mirror of https://github.com/mkerrisk/man-pages
core.5: Tweaks to Mike Frysinger's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
5c3ce796e7
commit
4389c7abff
28
man5/core.5
28
man5/core.5
|
@ -210,13 +210,12 @@ is nonzero, then .PID will be appended to the core filename.
|
|||
|
||||
Paths are interpreted according to the settings that are active for the
|
||||
crashing process.
|
||||
That means the current
|
||||
.BR mount_namespaces (7),
|
||||
the current working directory (found via
|
||||
That means the crashing process's mount namespace (see
|
||||
.BR mount_namespaces (7)),
|
||||
its current working directory (found via
|
||||
.BR getcwd (2)),
|
||||
and the current
|
||||
.BR chroot (2)
|
||||
path.
|
||||
and its root directory (see
|
||||
.BR chroot (2)).
|
||||
|
||||
Since version 2.4, Linux has also provided
|
||||
a more primitive method of controlling
|
||||
|
@ -252,12 +251,9 @@ and must immediately follow the '|' character.
|
|||
.IP *
|
||||
The program pathname is interpreted with respect to the initial mount namespace
|
||||
as it is always executed there.
|
||||
It is not affected by the settings of the crashing process
|
||||
(e.g. the process using
|
||||
.BR chroot (2)
|
||||
or
|
||||
.BR mount_namespaces (7)
|
||||
or similar modifications).
|
||||
It is not affected by the settings
|
||||
(e.g., root directory, mount namespace, current working directory)
|
||||
of the crashing process.
|
||||
.IP *
|
||||
The process created to run the program runs as user and group
|
||||
.IR root .
|
||||
|
@ -265,16 +261,16 @@ The process created to run the program runs as user and group
|
|||
Running as
|
||||
.I root
|
||||
does not confer any exceptional security bypasses.
|
||||
Namely, LSMs (e.g. SELinux) are still active and may prevent the handler
|
||||
Namely, LSMs (e.g., SELinux) are still active and may prevent the handler
|
||||
from accessing details about the crashed process via
|
||||
.I /proc/PID
|
||||
.IR /proc/[pid] .
|
||||
.IP *
|
||||
The process created runs in the initial namespaces (pid, mount, user, etc...)
|
||||
and not in the namespaces of the crashing process.
|
||||
You can utilize specifiers like
|
||||
One can utilize specifiers such as
|
||||
.I %P
|
||||
to find the right
|
||||
.I /proc/PID
|
||||
.I /proc/[pid]
|
||||
directory and probe/enter the crashing process's namespaces if needed.
|
||||
.IP *
|
||||
Command-line arguments can be supplied to the
|
||||
|
|
Loading…
Reference in New Issue