Skip to main content

Core dump ignores facl (setfacl) in RHEL

I had been tasked with figuring out how to have an environment that would allow multiple users to access core files.  I thought: simple enough, I'll just have to mess around with the facl for the directory, specifically the "default" entry.

Well, I was wrong.  I had attempted:
# remount filesystem and enable acl
chmod 775 /u01/core
chmod g+s /u01/core
chgrp smsvcs /u01/core
setfacl -m g::rwx,o:rwx,d:o::r-x /u01/core

It turns out that the coredump function (do_coredump) creates the file 0600 

int do_coredump(long signr, struct pt_regs * regs)
919 {
920         struct linux_binfmt * binfmt;
921         char corename[6+sizeof(current->comm)];
922         struct file * file;
923         struct inode * inode;
924 
925         lock_kernel();
926         binfmt = current->binfmt;
927         if (!binfmt || !binfmt->core_dump)
928                 goto fail;
929         if (!current->dumpable || atomic_read(&current->mm->mm_users) != 1)
930                 goto fail;
931         current->dumpable = 0;
932         if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
933                 goto fail;
934 
935         memcpy(corename,"core.", 5);
936 #if 0
937         memcpy(corename+5,current->comm,sizeof(current->comm));
938 #else
939         corename[4] = '\0';
940 #endif
941         file = filp_open(corename, O_CREAT | 2 | O_TRUNC | O_NOFOLLOW, 0600);
942         if (IS_ERR(file))
943                 goto fail;
944         inode = file->f_dentry->d_inode;
945         if (inode->i_nlink > 1)
946                 goto close_fail;        /* multiple links - don't dump */
947 
948         if (!S_ISREG(inode->i_mode))
949                 goto close_fail;
950         if (!file->f_op)
951                 goto close_fail;
952         if (!file->f_op->write)
953                 goto close_fail;
954         if (!binfmt->core_dump(signr, regs, file))
955                 goto close_fail;
956         unlock_kernel();
957         filp_close(file, NULL);
958         return 1;
959 
960 close_fail:
961         filp_close(file, NULL);
962 fail:
963         unlock_kernel();
964         return 0;
965 }

Comments

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...
1 comment
Read more

Extending SNMP to run arbitrary shell script

Why are we here... This is not likely something I would have pursued under normal circumstances.  I happen to be working for a customer/client who is not afforded a lot of flexibility to accomplish their goals.  In this case, the rigor is justified.  They have to sometimes be fairly creative with how they solve problems. In this case they would like to utilize an existing snmp implementation to execute a command (or shell script) on a remote system.  They came to me with the idea of using Net-SNMP extend. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html NOTE:  This is NOT a good implementation strategy in the "real world"  it will simply allow you to test the functionality.  There are a TON of security implications which would need to be taken in to consideration. Implementation Steps: [root@rh7tst01 ~]# yum -y install net-snmp net-snmp-utils ...
Post a Comment
Read more

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin...
Post a Comment
Read more