Le 16/12/2020 à 15:26, Timo Aaltonen a écrit : > Ping, any objection to moving policy files and the update script to > -common? I can do that either directly or via a merge request.
I wonder if this is really necessary. The policy files are used to limit the privileges of the web applications hosted by Tomcat when the security manager is enabled. This is convenient when the applications aren't fully trusted. But in the pki-server case there is no trust issue and the security manager could be disabled. The sandboxing could be implemented at the systemd level if necessary. Emmanuel Bourg
