On 16.12.2020 17.21, Emmanuel Bourg wrote:
Le 16/12/2020 à 15:26, Timo Aaltonen a écrit :
Ping, any objection to moving policy files and the update script to
-common? I can do that either directly or via a merge request.
I wonder if this is really necessary. The policy files are used to limit
the privileges of the web applications hosted by Tomcat when the
security manager is enabled. This is convenient when the applications
aren't fully trusted. But in the pki-server case there is no trust issue
and the security manager could be disabled. The sandboxing could be
implemented at the systemd level if necessary.
Emmanuel Bourg
Hmm, it's possible I don't have the full picture of using the security
manager with dogtag (which Redhat does). I'll fix that after the holidays :)
--
t
