From owner-freebsd-hackers@freebsd.org  Fri Apr  1 05:35:00 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6965DAE81F9;
 Fri,  1 Apr 2016 05:35:00 +0000 (UTC) (envelope-from terje@elde.net)
Received: from rand.keepquiet.net (keepquiet.net [144.76.43.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "keepquiet.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 330341AF1;
 Fri,  1 Apr 2016 05:34:59 +0000 (UTC) (envelope-from terje@elde.net)
Received: from [10.130.11.109] (cm-84.210.87.28.getinternet.no [84.210.87.28])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: terje@elde.net)
 by rand.keepquiet.net (Postfix) with ESMTPSA id BE8DF811;
 Fri,  1 Apr 2016 05:26:25 +0000 (UTC)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: Catching core files in read-only jails
From: Terje Elde <terje@elde.net>
X-Mailer: iPhone Mail (13E238)
In-Reply-To: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
Date: Fri, 1 Apr 2016 07:26:24 +0200
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>,
 "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <16281C09-B7D2-43C4-B2E1-98AF02DAB24A@elde.net>
References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
To: J David <j.david.lists@gmail.com>
X-Mailman-Approved-At: Fri, 01 Apr 2016 11:14:33 +0000
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2016 05:35:00 -0000



> On 01 Apr 2016, at 06:45, J David <j.david.lists@gmail.com> wrote:
>=20
> If an application is running on a production server in a read-only
> jail for security purposes, and it crashes occasionally due to some
> unknown bug, is there any way to catch a core file?

Wherever you allow it to write core files, would be writable by the jail, at=
 least those files. It's tempting to recommend a single writable, but no-exe=
c and no-suid dir inside the jail, and point cores there. It's an easy fix, a=
nd the alternative - allow writes outside the jail - probably isn't any bett=
er.

If you're concerned about something being persisted in the jail, you can wip=
e or even recreate that dir whenever you're starting the jail.=20

Terje