Catching core files in read-only jails
Matthew Seaman
matthew at FreeBSD.org
Fri Apr 1 06:23:09 UTC 2016
On 01/04/2016 05:45, J David wrote:
> If an application is running on a production server in a read-only
> jail for security purposes, and it crashes occasionally due to some
> unknown bug, is there any way to catch a core file?
You'll have to mount a read-write filesystem somewhere in your jail and
configure core dumps to be written to that filesystem. Something like
this example from core(5):
sysctl kern.corefile=/var/coredumps/%U/%N.core
This should have minimal security implications if the r/w filesystem is
only used for recording coredumps. You could mark it noexec and nosuid
as well.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20160401/3cf36a49/attachment.sig>
More information about the freebsd-hackers
mailing list