From owner-freebsd-hackers@freebsd.org  Fri Apr  1 06:23:09 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31597AE9483
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Fri,  1 Apr 2016 06:23:09 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [81.2.117.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DE1FB113E
 for <freebsd-hackers@freebsd.org>; Fri,  1 Apr 2016 06:23:08 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from liminal.local (liminal.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 0CC3E47BD
 for <freebsd-hackers@freebsd.org>; Fri,  1 Apr 2016 06:22:58 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/0CC3E47BD; dkim=none;
 dkim-atps=neutral
Subject: Re: Catching core files in read-only jails
To: freebsd-hackers@freebsd.org
References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <56FE13BA.4060500@FreeBSD.org>
Date: Fri, 1 Apr 2016 07:22:50 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv"
X-Virus-Scanned: clamav-milter 0.99.1 at smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=1.0 required=5.0 tests=SPF_SOFTFAIL autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 smtp.infracaninophile.co.uk
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2016 06:23:09 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv
Content-Type: multipart/mixed; boundary="c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-hackers@freebsd.org
Message-ID: <56FE13BA.4060500@FreeBSD.org>
Subject: Re: Catching core files in read-only jails
References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
In-Reply-To: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>

--c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 01/04/2016 05:45, J David wrote:
> If an application is running on a production server in a read-only
> jail for security purposes, and it crashes occasionally due to some
> unknown bug, is there any way to catch a core file?

You'll have to mount a read-write filesystem somewhere in your jail and
configure core dumps to be written to that filesystem.  Something like
this example from core(5):

   sysctl kern.corefile=3D/var/coredumps/%U/%N.core

This should have minimal security implications if the r/w filesystem is
only used for recording coredumps.  You could mark it noexec and nosuid
as well.

	Cheers,

	Matthew



--c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp--

--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJW/hPBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATGzAP/2MVvbAaJh+Tbnl2uXC+rUVz
EwcAAwbqivFHl/hWp2f1xgov8QlbP0D0PajqDtQnSwjrfwfdmVcR+9Nr49BkRmj+
t3XWBrAgb8R00UCxQaG9Y+6G115IiJm+yTEWOJP01FHNPtb/e6GP5TQmwZXm6Cd5
zK+hww4/G2tRDBrJ5QZP/OPg4drPrA8jJIKGBtWf/aTeG7Clv5sv8/bwbkY1AWzL
yURVygbaX47gDn0pAtmBwMR12PQ8cKowEQZMAxCaFt1k2ssQJht2qytWTKoQsms3
jUuzowDldGYw2O6FFB8gqj2NiAdLejp+VJqzQGGIxzYoNBJ20Q4j7e4V8i0Mrniy
/il8sCCjtbcoreVdZNhiy23I+MhMp1iUuKL3zhKvMN6eChl2hDnWmRjAlQzGjFzH
tQCsOD5d93ZbaNwHuy8Dim5QZEtolbGq3jisOiqAVycduGDzXZ9RbkPPCDYC5zy/
qx72Vms6Co8W19wqorwjtXsbgrh3vc6P2gHuOkaIbi6lfI4xYk7cnzwXLWBNHIgt
Qb5/GOyydPry72eQRARE0sAJuxpaZQEYyAQpG9i1nYEGk9HBKGof/Kd+op5N9EX6
O6AVGHvJhmW09XABxOm0xCtOuZHKyGmQza3L7lu0Hii9AExWjOF2r7PEBRA2neJz
PCHq/xenttxhq3Y2pDSO
=wneZ
-----END PGP SIGNATURE-----

--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv--