Catching core files in read-only jails

Terje Elde terje at elde.net
Fri Apr 1 05:35:00 UTC 2016



> On 01 Apr 2016, at 06:45, J David <j.david.lists at gmail.com> wrote:
> 
> If an application is running on a production server in a read-only
> jail for security purposes, and it crashes occasionally due to some
> unknown bug, is there any way to catch a core file?

Wherever you allow it to write core files, would be writable by the jail, at least those files. It's tempting to recommend a single writable, but no-exec and no-suid dir inside the jail, and point cores there. It's an easy fix, and the alternative - allow writes outside the jail - probably isn't any better.

If you're concerned about something being persisted in the jail, you can wipe or even recreate that dir whenever you're starting the jail. 

Terje




More information about the freebsd-questions mailing list