Re: [Pki-devel] [PATCH] 130 Enabled Tomcat security manager.

ACK Applied patch, built, installed, and successfully tested a CA running under the Tomcat Java Security Manager: * # ps -ef | grep tomcat pkiuser 28050 1 2 19:15 ? 00:00:17 /usr/lib/jvm/jre/bin/java -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp *-Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy* -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start I noticed one oddity in the '/usr/sbin/tomcat' file where they had specified*-Djava.security.policy=="${CATALINA_BASE}/conf/catalina.policy"* rather than *-Djava.security.policy="${CATALINA_BASE}/conf/catalina.policy"* (used an "==" rather than an single "="), but when I manually changed this, and restarted the server, I was still able to successfully request, approve, and issue another cert.