Date: Fri, 1 Apr 2016 08:44:08 -0600 From: Alan Somers <asomers@freebsd.org> To: Terje Elde <terje@elde.net> Cc: J David <j.david.lists@gmail.com>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Catching core files in read-only jails Message-ID: <CAOtMX2j-nybybzOCrqyfCS18a8aw%2BPo_brYQYV6tazm28VyqoQ@mail.gmail.com> In-Reply-To: <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net> References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com> <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 31, 2016 at 11:26 PM, Terje Elde <terje@elde.net> wrote: > > > > On 01 Apr 2016, at 06:45, J David <j.david.lists@gmail.com> wrote: > > > > If an application is running on a production server in a read-only > > jail for security purposes, and it crashes occasionally due to some > > unknown bug, is there any way to catch a core file? > > Wherever you allow it to write core files, would be writable by the jail, > at least those files. It's tempting to recommend a single writable, but > no-exec and no-suid dir inside the jail, and point cores there. It's an > easy fix, and the alternative - allow writes outside the jail - probably > isn't any better. > > If you're concerned about something being persisted in the jail, you can > wipe or even recreate that dir whenever you're starting the jail. > > Terje > > And if you are using ZFS, then you should set a quota on /var/coredumps to prevent a frequently crashing program from filling your hard disk.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2j-nybybzOCrqyfCS18a8aw%2BPo_brYQYV6tazm28VyqoQ>