AllPermission; >}; > >// These permissions apply to the JMX server >grant codeBase "file:${catalina.home}/bin/jmx.jar" { > permission java.security.AllPermission; >}; > >// These permissions apply to JULI >grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { > permission java.util.PropertyPermission "java.util.logging.config.class", "read"; > permission java.util.PropertyPermission "java.util.logging.config.file", "read"; > permission java.lang.RuntimePermission "shutdownHooks"; > permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; > permission java.util.PropertyPermission "catalina.base", "read"; > permission java.util.logging.LoggingPermission "control"; > permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; > permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; > permission java.lang.RuntimePermission "getClassLoader"; > // To enable per context logging configuration, permit read access to the appropriate file. > // Be sure that the logging configuration is secure before enabling such access > // eg for the examples web application: > // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; >}; > >// These permissions apply to the servlet API classes >// and those that are shared across all class loaders >// located in the "common" directory >grant codeBase "file:${catalina.home}/common/-" { > permission java.security.AllPermission; >}; > >// These permissions apply to the container's core code, plus any additional >// libraries installed in the "server" directory >grant codeBase "file:${catalina.home}/server/-" { > permission java.security.AllPermission; >}; > >// The permissions granted to the balancer WEB-INF/classes and WEB-INF/lib directory >grant codeBase "file:${catalina.home}/webapps/balancer/-" { > permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester"; > permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester.*"; >}; >// ========== WEB APPLICATION PERMISSIONS ===================================== > > >// These permissions are granted by default to all web applications >// In addition, a web application will be given a read FilePermission >// and JndiPermission for all files and directories in its document root. >grant { > // Required for JNDI lookup of named JDBC DataSource's and > // javamail named MimePart DataSource used to send mail > permission java.util.PropertyPermission "java.home", "read"; > permission java.util.PropertyPermission "java.naming.*", "read"; > permission java.util.PropertyPermission "javax.sql.*", "read"; > > // OS Specific properties to allow read access > permission java.util.PropertyPermission "os.name", "read"; > permission java.util.PropertyPermission "os.version", "read"; > permission java.util.PropertyPermission "os.arch", "read"; > permission java.util.PropertyPermission "file.separator", "read"; > permission java.util.PropertyPermission "path.separator", "read"; > permission java.util.PropertyPermission "line.separator", "read"; > > // JVM properties to allow read access > permission java.util.PropertyPermission "java.version", "read"; > permission java.util.PropertyPermission "java.vendor", "read"; > permission java.util.PropertyPermission "java.vendor.url", "read"; > permission java.util.PropertyPermission "java.class.version", "read"; > permission java.util.PropertyPermission "java.specification.version", "read"; > permission java.util.PropertyPermission "java.specification.vendor", "read"; > permission java.util.PropertyPermission "java.specification.name", "read"; > > permission java.util.PropertyPermission "java.vm.specification.version", "read"; > permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; > permission java.util.PropertyPermission "java.vm.specification.name", "read"; > permission java.util.PropertyPermission "java.vm.version", "read"; > permission java.util.PropertyPermission "java.vm.vendor", "read"; > permission java.util.PropertyPermission "java.vm.name", "read"; > > // Required for OpenJMX > permission java.lang.RuntimePermission "getAttribute"; > > // Allow read of JAXP compliant XML parser debug > permission java.util.PropertyPermission "jaxp.debug", "read"; > > // Precompiled JSPs need access to this package. > permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; > permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; > >}; > > >// You can assign additional permissions to particular web applications by >// adding additional "grant" entries here, based on the code base for that >// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. >// >// Different permissions can be granted to JSP pages, classes loaded from >// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ >// directory, or even to individual jar files in the /WEB-INF/lib/ directory. >// >// For instance, assume that the standard "examples" application >// included a JDBC driver that needed to establish a network connection to the >// corresponding database and used the scrape taglib to get the weather from >// the NOAA web server. You might create a "grant" entries like this: >// >// The permissions granted to the context root directory apply to JSP pages. >// grant codeBase "file:${catalina.home}/webapps/examples/-" { >// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; >// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; >// }; >// >// The permissions granted to the context WEB-INF/classes directory >// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" { >// }; >// >// The permission granted to your JDBC driver >// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" { >// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; >// }; >// The permission granted to the scrape taglib >// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { >// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; >// }; > > > >// ========== PKI CA, DRM, OCSP, and TKS PERMISSIONS ========================== > >// These permissions are granted by default to >// all PKI CA, DRM, OCSP, and TKS instances > >// These permissions apply to Tomcat5 java as utilized by PKI instances >grant codeBase "file:/usr/share/java/jakarta-commons-modeler.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/jasper5-compiler.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/jasper5-runtime.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/tomcat5/-" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/eclipse/plugins/*" { > permission java.security.AllPermission; >}; > > > >// These permissions apply to PKI configuration >grant codeBase "file:/usr/share/java/tomcat5-servlet-2.4-api.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/velocity.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/xalan-j2-serializer.jar" { > permission java.security.AllPermission; >}; > > > >// These permissions apply to LDAP support for PKI instances >grant codeBase "file:/usr/share/java/ldapjdk.jar" { > permission java.security.AllPermission; >}; > > > >// These permissions apply to PKI instances >grant codeBase "file:/usr/lib/java/jss4.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/lib/java/nuxwdog.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/lib/java/osutil.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/lib/java/symkey.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/tomcatjss.jar" { > permission java.security.AllPermission; >}; >grant codeBase "file:/usr/share/java/pki/-" { > permission java.security.AllPermission; >}; > > > >// ========== CUSTOM PKI CA, DRM, OCSP, and TKS PERMISSIONS =================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=825955">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1017032
:
809732
|
820887
| 825955 |
870743