dovecot-1.2: Improved logging for core dumping. With Linux use P...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Mar 3 04:04:17 EET 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/c9381a0fdc5e
changeset: 8798:c9381a0fdc5e
user: Timo Sirainen <tss at iki.fi>
date: Mon Mar 02 21:04:11 2009 -0500
description:
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
diffstat:
8 files changed, 63 insertions(+), 1 deletion(-)
configure.in | 12 ++++++++++++
src/imap/main.c | 1 +
src/lib/restrict-access.c | 10 ++++++++++
src/lib/restrict-access.h | 4 ++++
src/master/child-process.c | 30 ++++++++++++++++++++++++++++++
src/master/common.h | 1 +
src/master/main.c | 5 ++++-
src/pop3/main.c | 1 +
diffs (165 lines):
diff -r 3e3aba4a3acd -r c9381a0fdc5e configure.in
--- a/configure.in Mon Mar 02 20:23:31 2009 -0500
+++ b/configure.in Mon Mar 02 21:04:11 2009 -0500
@@ -1055,6 +1055,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
]])],[
AC_DEFINE(HAVE_RLIMIT_CORE,, Define if you have RLIMIT_CORE for getrlimit())
],[])
+
+AC_MSG_CHECKING([PR_SET_DUMPABLE])
+AC_TRY_LINK([
+ #include <sys/prctl.h>
+], [
+ prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+], [
+ AC_DEFINE(HAVE_PR_SET_DUMPABLE,, Define if you have prctl(PR_SET_DUMPABLE))
+ AC_MSG_RESULT(yes)
+], [
+ AC_MSG_RESULT(no)
+])
dnl * Linux compatible mremap()
AC_MSG_CHECKING([Linux compatible mremap()])
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/imap/main.c
--- a/src/imap/main.c Mon Mar 02 20:23:31 2009 -0500
+++ b/src/imap/main.c Mon Mar 02 21:04:11 2009 -0500
@@ -157,6 +157,7 @@ static void drop_privileges(void)
}
restrict_access_by_env(!IS_STANDALONE());
+ restrict_access_allow_coredumps(TRUE);
}
static void main_init(void)
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/lib/restrict-access.c
--- a/src/lib/restrict-access.c Mon Mar 02 20:23:31 2009 -0500
+++ b/src/lib/restrict-access.c Mon Mar 02 21:04:11 2009 -0500
@@ -13,6 +13,9 @@
#include <time.h>
#include <pwd.h>
#include <grp.h>
+#ifdef HAVE_PR_SET_DUMPABLE
+# include <sys/prctl.h>
+#endif
static gid_t process_primary_gid = (gid_t)-1;
static gid_t process_privileged_gid = (gid_t)-1;
@@ -370,6 +373,13 @@ void restrict_access_by_env(bool disallo
env_put("RESTRICT_GID_LAST=");
}
+void restrict_access_allow_coredumps(bool allow ATTR_UNUSED)
+{
+#ifdef HAVE_PR_SET_DUMPABLE
+ (void)prctl(PR_SET_DUMPABLE, allow, 0, 0, 0);
+#endif
+}
+
int restrict_access_use_priv_gid(void)
{
i_assert(!process_using_priv_gid);
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/lib/restrict-access.h
--- a/src/lib/restrict-access.h Mon Mar 02 20:23:31 2009 -0500
+++ b/src/lib/restrict-access.h Mon Mar 02 21:04:11 2009 -0500
@@ -15,6 +15,10 @@ void restrict_access_set_env(const char
environment settings and we have root uid or gid. */
void restrict_access_by_env(bool disallow_root);
+/* Try to set up the process in a way that core dumps are still allowed
+ after calling restrict_access_by_env(). */
+void restrict_access_allow_coredumps(bool allow);
+
/* If privileged_gid was set, these functions can be used to temporarily
gain access to the group. */
int restrict_access_use_priv_gid(void);
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/master/child-process.c
--- a/src/master/child-process.c Mon Mar 02 20:23:31 2009 -0500
+++ b/src/master/child-process.c Mon Mar 02 21:04:11 2009 -0500
@@ -125,6 +125,35 @@ static const char *get_exit_status_messa
}
return NULL;
+}
+
+static void
+log_coredump(string_t *str, enum process_type process_type, int status)
+{
+#ifdef WCOREDUMP
+ int signum = WTERMSIG(status);
+
+ if (WCOREDUMP(status)) {
+ str_append(str, " (core dumped)");
+ return;
+ }
+
+ if (signum != SIGABRT && signum != SIGSEGV && signum != SIGBUS)
+ return;
+
+ /* let's try to figure out why we didn't get a core dump */
+ if (process_type != PROCESS_TYPE_IMAP &&
+ process_type != PROCESS_TYPE_POP3)
+ str_append(str, " (core not dumped)");
+#ifndef HAVE_PR_SET_DUMPABLE
+ else if (!settings_root->defaults->mail_drop_priv_before_exec)
+ str_append(str, " (core not dumped - set mail_drop_priv_before_exec=yes)");
+#endif
+ else if (core_dumps_disabled)
+ str_printfa(str, " (core dumps disabled)");
+ else
+ str_append(str, " (core not dumped - is home dir set?)");
+#endif
}
static void sigchld_handler(int signo ATTR_UNUSED,
@@ -181,6 +210,7 @@ static void sigchld_handler(int signo AT
str_printfa(str, "child %s (%s) killed with signal %d",
dec2str(pid), process_type_name,
WTERMSIG(status));
+ log_coredump(str, process_type, status);
}
if (str_len(str) > 0) {
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/master/common.h
--- a/src/master/common.h Mon Mar 02 20:23:31 2009 -0500
+++ b/src/master/common.h Mon Mar 02 21:04:11 2009 -0500
@@ -15,6 +15,7 @@ extern char ssl_manual_key_password[];
extern char ssl_manual_key_password[];
extern const char *env_tz;
extern bool auth_success_written;
+extern bool core_dumps_disabled;
#ifdef DEBUG
extern bool gdb;
#endif
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/master/main.c
--- a/src/master/main.c Mon Mar 02 20:23:31 2009 -0500
+++ b/src/master/main.c Mon Mar 02 21:04:11 2009 -0500
@@ -46,6 +46,7 @@ char ssl_manual_key_password[100];
char ssl_manual_key_password[100];
const char *env_tz;
bool auth_success_written;
+bool core_dumps_disabled;
#ifdef DEBUG
bool gdb;
#endif
@@ -264,7 +265,9 @@ static void main_log_startup(void)
#define STARTUP_STRING PACKAGE_NAME" v"VERSION" starting up"
rlim_t core_limit;
- if (restrict_get_core_limit(&core_limit) == 0 && core_limit == 0)
+ core_dumps_disabled = restrict_get_core_limit(&core_limit) == 0 &&
+ core_limit == 0;
+ if (core_dumps_disabled)
i_info(STARTUP_STRING" (core dumps disabled)");
else
i_info(STARTUP_STRING);
diff -r 3e3aba4a3acd -r c9381a0fdc5e src/pop3/main.c
--- a/src/pop3/main.c Mon Mar 02 20:23:31 2009 -0500
+++ b/src/pop3/main.c Mon Mar 02 21:04:11 2009 -0500
@@ -178,6 +178,7 @@ static void drop_privileges(void)
}
restrict_access_by_env(!IS_STANDALONE());
+ restrict_access_allow_coredumps(TRUE);
}
static bool main_init(void)
More information about the dovecot-cvs
mailing list