Bug#927971: tomcat9: split policy files and libexec scripts so that pki-server can use them
Timo Aaltonen
tjaalton at debian.org
Sat Dec 19 22:23:23 GMT 2020
On 16.12.2020 17.21, Emmanuel Bourg wrote:
> Le 16/12/2020 à 15:26, Timo Aaltonen a écrit :
>
>> Ping, any objection to moving policy files and the update script to
>> -common? I can do that either directly or via a merge request.
>
> I wonder if this is really necessary. The policy files are used to limit
> the privileges of the web applications hosted by Tomcat when the
> security manager is enabled. This is convenient when the applications
> aren't fully trusted. But in the pki-server case there is no trust issue
> and the security manager could be disabled. The sandboxing could be
> implemented at the systemd level if necessary.
>
> Emmanuel Bourg
>
Hmm, it's possible I don't have the full picture of using the security
manager with dogtag (which Redhat does). I'll fix that after the holidays :)
--
t
More information about the pkg-java-maintainers
mailing list