Catching core files in read-only jails
Alfred Perlstein
bright at mu.org
Fri Apr 1 23:57:17 UTC 2016
I believe you can also use a predicable name with corefiles now by using
%I in the corefilename.
-Alfred
On 4/1/16 7:44 AM, Alan Somers wrote:
> On Thu, Mar 31, 2016 at 11:26 PM, Terje Elde <terje at elde.net> wrote:
>
>>
>>> On 01 Apr 2016, at 06:45, J David <j.david.lists at gmail.com> wrote:
>>>
>>> If an application is running on a production server in a read-only
>>> jail for security purposes, and it crashes occasionally due to some
>>> unknown bug, is there any way to catch a core file?
>> Wherever you allow it to write core files, would be writable by the jail,
>> at least those files. It's tempting to recommend a single writable, but
>> no-exec and no-suid dir inside the jail, and point cores there. It's an
>> easy fix, and the alternative - allow writes outside the jail - probably
>> isn't any better.
>>
>> If you're concerned about something being persisted in the jail, you can
>> wipe or even recreate that dir whenever you're starting the jail.
>>
>> Terje
>>
>>
> And if you are using ZFS, then you should set a quota on /var/coredumps to
> prevent a frequently crashing program from filling your hard disk.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list