diff options
| author | Mike Frysinger <vapier@gentoo.org> | 2016-10-06 13:24:37 -0400 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2016-10-07 11:17:01 +0200 |
| commit | 5c3ce796e7f353567f36ce6c8a7aa07b1fe51a11 (patch) | |
| tree | 30df2e64eba52f929c49c4696836af4bc397b3c1 | |
| parent | 15869389bf37affe924167113ac724fcc3916987 (diff) | |
| download | man-pages-5c3ce796e7f353567f36ce6c8a7aa07b1fe51a11.tar.gz | |
core(5): Add more details for output paths and the crash handler
People sometimes assume that the crash handler runs in the same context
as the crashing process. They would be incorrect :).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
| -rw-r--r-- | man5/core.5 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/man5/core.5 b/man5/core.5 index c587da5209..096f8152f4 100644 --- a/man5/core.5 +++ b/man5/core.5 @@ -208,6 +208,16 @@ and (see below) is nonzero, then .PID will be appended to the core filename. +Paths are interpreted according to the settings that are active for the +crashing process. +That means the current +.BR mount_namespaces (7), +the current working directory (found via +.BR getcwd (2)), +and the current +.BR chroot (2) +path. + Since version 2.4, Linux has also provided a more primitive method of controlling the name of the core dump file. @@ -240,9 +250,33 @@ The program must be specified using an absolute pathname (or a pathname relative to the root directory, \fI/\fP), and must immediately follow the '|' character. .IP * +The program pathname is interpreted with respect to the initial mount namespace +as it is always executed there. +It is not affected by the settings of the crashing process +(e.g. the process using +.BR chroot (2) +or +.BR mount_namespaces (7) +or similar modifications). +.IP * The process created to run the program runs as user and group .IR root . .IP * +Running as +.I root +does not confer any exceptional security bypasses. +Namely, LSMs (e.g. SELinux) are still active and may prevent the handler +from accessing details about the crashed process via +.I /proc/PID +.IP * +The process created runs in the initial namespaces (pid, mount, user, etc...) +and not in the namespaces of the crashing process. +You can utilize specifiers like +.I %P +to find the right +.I /proc/PID +directory and probe/enter the crashing process's namespaces if needed. +.IP * Command-line arguments can be supplied to the program (since Linux 2.6.24), delimited by white space (up to a total line length of 128 bytes). |