panic_action / ptrace: Operation not permitted

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Apr 7 17:56:18 CEST 2014


On 2 Apr 2014, at 07:55, Stefan Winter <stefan.winter at restena.lu> wrote:

> Hi,
> 
>> It works fine for me on OSX (10.9.1) and the the yama detection disabled 
>> on ubuntu 13.07.
>> 
>> We've used it at customer sites to send out automatic emails when the hosts
>> have gone down with the backtraces, and it seems to work there too 
>> (ubuntu 12.04).
>> 
>> Not really sure what else to suggest, sorry.
> 
> Well, I found it now :-)
> 
> My config had security.allow_core_dumps = no.
> 
> As it happens, that setting is entangled with panic_action's gdb attach.
> 
> allow_core_dumps modifies PR_SET_DUMPABLE. From the man page of prctl:
> 
> "PR_SET_DUMPABLE (since Linux 2.3.20)
> [... bla bla ...] Processes that are not dumpable can not be attached
> via ptrace(2) PTRACE_ATTACH."
> 
> So, my bad for producing an inconsistent configuration ;-)

Ah it's fine :P

> It would be very nice if the comments near panic_action could give users
> a hint though "If your panic_action uses gdb attach (such as the
> examples below), remember to allow core dumps for this to work
> (security.allow_core_dumps)."
> 
> That would avoid some amount of guesswork :-)

I just fixed the code to set the dumpable flag, even easier :)

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140407/0ba5aec0/attachment.pgp>


More information about the Freeradius-Users mailing list