diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-10-07 11:14:52 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-10-07 11:17:01 +0200 |
| commit | 4389c7abfffbe05fc29fac87cec5b8e69fd2b0cc (patch) | |
| tree | 346c2d93e16dc5e1bc9e9635e61299a3d11c1bcd | |
| parent | 5c3ce796e7f353567f36ce6c8a7aa07b1fe51a11 (diff) | |
| download | man-pages-4389c7abfffbe05fc29fac87cec5b8e69fd2b0cc.tar.gz | |
core.5: Tweaks to Mike Frysinger's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man5/core.5 | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/man5/core.5 b/man5/core.5 index 096f8152f4..f780ce6811 100644 --- a/man5/core.5 +++ b/man5/core.5 @@ -210,13 +210,12 @@ is nonzero, then .PID will be appended to the core filename. Paths are interpreted according to the settings that are active for the crashing process. -That means the current -.BR mount_namespaces (7), -the current working directory (found via +That means the crashing process's mount namespace (see +.BR mount_namespaces (7)), +its current working directory (found via .BR getcwd (2)), -and the current -.BR chroot (2) -path. +and its root directory (see +.BR chroot (2)). Since version 2.4, Linux has also provided a more primitive method of controlling @@ -252,12 +251,9 @@ and must immediately follow the '|' character. .IP * The program pathname is interpreted with respect to the initial mount namespace as it is always executed there. -It is not affected by the settings of the crashing process -(e.g. the process using -.BR chroot (2) -or -.BR mount_namespaces (7) -or similar modifications). +It is not affected by the settings +(e.g., root directory, mount namespace, current working directory) +of the crashing process. .IP * The process created to run the program runs as user and group .IR root . @@ -265,16 +261,16 @@ The process created to run the program runs as user and group Running as .I root does not confer any exceptional security bypasses. -Namely, LSMs (e.g. SELinux) are still active and may prevent the handler +Namely, LSMs (e.g., SELinux) are still active and may prevent the handler from accessing details about the crashed process via -.I /proc/PID +.IR /proc/[pid] . .IP * The process created runs in the initial namespaces (pid, mount, user, etc...) and not in the namespaces of the crashing process. -You can utilize specifiers like +One can utilize specifiers such as .I %P to find the right -.I /proc/PID +.I /proc/[pid] directory and probe/enter the crashing process's namespaces if needed. .IP * Command-line arguments can be supplied to the |