On Wed, 2021-04-14 at 15:29 +0000, Zbigniew Jędrzejewski-Szmek wrote:
Unfortunately this doesn't work for two important cases:
- when a binary or shared library has been replaced on disk. E.g.
it is fairly common for packages to crash on upgrade, and the crash
could be in the _old_ code. When the metadata is loaded in a section,
we get it all nice and dandy in the coredump. If it's in an xattr,
we don't or even worse, get outdated info.
That's fair - if it were possible to get an fd during dump, we could
use fgetxattr. If not, we can use /proc/$pid/exe - even when deleted
you can interact with it:
[malmond@malmond-x1 ~]$ ls -l /proc/$$/exe
lrwxrwxrwx. 1 malmond malmond 0 Apr 14 15:45 /proc/364665/exe ->
'/home/malmond/testbash (deleted)'
[malmond@malmond-x1 ~]$ attr -l /proc/$$/exe
Attribute "selinux" has a 54 byte value for /proc/364665/exe
(this is me copying bash, executing it, then deleting it). My thinking
is this could go in systemd-coredump as it's invoked when dumping core
anyway. Libraries are accessible from /proc/$pid/map_files/$range.
- it doesn't work for non-rpm stuff.
I'm confused about this - I had put forth an idea for how to make rpm
create this when installing packages (so it works with older or third
party packages) but the same xattr could be created for any packaging
system. Can you clarify what is rpm dependent here?
Matthew.