| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4309685e-476c-7505-4fd4-fec7095c581d@free.fr>
Date: Thu, 16 Jan 2020 14:39:09 +0100
From: Marc Gonzalez <marc.w.gonzalez@...e.fr>
To: Eric Biederman <ebiederm@...ssion.com>,
Stephane Graber <stgraber@...ntu.com>,
Eric Dumazet <edumazet@...gle.com>,
Al Viro <viro@...iv.linux.org.uk>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>
Subject: Writing a robust core-dump handling script (wrt PID namespaces)
Hello,
I'm trying to write a robust core-dump handling script -- which eventually
sends minidumps remotely for analysis, like Mozilla Socorro[1] but for any
crashing process in the system.
I read 'man 5 core' several times, but I'm confused about "PID namespaces".
%p PID of dumped process, as seen in the PID namespace in which
the process resides
%P PID of dumped process, as seen in the initial PID namespace
(since Linux 3.12)
For now, I've set up :
echo 5 > /proc/sys/kernel/core_pipe_limit
echo "|/usr/sbin/coredump %P" > /proc/sys/kernel/core_pattern
I used %P but I'm not sure why.
(I used 5 somewhat at random too.)
The coredump script is supposed to access /proc/$PID
Should I use %P or %p or something else?
For my own reference:
commit 65aafb1e7484b7434a0c1d4c593191ebe5776a2f
Regards.
[1] https://crash-stats.mozilla.com/
[2] http://man7.org/linux/man-pages/man5/core.5.html
Powered by blists - more mailing lists