Bug#927971: tomcat9: split policy files and libexec scripts so that pki-server can use them
Emmanuel Bourg
ebourg at apache.org
Wed Dec 16 15:21:51 GMT 2020
Le 16/12/2020 à 15:26, Timo Aaltonen a écrit :
> Ping, any objection to moving policy files and the update script to
> -common? I can do that either directly or via a merge request.
I wonder if this is really necessary. The policy files are used to limit
the privileges of the web applications hosted by Tomcat when the
security manager is enabled. This is convenient when the applications
aren't fully trusted. But in the pki-server case there is no trust issue
and the security manager could be disabled. The sandboxing could be
implemented at the systemd level if necessary.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list