jewel: ceph daemons DUMPABLE flag is cleared by setuid preventing coredumps #11736
Commits on Nov 2, 2016
-
core: set dumpable flag after setuid
When ceph-* drops drops privileges via setuid, core dumps are no longer generated because its DUMPABLE flag is cleared. We have to manually turn that back on. From prctl(2): Normally, this flag is set to 1. However, it is reset to the current value contained in the file /proc/sys/fs/suid_dumpable (which by default has the value 0), in the fol‐ lowing circumstances: * The process's effective user or group ID is changed. * The process's filesystem user or group ID is changed (see credentials(7)). * The process executes (execve(2)) a set-user-ID or set-group-ID program, or a program that has capabilities (see capabilities(7)). Fixes: http://tracker.ceph.com/issues/17650 Signed-off-by: Patrick Donnelly <pdonnell@redhat.com> (cherry picked from commit ff0e521)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.