Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51430

Systemd jenkins.service script does not protect spaces in JENKINS_JAVA_OPTIONS

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: other
    • Labels:
    • Environment:
      Jenkins 2.73.3
      CentOs 7
      Openjdk version 1.8
    • Similar Issues:

      Description

      How to reproduce:

      Run in a systemd OS like CentOS 7 with

      /etc/sysconfig/jenkins

      JENKINS_JAVA_OPTIONS=-Dhudson.model.DirectoryBrowserSupport.CSP="default-src 'self';"

      As per https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy

       

      Error message in journalctl

      Error: Could not find or load main class 'self';"
      

       

      Investigation

      This is because the last line of the systemd script /usr/lib/jenkins/jenkins-run is

      $JAVA_CMD "${PARAMS[@]}"
      

      and JAVA_CMD is composed of

      JAVA_CMD="$JENKINS_JAVA_CMD $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR"
      

      So the resulting command is

      param value
      1 /etc/alternatives/java
      2 -Dhudson.model.DirectoryBrowserSupport.CSP="default-src
      3 'self';"
      4 -DJENKINS_HOME=/var/lib/jenkins -jar
      5 ...

      Result: java tries to load param #3 'self' as the main class and we get the error

      Error: Could not find or load main class 'self';"

      Documentation

      That is because systemd Exec line splits on spaces unless the argument is wrapped in quotes see https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines

      So even if you add all sorts of quotes or escaping in JENKINS_JAVA_OPTIONS, it will still split on the spaces in the values of JENKINS_JAVA_OPTIONS, unless it is itself quoted in the Exec line.

      systemd--

       

      Suggested fix

      The obvious fix, to me is to change the last line of /usr/lib/jenkins/jenkins-run to quote the $JENKINS_JAVA_OPTIONS, and I haven't tried it but I would suspect JENKINS_HOME and JENKINS_WAR with a space in their respective directory name to also fail the systemd service startup

      Last line of /usr/lib/jenkins/jenkins-run could look like:

      $JENKINS_JAVA_CMD "$JENKINS_JAVA_OPTIONS" "-DJENKINS_HOME=$JENKINS_HOME" -jar "$JENKINS_WAR" "${PARAMS[@]}"

        Attachments

          Activity

          sbeaulie Samuel Beaulieu created issue -
          oleg_nenashev Oleg Nenashev made changes -
          Field Original Value New Value
          Component/s packaging [ 20120 ]
          oleg_nenashev Oleg Nenashev made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          oleg_nenashev Oleg Nenashev made changes -
          Component/s other [ 15490 ]
          Component/s core [ 15593 ]
          Component/s packaging [ 20120 ]
          oleg_nenashev Oleg Nenashev made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          danielbeck Daniel Beck made changes -
          Resolution Not A Defect [ 7 ]
          Status Open [ 1 ] Closed [ 6 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            sbeaulie Samuel Beaulieu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: