addservlets broken due to SafeRun

[tizoo]

CLOUDLINUX 6.9 standard [xxx] v68.0.25

Hello,

Since some weeks or months, each time we add servlets support to a domain, we have to add the configuration by hand in the server.xml Tomcat configuration file.

It seems the problem is due to SafeRun. Here is the output of the commande :

# /scripts/addservlets --domain=example.com
Scanning userdata...
[2018-01-15 18:42:57 +0100] die [Internal Death while parsing [stdin] 191708] Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
 at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47

[A fatal error or timeout occurred while processing this directive.]

Cpanel::SafeRun::Simple prevents accidental execution of a shell.  If you intended to execute a shell use saferun(/bin/sh,-c,grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata) at /usr/local/cpanel/Cpanel/SafeRun/Simple.pm line 48.
   Cpanel::SafeRun::Simple::_saferun_r(ARRAY(0x1b036d8), 1) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 16
   Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata") called at /usr/local/easy/sbin/easy-tomcat7-gentomcatlist2 line 47
Done: .jsp support installed for example.com

Is there a way to fix that ?

Thanks in advance for any tips.

Best,
Philippe

 

[JacobPerkins]

Hi,

We fixed this in our latest EA3 builds (3.34.20), you can run a new build and things should start working again.

 

[tizoo]

Hi Jacob,

Thanks for your answer but I fear the new EA3 3.34.20 doesn't fix the problem.

I updated EA3 through WHM (Home >> Software >> EasyApache3 and it automatically check for the last version). But this update doesn't change the script that make the error (/usr/local/easy/sbin/easy-tomcat7-gentomcatlist2).

If that helps, we used the following patch to fix the problem :

diff -Naur a/easy-tomcat7-gentomcatlist2 b/easy-tomcat7-gentomcatlist2
--- a/easy-tomcat7-gentomcatlist2    2018-01-16 08:11:04.882235872 +0100
+++ b/easy-tomcat7-gentomcatlist2    2018-01-16 08:14:26.001891764 +0100
@@ -47,7 +47,7 @@
 my %domain_owners;
 my $server_aliases = {};
 
-my @lines = Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
+my @lines = Cpanel::SafeRun::Errors::saferunallerrors("/bin/sh", "-c", "grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
 for my $line (@lines) {
     next unless $line =~ /cp_jkmount\.conf: 1/;    # Strip out any stderr lines
     $line =~ s/\:.*//;

Best,
Philippe

 

[cPWilliamL]

Thanks for sharing your detailed solution. I am surprised to hear the update did not correct your issue, as I've found several tickets marked with case EAL-3181 that the update did correct the issue.

 

[cPanelKenneth]

Hi Jacob,

Thanks for your answer but I fear the new EA3 3.34.20 doesn't fix the problem.

I updated EA3 through WHM (Home >> Software >> EasyApache3 and it automatically check for the last version). But this update doesn't change the script that make the error (/usr/local/easy/sbin/easy-tomcat7-gentomcatlist2).

If that helps, we used the following patch to fix the problem :

diff -Naur a/easy-tomcat7-gentomcatlist2 b/easy-tomcat7-gentomcatlist2
--- a/easy-tomcat7-gentomcatlist2    2018-01-16 08:11:04.882235872 +0100
+++ b/easy-tomcat7-gentomcatlist2    2018-01-16 08:14:26.001891764 +0100
@@ -47,7 +47,7 @@
 my %domain_owners;
 my $server_aliases = {};
 
-my @lines = Cpanel::SafeRun::Errors::saferunallerrors("grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
+my @lines = Cpanel::SafeRun::Errors::saferunallerrors("/bin/sh", "-c", "grep -r -I '^cp_jkmount.conf: 1' /var/cpanel/userdata");
 for my $line (@lines) {
     next unless $line =~ /cp_jkmount\.conf: 1/;    # Strip out any stderr lines
     $line =~ s/\:.*//;

Best,
Philippe

Hi,

Did you do a rebuild of EasyApache 3?

The automatic check for latest version that happens when you go into the EasyApache 3 UI does not update the files installed (such as the tomcat RPMs). You need to do a rebuild of your EasyApache 3 profile for those to be updated.

 

[tizoo]

Hi Kenneth,

Thank you for the tips.

Right, we didn't make a rebuild of apache/php with EA3. The reason is that each time we do it we encounter the following problems :

• The script do a reinstall of java support for each java account and reboot tomcat each time... This make the website of our customers beeing like down for hours.
• The cp_jkmount.conf configurations are reseted during the process. We have to make a backup before running the build to be able to restore them once done.

I don't know if the last update of EA3 also fix those bugs, for now our java servers are too loaded to let us just test.

Best regards,
Philippe