search

jenkinsci / cobertura-plugin

Jenkins cobertura plugin
https://plugins.jenkins.io/cobertura/
MIT License
109 stars 133 forks source link

Cobertura publishing fails with java.lang.SecurityException: slave may not mkdirs when the job runs in slave node #88

Open basava12345 opened 6 years ago

basava12345 commented 6 years ago

Jenkins master is now more strict about what commands its slaves can send to the master. Unfortunately, this prevents some plugins from functioning correctly, as those plugins do not specify which commands are open for slaves to execute and which ones are not For more reference https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control

Here I feel fix should be mainly related to implementing the SECURITY-144-compat module in the plugin code. However we have passing scenario also for the jobs running in slaves. (Are the commands being used in this case are different ? )

AthithChandra commented 6 years ago

Hey all,

Yes my team is also facing the same issue. Is there any possible resolution to this problem. This is something very important.

Your help is appreciated

NicoPrediger commented 6 years ago

Could this be an issue with multibranch pipeline jobs?

I'm currently investigating an issue with one of our projects where calling the cobertura step causes the security exception, if and only if the build runs on an agent.

step([$class: 'CoberturaPublisher',
            autoUpdateHealth: false, 
            autoUpdateStability: false, 
            coberturaReportFile: "artifacts/coverage/cobertura-coverage.xml",
            failUnhealthy: false, 
            failUnstable: false, 
            maxNumberOfBuilds: 0, 
            onlyStable: false, 
            sourceEncoding: 'ASCII', 
            zoomCoverageChart: true])

Multibranch pipelines are saved at

[...]/jobs/JOBNAME/branches/BRANCHNAME/*

but calling the cobertura step causes some files to appear at

[...]/jobs/JOBNAME/branches/*

Strangely, the files copied to that location don't seem to have anything to do with cobertura. It's just some subset of the build artifacts (typescript files) and I have yet to find a pattern that makes sense to me...

I don't know why the cobertura publisher even copies artifacts anywhere, but when run on the jenkins master, the jenkins user has permissions to copy the files to that location. Jenkins agents don't have permission and the build fails because of said security exception...

ghost commented 5 years ago

I also face a same problem, are there any solution for this yet?

lnguyen-nvn commented 5 years ago

I also face a same problem, are there any solution for this yet?

NicoPrediger commented 5 years ago

With current Jenkins + plugin versions, this works fine for us now. (for quite some time actually, I even forgot about this issue...)