panic_action / ptrace: Operation not permitted
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Apr 7 17:56:18 CEST 2014
On 2 Apr 2014, at 07:55, Stefan Winter <stefan.winter at restena.lu> wrote:
> Hi,
>
>> It works fine for me on OSX (10.9.1) and the the yama detection disabled
>> on ubuntu 13.07.
>>
>> We've used it at customer sites to send out automatic emails when the hosts
>> have gone down with the backtraces, and it seems to work there too
>> (ubuntu 12.04).
>>
>> Not really sure what else to suggest, sorry.
>
> Well, I found it now :-)
>
> My config had security.allow_core_dumps = no.
>
> As it happens, that setting is entangled with panic_action's gdb attach.
>
> allow_core_dumps modifies PR_SET_DUMPABLE. From the man page of prctl:
>
> "PR_SET_DUMPABLE (since Linux 2.3.20)
> [... bla bla ...] Processes that are not dumpable can not be attached
> via ptrace(2) PTRACE_ATTACH."
>
> So, my bad for producing an inconsistent configuration ;-)
Ah it's fine :P
> It would be very nice if the comments near panic_action could give users
> a hint though "If your panic_action uses gdb attach (such as the
> examples below), remember to allow core dumps for this to work
> (security.allow_core_dumps)."
>
> That would avoid some amount of guesswork :-)
I just fixed the code to set the dumpable flag, even easier :)
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140407/0ba5aec0/attachment.pgp>
More information about the Freeradius-Users
mailing list