Anyone understand what's going on here? Any program at all (even
trivial ones) linked to tcmalloc crash during startup on ARM 32 bit.
At Tom's recommendation, I have added a patch to dist-git that
disables hardened build on 32 bit ARM builds of gperftools, but that's
quite a big hammer, and neither of us understands the underlying
problem very much.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
----- Forwarded Message -----
From: "Jakub Filak" <jfilak(a)redhat.com>
Sent: Thursday, February 11, 2016 9:51:04 AM
Subject: Use suid_dumpable=2 for development releases
As a maintainer of ABRT, I have been asked several times why ABRT does not catch
crashes of many processes and one kind of reasons dominate among other reasons
- processes that executes set-user-ID programs (man 5 core). These processes
are not dumped at all if the value of /proc/sys/fs/suid_dumpable is 0 (man 5
proc) which is the default value. With the default suid_dumpable
value, crashes caused by SIGABRT are not detectable because kernel doesn't even
write a log message about that.
The default value 0 is there for good security reason, but I would like to
propose changing the default value to 2 for development Fedora releases (Alpha,
Beta, Rawhide). In this case, kernel would send core dump to ABRT (or
systemd-coredump) and the ABRT record would be accessible only to root.
I believe that maintainers of packages like chrony will be really delighted
with this change, while will not weaken security of Fedora for regular users.
security mailing list
So, I spent most of this week rewriting my 'fedfind' tool for the new
world of Pungi 4 composes. The work is currently on the 'pungi4'
I'm more or less happy with what I've got now, but it makes some rather
large API changes.
I've made the CLI continue to work more or less unchanged; there's a
new --respin arg for specifying the 'respin' for relevant compose
types, and the debug output looks slightly different, but any way you
could run it before you should still be able to run it now and it
should behave basically the same. So if you just use fedfind as a CLI
tool, relax, you don't have to worry.
However, I wanted to ask if anyone apart from me is using fedfind as a
Python package. If there *are* any non-me users, I'll probably try to
be a bit polite about sending out the new code as a stable release and
pushing it to the Fedora repositories. If I *don't* find any non-me
users I'm just going to convert the things I'm in charge of that use
fedfind, and then send out a 2.0 release everywhere.
So if you're using it, please speak up :) Thanks!
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net