diff options
| -rw-r--r-- | man5/core.5 | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/man5/core.5 b/man5/core.5 index 096f8152f4..f780ce6811 100644 --- a/man5/core.5 +++ b/man5/core.5 @@ -210,13 +210,12 @@ is nonzero, then .PID will be appended to the core filename. Paths are interpreted according to the settings that are active for the crashing process. -That means the current -.BR mount_namespaces (7), -the current working directory (found via +That means the crashing process's mount namespace (see +.BR mount_namespaces (7)), +its current working directory (found via .BR getcwd (2)), -and the current -.BR chroot (2) -path. +and its root directory (see +.BR chroot (2)). Since version 2.4, Linux has also provided a more primitive method of controlling @@ -252,12 +251,9 @@ and must immediately follow the '|' character. .IP * The program pathname is interpreted with respect to the initial mount namespace as it is always executed there. -It is not affected by the settings of the crashing process -(e.g. the process using -.BR chroot (2) -or -.BR mount_namespaces (7) -or similar modifications). +It is not affected by the settings +(e.g., root directory, mount namespace, current working directory) +of the crashing process. .IP * The process created to run the program runs as user and group .IR root . @@ -265,16 +261,16 @@ The process created to run the program runs as user and group Running as .I root does not confer any exceptional security bypasses. -Namely, LSMs (e.g. SELinux) are still active and may prevent the handler +Namely, LSMs (e.g., SELinux) are still active and may prevent the handler from accessing details about the crashed process via -.I /proc/PID +.IR /proc/[pid] . .IP * The process created runs in the initial namespaces (pid, mount, user, etc...) and not in the namespaces of the crashing process. -You can utilize specifiers like +One can utilize specifiers such as .I %P to find the right -.I /proc/PID +.I /proc/[pid] directory and probe/enter the crashing process's namespaces if needed. .IP * Command-line arguments can be supplied to the |