From bc55732c55a0c854f6e3c3cc40efd603907ecdcb Mon Sep 17 00:00:00 2001 From: johannst Date: Tue, 15 Mar 2022 17:05:22 +0000 Subject: deploy: 33d74c3b33394769a2040ff451fbfdfd58e9bf92 --- linux/coredump.html | 297 ++++++++++++++++++++++++++++++++++++++++++++++++ linux/index.html | 229 +++++++++++++++++++++++++++++++++++++ linux/ptrace_scope.html | 238 ++++++++++++++++++++++++++++++++++++++ linux/systemd.html | 281 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 1045 insertions(+) create mode 100644 linux/coredump.html create mode 100644 linux/index.html create mode 100644 linux/ptrace_scope.html create mode 100644 linux/systemd.html (limited to 'linux') diff --git a/linux/coredump.html b/linux/coredump.html new file mode 100644 index 0000000..9e03ff4 --- /dev/null +++ b/linux/coredump.html @@ -0,0 +1,297 @@ + + + + + + coredump - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + +
+
+

core(5)

+

There are multiple requirements that must be satisfied that coredumps are +being generated, a full list can be found in core(5).

+

An important one is to configure the soft resource limit RLMIT_CORE +(typically as unlimited during debugging). +In a typical bash/zsh this can be done as

+
ulimit -Sc unlimited
+
+

Naming of coredump files

+

There are two important kernel configs to control the naming:

+
/proc/sys/kernel/core_pattern
+    <pattern>    => Specifies a name pattern for the coredump file. This can
+                    include certain FORMAT specifier.
+    |<cmdline>   => Coredump is pipe through stdin to the user space process
+                    specified by the cmdline, this can also contain FORMAT specifier.
+
+  FORMAT specifier (full list, see core(5)):
+    %E      Pathname of the executable ('/' replaced by '!').
+    %p      PID of the dumping process in its pid namespace.
+    %P      PID of the dumping process in the initial pid namespace.
+    %u      Real UID of dumping process.
+    %s      Signal number causing the dump.
+
+
+/proc/sys/kernel/core_uses_pid
+    1  => Append ".<pid>" suffic to the coredump file name
+          (pid of the dumping process).
+    0  => Do not append the suffix.
+
+

Control which segments are dumped

+

Each process has a coredump filter defined in /proc/<pid>/coredump_filter +which specifies which memory segments are being dumped. +Filters are preseved across fork/exec calls and hence child processes inherit +the parents filters.

+

The filter is a bitmask where 1 indicates to dump the given type.

+
From core(5):
+  bit 0  Dump anonymous private mappings.
+  bit 1  Dump anonymous shared mappings.
+  bit 2  Dump file-backed private mappings.
+  bit 3  Dump file-backed shared mappings.
+  bit 4  Dump ELF headers.
+  bit 5  Dump private huge pages.
+  bit 6  Dump shared huge pages.
+  bit 7  Dump private DAX pages.
+  bit 8  Dump shared DAX pages.
+
+Default filter 0x33.
+
+

Some examples out there

+

coredumpctl (systemd)

+
# List available coredumps.
+coredumpctl list
+    TIME                             PID  UID  GID SIG     COREFILE EXE               SIZE
+    ...
+    Fri 2022-03-11 12:10:48 CET     6363 1000 1000 SIGSEGV present  /usr/bin/sleep   18.1K
+
+# Get detailed info on specific coredump.
+coredumpctl info 6363
+
+# Debug specific coredump.
+coredumpctl debug 6363
+
+# Dump specific coredump to file.
+coredumpctl dump 6363 -o <file>
+
+

apport (ubuntu)

+

Known crash report locations:

+
    +
  • /var/crash
    • +
+

To get to the raw coredump, crash reports can be unpacked as:

+
apport-unpack <crash_repot> <dest_dir>
+
+

The coredump resides under <dest_dir>/CoreDump.

+ +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/linux/index.html b/linux/index.html new file mode 100644 index 0000000..386dc22 --- /dev/null +++ b/linux/index.html @@ -0,0 +1,229 @@ + + + + + + Linux - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + +
+
+

Linux

+ + +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/linux/ptrace_scope.html b/linux/ptrace_scope.html new file mode 100644 index 0000000..cac4361 --- /dev/null +++ b/linux/ptrace_scope.html @@ -0,0 +1,238 @@ + + + + + + ptrace_scope - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + +
+
+

ptrace_scope

+

In case the kernel was compiled with the yama security module +(CONFIG_SECURITY_YAMA), tracing processes with ptrace(2) can be restricted.

+
/proc/sys/kernel/yama/ptrace_scope
+    0 => No restrictions.
+    1 => Restricted attach, only the following can attach
+            - A process in the parent hierarchy.
+            - A process with CAP_SYS_PTRACE.
+            - A process with the PID that the tracee allowed by via
+              PR_SET_PTRACER.
+    2 => Only processes with CAP_SYS_PTRACE in the user namespace of the tracee
+         can attach.
+    3 => No tracing allowed.
+
+

Further details in ptrace(2).

+ +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/linux/systemd.html b/linux/systemd.html new file mode 100644 index 0000000..f546a87 --- /dev/null +++ b/linux/systemd.html @@ -0,0 +1,281 @@ + + + + + + systemd - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + +
+
+

systemd

+

systemctl

+

Inspect units:

+
systemctl [opts] [cmd]
+[opts]
+    --user
+
+[cmd]
+    list-units <pattern>    List units in memory
+
+    status <unit>           Show runtime status of unit
+
+    start <unit>            Start a unit
+    stop <unit>             Stop a unit
+    restart <unit>          Restart a unit
+    reload <unit>           Reload a unit
+
+    enable <unit>           Enable a unit (persistent)
+    disable <unit>          Disable a unit
+
+    cat <unit>      Print unit file
+    show <unit>     Show properties of unit
+
+

Example: Trivial user unit

+
# Generate unit
+mkdir -p ~/.config/systemd/user
+echo '[Unit]
+Description=Test logger
+
+[Service]
+Type=oneshot
+ExecStart=logger "Hello from test unit"' > ~/.config/systemd/user/test.service
+
+# Run unit
+systemctl --user start test
+
+# See log message
+journalctl --user -u test -n 5
+
+

journalctl

+

Inspect journal logs:

+
journalctl [opts] [matches]
+    --user          Current user journal (system by default)
+    -u <unit>       Show logs for specified <unit>
+    -n <lines>      Show only last <lines>
+    -f              Follow journal
+    -g <pattern>    Grep for <pattern>
+
+

Cleanup:

+
journalctl [opts]
+    --disk-usage            Show current disk usage
+    --vacuum-size=<size>    Reduce journal log to <size> (K/M/G)
+
+

References

+ + +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3