From owner-freebsd-hackers@freebsd.org  Fri Apr  1 23:57:16 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFCF5B008E5
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Fri,  1 Apr 2016 23:57:16 +0000 (UTC) (envelope-from bright@mu.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
 by mx1.freebsd.org (Postfix) with ESMTP id E314F1E8C
 for <freebsd-hackers@freebsd.org>; Fri,  1 Apr 2016 23:57:16 +0000 (UTC)
 (envelope-from bright@mu.org)
Received: from AlfredMacbookAir.local (unknown
 [IPv6:2601:645:8003:a4d6:4947:40d:837c:d120])
 by elvis.mu.org (Postfix) with ESMTPSA id EC74F346DDE2
 for <freebsd-hackers@freebsd.org>; Fri,  1 Apr 2016 16:57:09 -0700 (PDT)
Subject: Re: Catching core files in read-only jails
To: freebsd-hackers@freebsd.org
References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
 <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net>
 <CAOtMX2j-nybybzOCrqyfCS18a8aw+Po_brYQYV6tazm28VyqoQ@mail.gmail.com>
From: Alfred Perlstein <bright@mu.org>
Message-ID: <56FF0AD6.8000500@mu.org>
Date: Fri, 1 Apr 2016 16:57:10 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAOtMX2j-nybybzOCrqyfCS18a8aw+Po_brYQYV6tazm28VyqoQ@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2016 23:57:17 -0000

I believe you can also use a predicable name with corefiles now by using 
%I in the corefilename.

-Alfred

On 4/1/16 7:44 AM, Alan Somers wrote:
> On Thu, Mar 31, 2016 at 11:26 PM, Terje Elde <terje@elde.net> wrote:
>
>>
>>> On 01 Apr 2016, at 06:45, J David <j.david.lists@gmail.com> wrote:
>>>
>>> If an application is running on a production server in a read-only
>>> jail for security purposes, and it crashes occasionally due to some
>>> unknown bug, is there any way to catch a core file?
>> Wherever you allow it to write core files, would be writable by the jail,
>> at least those files. It's tempting to recommend a single writable, but
>> no-exec and no-suid dir inside the jail, and point cores there. It's an
>> easy fix, and the alternative - allow writes outside the jail - probably
>> isn't any better.
>>
>> If you're concerned about something being persisted in the jail, you can
>> wipe or even recreate that dir whenever you're starting the jail.
>>
>> Terje
>>
>>
> And if you are using ZFS, then you should set a quota on /var/coredumps to
> prevent a frequently crashing program from filling your hard disk.
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>