From owner-freebsd-questions@freebsd.org Fri Apr 1 14:44:09 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E46ABAEBC81; Fri, 1 Apr 2016 14:44:09 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B36AC1679; Fri, 1 Apr 2016 14:44:09 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-ob0-x233.google.com with SMTP id kf9so123245437obc.1; Fri, 01 Apr 2016 07:44:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=7ItE0+PZnkAJQBDFY4KoxWZAaC0Y7DeYRxRaDhqltX8=; b=OII/GaVMxGPORIZseJzwVpFt//g/Shm+weKM9X4F0CfQgHDj95rA51TGbu4vykhqMR VtkdtGhvNaCOeUq9Qu3uCXHgG7TlHrJj+GwzQixSb1CiGj+cvMw8TEuHx0yD0u1o276n TxiqbPDN4VHacJ1OlDgivSUzdko2Af0BxzWOmmAgOxrdSw2GkV+v0vpz65vq3WTLkImp D+NQUXCTDlRyX+BOV1stx2rKOcuyKwl9sU20i3QpJtwNHelPqjccrgYW5bNgLphqegqQ VWtE/AkWsSKtuwy3khjjCIBGnF0pIvhrnJQFQ3fnLfGEFSiuhXGezDaI62I1k+1SOm+S xQPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=7ItE0+PZnkAJQBDFY4KoxWZAaC0Y7DeYRxRaDhqltX8=; b=UCFwVh2rW3ucZF2bDviv8DYv0L8MN3rF4dpnxGuT27/AU5guI/o1TArlJ1rwMU8F1C e+9gNgf+MVHDWS4RGFOTdNX9GCGV0r8zNv+HhTUb/CTlNnR6Bgsx1/4UE1Kut0rRxyQf GWtUzGUNLmP0j5bm+z6LFJg16MkoTlDuFw3ieJVbC4Mo4VaiOdDZRB8nri/ebEc6ia/x vR/ViqzuDdxmL+E6vbDPrwUZP1Jz9xdm6ruevxmNJAbZpKgVbSqeZ2i+j5uPN9D65Qpv JHqZKpVe4acXS+rzFr7HqhyWmpO0F0uDxeHiAWuomjwXNZzYUHCguOWuzWZgjXxIxOzp O0tw== X-Gm-Message-State: AD7BkJJ0DKFStvbPnCGhrQ5FZMAnu3B3c4DauHzUrA8fISuTHymYkhSvpIF/HsFGCXu9XODLqiBTn0INDexjjw== MIME-Version: 1.0 X-Received: by 10.182.66.169 with SMTP id g9mr3154787obt.49.1459521848870; Fri, 01 Apr 2016 07:44:08 -0700 (PDT) Sender: asomers@gmail.com Received: by 10.202.64.138 with HTTP; Fri, 1 Apr 2016 07:44:08 -0700 (PDT) In-Reply-To: <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net> References: <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net> Date: Fri, 1 Apr 2016 08:44:08 -0600 X-Google-Sender-Auth: -tKk89pHfji5EqFiWKpcuBcNQGc Message-ID: Subject: Re: Catching core files in read-only jails From: Alan Somers To: Terje Elde Cc: J David , "freebsd-hackers@freebsd.org" , "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2016 14:44:10 -0000 On Thu, Mar 31, 2016 at 11:26 PM, Terje Elde wrote: > > > > On 01 Apr 2016, at 06:45, J David wrote: > > > > If an application is running on a production server in a read-only > > jail for security purposes, and it crashes occasionally due to some > > unknown bug, is there any way to catch a core file? > > Wherever you allow it to write core files, would be writable by the jail, > at least those files. It's tempting to recommend a single writable, but > no-exec and no-suid dir inside the jail, and point cores there. It's an > easy fix, and the alternative - allow writes outside the jail - probably > isn't any better. > > If you're concerned about something being persisted in the jail, you can > wipe or even recreate that dir whenever you're starting the jail. > > Terje > > And if you are using ZFS, then you should set a quota on /var/coredumps to prevent a frequently crashing program from filling your hard disk.