** Description changed: Binary package hint: tomcat6 Using tomcat6 package version 6.0.24-2ubuntu, after editing /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on startup with (in catalina.out): Using CATALINA_BASE: /var/lib/tomcat6 Using CATALINA_HOME: /usr/share/tomcat6 Using CATALINA_TMPDIR: /tmp/tomcat6-tmp Using JRE_HOME: /usr/lib/jvm/java-6-openjdk Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar Using Security Manager Exception in thread "main" java.lang.ExceptionInInitializerError - at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171) - at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243) - at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298) - at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55) + at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171) + at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243) + at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298) + at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55) Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read) - at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) - at java.security.AccessController.checkPermission(AccessController.java:553) - at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) - at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) - at java.lang.System.getProperty(System.java:669) - at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43) - ... 4 more + at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) + at java.security.AccessController.checkPermission(AccessController.java:553) + at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) + at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) + at java.lang.System.getProperty(System.java:669) + at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43) + ... 4 more Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. - - The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately the second takes precedence, and so no policy file is actually used. + The problem is that -Djava.security.policy is being set twice, firstly + in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), + secondly in /usr/share/tomcat6/bin/catalina.sh to + $CATALINA_BASE/conf/catalina.policy (an invalid path). Unfortunately + the second takes precedence, and so no policy file is actually used. To fix this, I suggest patching catalina.sh to change 'conf/catalina.policy' references to 'work/catalina.policy'. It would also be good to remove the explicit setting of -Djava.security.manager and -Djava.security.policy from the init.d script, since it is done anyway in the init script. I've attached two patches for this. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: tomcat6 6.0.24-2ubuntu1 ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-22-generic i686 NonfreeKernelModules: nvidia Architecture: i386 Date: Thu Jun 10 01:14:40 2010 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1) PackageArchitecture: all ProcEnviron: - PATH=(custom, user) - LANG=en_US.utf8 - SHELL=/bin/bash + PATH=(custom, user) + LANG=en_US.utf8 + SHELL=/bin/bash SourcePackage: tomcat6 + + == SRU Report == + Impact: + Regression for users of TOMCAT6_SECURITY=yes, that won't work after upgrading to Lucid. + + Development branch fix: + 6.0.26-4 has this fix, and a sync request to 6.0.26-5 was filed (bug 599265) + + Minimal patch: + See attached at comment 9. + + TEST CASE: + $ sudo apt-get install tomcat6 + $ sudo sed -i "s/#TOMCAT6_SECURITY=no/TOMCAT6_SECURITY=yes/" /etc/default/tomcat6 + $ sudo service tomcat6 restart + Affected = FAIL + Fixed = PASS + + Regression potential: + The patch only affects the options used when TOMCAT6_SECURITY=yes, and the current duplicated options prevent it from working completely.
** Attachment added: "Minimal SRU patch" http://launchpadlibrarian.net/51412745/patch -- tomcat fails to start using a security manager https://bugs.launchpad.net/bugs/591802 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
