Fix logrotate error

If the log rotate is invoked following a log using slf4j-impl the current policy denied the accees to the log folder and the rotate fails. This is always the case with the change to the SessionTimer class. To solve the problem the policy is updated to grant slf4j-impl read/write access to log folders.
dogtagpki · Jan 14, 2025 · aa3ba8d · aa3ba8d
1 parent 25eeb6b
commit aa3ba8d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/base/server/share/conf/pki.policy b/base/server/share/conf/pki.policy
@@ -26,6 +26,13 @@ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
         permission java.io.FilePermission "${catalina.base}/logs/-", "read,write";
 };
 
+// If log rotate is initiated by a log call using slf4j-impl
+// the library need to have read/write access to log folder or
+// the policy will denied access and the rotation fails
+grant codeBase "file:/usr/share/java/slf4j/-" {
+        permission java.io.FilePermission "${catalina.base}/logs/-", "read,write";
+};
+
 // According to /etc/tomcat/catalina.policy:
 // If using a per instance lib directory, i.e. ${catalina.base}/lib,
 // then the following permission will need to be uncommented
@@ -49,3 +56,4 @@ grant codeBase "file:/usr/share/java/pki/-" {
 grant codeBase "file:${catalina.base}/webapps/-" {
         permission java.security.AllPermission;
 };
+