Catching core files in read-only jails

Alan Somers asomers at
Fri Apr 1 14:44:10 UTC 2016

On Thu, Mar 31, 2016 at 11:26 PM, Terje Elde <terje at> wrote:

> > On 01 Apr 2016, at 06:45, J David <j.david.lists at> wrote:
> >
> > If an application is running on a production server in a read-only
> > jail for security purposes, and it crashes occasionally due to some
> > unknown bug, is there any way to catch a core file?
> Wherever you allow it to write core files, would be writable by the jail,
> at least those files. It's tempting to recommend a single writable, but
> no-exec and no-suid dir inside the jail, and point cores there. It's an
> easy fix, and the alternative - allow writes outside the jail - probably
> isn't any better.
> If you're concerned about something being persisted in the jail, you can
> wipe or even recreate that dir whenever you're starting the jail.
> Terje
And if you are using ZFS, then you should set a quota on /var/coredumps to
prevent a frequently crashing program from filling your hard disk.

More information about the freebsd-questions mailing list