Description of problem: Although CA, DRM, OCSP, and TKS do NOT startup with Security Manager out of the box, they do include their own "catalina.policy" file, and if a start script is manually altered to startup using the security manager, each PKI instance will crash prior to starting up. Version-Release number of selected component (if applicable): Dogtag 1.1 CA, DRM, OCSP, and TKS How reproducible: Always Steps to Reproduce: 1. As root, change the /etc/init.d/<pki_instance> start/stop script from: ... # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start if [ ${OS} = "SunOS" ] ; then su $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null else runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT start" > /dev/null fi ... to: ... # daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start if [ ${OS} = "SunOS" ] ; then su $TOMCAT_USER -c "$TOMCAT_SCRIPT start -security" > /dev/null else runuser -s /bin/bash $TOMCAT_USER -c "$TOMCAT_SCRIPT start -security" > /dev/null fi ... 2. Invoke "/sbin/service <pki_instance> start" 3. Although the system says that it "started, invoking "/sbin/service <pki_instance> status" will show that the system is no longer running, but did produce an empty pid file. Actual results: The selected instance will "start", but immediately die producing an empty pid file. Expected results: The selected instance should "start", and continue to run producing a valid pid file. Additional info:
Created attachment 345501 [details] Updated PKI Catalina.policy file . . .
Created attachment 345502 [details] Updated PKI Catalina.policy file . . . (spec files)
Created attachment 345503 [details] Updated PKI Catalina.policy file . . .
attachment (id=345502) attachment (id=345503) +awnuk
cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/catalina.policy M tks/shared/conf/catalina.policy M ocsp/shared/conf/catalina.policy M kra/shared/conf/catalina.policy % svn commit Sending base/ca/shared/conf/catalina.policy Sending base/kra/shared/conf/catalina.policy Sending base/ocsp/shared/conf/catalina.policy Sending base/tks/shared/conf/catalina.policy Transmitting file data .... Committed revision 496. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/pki-ca.spec M tks/pki-tks.spec M ocsp/pki-ocsp.spec M kra/pki-kra.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/tks/pki-tks.spec Transmitting file data .... Committed revision 497.