On Tue, May 29, 2012 at 12:30 PM, Henning Brauer <[email protected]> wrote: > * Peter J. Philipp <[email protected]> [2012-05-29 21:26]: >> 1. Make BGPD dump core > > it doesn't work that way due to bgpd dropping privs and chrooting. > the way involves setting kern.nosuidcoredump to 2, but since we have > all that already written down in an email to a non-public list, it'll > be easiest to make that available.
Roger. To paraphrase: in order for such a process to be able to dump core, do the following: ---- Create /var/empty/var/crash/ and chown it to the user that the [chroot'ed priv-sep'ed process] runs as, then set the kern.nosuidcoredump sysctl to 2. ---- Philip Guenther
