FreeBSD Mail Archives

Date:      Fri, 1 Apr 2016 07:22:50 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Catching core files in read-only jails
Message-ID:  <56FE13BA.4060500@FreeBSD.org>
In-Reply-To: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
References:  <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv
Content-Type: multipart/mixed; boundary="c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-hackers@freebsd.org
Message-ID: <56FE13BA.4060500@FreeBSD.org>
Subject: Re: Catching core files in read-only jails
References: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>
In-Reply-To: <CABXB=RTHetL-mjehjSaTVT2ipLTQySE2Y8UCUQXcM7_hWV3g_Q@mail.gmail.com>

--c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 01/04/2016 05:45, J David wrote:
> If an application is running on a production server in a read-only
> jail for security purposes, and it crashes occasionally due to some
> unknown bug, is there any way to catch a core file?

You'll have to mount a read-write filesystem somewhere in your jail and
configure core dumps to be written to that filesystem.  Something like
this example from core(5):

   sysctl kern.corefile=3D/var/coredumps/%U/%N.core

This should have minimal security implications if the r/w filesystem is
only used for recording coredumps.  You could mark it noexec and nosuid
as well.

	Cheers,

	Matthew



--c7dtCl3gXjXeMeHIX7LNQu2RBRE0W8Ljp--

--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJW/hPBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATGzAP/2MVvbAaJh+Tbnl2uXC+rUVz
EwcAAwbqivFHl/hWp2f1xgov8QlbP0D0PajqDtQnSwjrfwfdmVcR+9Nr49BkRmj+
t3XWBrAgb8R00UCxQaG9Y+6G115IiJm+yTEWOJP01FHNPtb/e6GP5TQmwZXm6Cd5
zK+hww4/G2tRDBrJ5QZP/OPg4drPrA8jJIKGBtWf/aTeG7Clv5sv8/bwbkY1AWzL
yURVygbaX47gDn0pAtmBwMR12PQ8cKowEQZMAxCaFt1k2ssQJht2qytWTKoQsms3
jUuzowDldGYw2O6FFB8gqj2NiAdLejp+VJqzQGGIxzYoNBJ20Q4j7e4V8i0Mrniy
/il8sCCjtbcoreVdZNhiy23I+MhMp1iUuKL3zhKvMN6eChl2hDnWmRjAlQzGjFzH
tQCsOD5d93ZbaNwHuy8Dim5QZEtolbGq3jisOiqAVycduGDzXZ9RbkPPCDYC5zy/
qx72Vms6Co8W19wqorwjtXsbgrh3vc6P2gHuOkaIbi6lfI4xYk7cnzwXLWBNHIgt
Qb5/GOyydPry72eQRARE0sAJuxpaZQEYyAQpG9i1nYEGk9HBKGof/Kd+op5N9EX6
O6AVGHvJhmW09XABxOm0xCtOuZHKyGmQza3L7lu0Hii9AExWjOF2r7PEBRA2neJz
PCHq/xenttxhq3Y2pDSO
=wneZ
-----END PGP SIGNATURE-----

--xN6LuKVf1X6LFI63vppRJhwFfvSBMkQUv--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56FE13BA.4060500>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation