From 80cdb7c43d1f02073daec4033330bb03cbcb0600 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jan=20R=C4=99korajski?= <baggins@pld-linux.org>
Date: Fri, 19 Nov 2010 20:21:10 +0000
Subject: [PATCH] - check network before any java stuff - properly set up
 CATALINA_* directories - add options for SecurityManager - group options into
 env vars by function - unset TMP* vars for tomcat and servlets to not inherit
 	/root/tmp as temporary directory

Changed files:
    apache-tomcat.init -> 1.20
---
 apache-tomcat.init | 67 ++++++++++++++++++++++++++++------------------
 1 file changed, 41 insertions(+), 26 deletions(-)

diff --git a/apache-tomcat.init b/apache-tomcat.init
index 5b8aaf9..4305935 100644
--- a/apache-tomcat.init
+++ b/apache-tomcat.init
@@ -16,29 +16,49 @@
 # Get network config
 . /etc/sysconfig/network
 
-CATALINA_BASE=/var/lib/tomcat
-CATALINA_OPTS="-Xmx384M -XX:MaxPermSize=192m -XX:PermSize=128m -Djava.library.path=/usr/lib64:/usr/lib"
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+		msg_network_down tomcat
+		exit 1
+	fi
+else
+	exit 0
+fi
+
 set_jvm
 
+# Set default options
+CATALINA_OPTS="-Xmx384M -XX:MaxPermSize=192m -XX:PermSize=128m"
+
 # Get service config - may override defaults
 [ -f /etc/sysconfig/tomcat ] && . /etc/sysconfig/tomcat
 
-export CATALINA_BASE
-export CATALINA_OPTS
-export JAVA_OPTS
-export JAVA_HOME
+unset TMPDIR
+unset TMP
+
 COMMONSDAEMON=$(find-jar commons-daemon)
 TOMCATLIBS=/usr/share/tomcat/bin/bootstrap.jar:$(build-classpath-directory /usr/share/tomcat/lib)
 CLASSPATH=${CLASSPATH:+"$CLASSPATH:"}$COMMONSDAEMON:$TOMCATLIBS
 
-# Check that networking is up.
-if is_yes "${NETWORKING}"; then
-	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
-		msg_network_down tomcat
-		exit 1
+CATALINA_HOME=/usr/share/tomcat
+CATALINA_BASE=/var/lib/tomcat
+CATALINA_TMPDIR=/var/lib/tomcat/temp
+
+JSVC_OPTS="-classpath ${CLASSPATH} \
+	-home ${JAVA_HOME} \
+	-pidfile /var/run/tomcat.pid \
+	-outfile /var/log/tomcat/catalina.out \
+	-errfile /var/log/tomcat/catalina.err"
+
+if is_yes "${SECURITY_MANAGER}"; then
+	CATALINA_OPTS="$CATALINA_OPTS \
+		-Djava.security.manager \
+		-Djava.security.policy==${CATALINA_BASE}/conf/catalina.policy"
+	if [ -n "${SECURITY_MANAGER_DEBUG}" ]; then
+		CATALINA_OPTS="$CATALINA_OPTS \
+			-Djava.security.debug=${SECURITY_MANAGER_DEBUG}"
 	fi
-else
-	exit 0
 fi
 
 start() {
@@ -47,13 +67,12 @@ start() {
 		msg_starting tomcat
 		busy
 		cd $CATALINA_BASE
-		jsvc -user tomcat \
-			-procname tomcat \
-			-cp $CLASSPATH \
-			-home $JAVA_HOME \
-			-pidfile /var/run/tomcat.pid \
-			-outfile /var/log/tomcat/catalina.out \
-			-errfile /var/log/tomcat/catalina.err \
+		jsvc -user tomcat -procname tomcat \
+			$JSVC_OPTS \
+			-Dcatalina.base=${CATALINA_BASE} \
+			-Dcatalina.home=${CATALINA_HOME} \
+			-Djava.io.tmpdir=${CATALINA_TMPDIR} \
+			-Djava.library.path=/usr/lib64:/usr/lib \
 			$CATALINA_OPTS \
 			org.apache.catalina.startup.Bootstrap
 		[ $? -ne 0 ] && RETVAL=1
@@ -73,12 +92,8 @@ stop() {
 		# Stop daemons.
 		msg_stopping tomcat
 		busy
-		jsvc -user tomcat \
-			-stop \
-			-cp $CLASSPATH \
-			-pidfile /var/run/tomcat.pid \
-			-outfile /var/log/tomcat/catalina.out \
-			-errfile /var/log/tomcat/catalina.err \
+		jsvc -user tomcat -stop \
+			$JSVC_OPTS \
 			org.apache.catalina.startup.Bootstrap
 		[ $? -eq 0 ] && ok || fail
 		rm -f /var/lock/subsys/tomcat
-- 
2.44.0