From 9e77b42d88da07e91a42966bc2d1ea9237e62f47 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Fri, 22 Jul 2016 17:31:20 +0200
Subject: Removed hard-coded paths in pki.policy.

The operations script has been modified to generate pki.policy
dynamically from links in the <instance>/common/lib directory.
This allows the pki.policy to match the actual paths in different
platforms.

https://fedorahosted.org/pki/ticket/2403
---
 base/server/scripts/operations | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'base/server/scripts')

diff --git a/base/server/scripts/operations b/base/server/scripts/operations
index 14443c4a5..599167008 100644
--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
@@ -1352,10 +1352,24 @@ start_instance()
         return $rv
     fi
 
+    # Copy pki.policy template
+    /bin/cp /usr/share/pki/server/conf/pki.policy /var/lib/pki/$PKI_INSTANCE_NAME/conf
+
+    # Add permissions for all JAR files in /var/lib/pki/$PKI_INSTANCE_NAME/common/lib
+    for path in /var/lib/pki/$PKI_INSTANCE_NAME/common/lib/*; do
+
+        cat >> /var/lib/pki/$PKI_INSTANCE_NAME/conf/pki.policy << EOF
+
+grant codeBase "file:$(realpath $path)" {
+    permission java.security.AllPermission;
+};
+EOF
+    done
+
     # Generate catalina.policy dynamically.
     cat /usr/share/pki/server/conf/catalina.policy \
         /usr/share/tomcat/conf/catalina.policy \
-        /usr/share/pki/server/conf/pki.policy \
+        /var/lib/pki/$PKI_INSTANCE_NAME/conf/pki.policy \
         /var/lib/pki/$PKI_INSTANCE_NAME/conf/custom.policy > \
         /var/lib/pki/$PKI_INSTANCE_NAME/conf/catalina.policy
 
-- 
cgit