[Bug 473529] New: apparmor prevents processes to create cores
https://bugzilla.novell.com/show_bug.cgi?id=473529 Summary: apparmor prevents processes to create cores Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: i686 OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jjohansen@novell.com ReportedBy: hpj@urpla.net QAContact: qa@suse.de Found By: Beta-Customer After much confusion about the reasons, why processes don't create any core dumps, even after requesting them with 'ulimit -c unlimited', apparmor was identified for being the culprit. Apparmor need to be teached about the ulimit coredump syscall, and act accordingly, otherwise problems as raised in https://bugzilla.novell.com/show_bug.cgi?id=387202#c96 ff. will follow inevitably. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=473529 User jjohansen@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=473529#c1 --- Comment #1 from John Johansen <jjohansen@novell.com> 2009-02-07 03:34:10 MST --- This is not a defect of AppArmor. AppArmor does know of and can mediate setting rlimits, the problem is that the profile confining the Application did not have sufficient privilege to dump a core file, and AppArmor did its job and prevented it from doing so. AppArmor by design will not allow any operation without sufficient privilege and in the case of core files it actually takes more privilege than just raising the ulimit. In the case of nscd, you will also need capability setgid, capability setuid, AppArmor will have generated reject messages in /var/log/audit/audit.log, which can be used to update the profile (logprof or update profile wizard). If you are using AppArmor in a desktop setting I would recommend you install the apparmor audit dispatcher, and apparmor gnome applet so that you can be notified when AppArmor is generating rejects. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=473529 User jeffm@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=473529#c3 Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #3 from Jeff Mahoney <jeffm@novell.com> 2009-02-11 08:09:04 MST --- Since John explained that this is expected behavior, I'm going to close this as invalid. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com