journald: set a lower size limit for FDs from unpriv processes#40571
Conversation
|
would love it if this was configurable via env var. because if coredumps are submitted these will come in via unpriv connections, and thus this hardcoded logic would basically make it impossible to save coredumps in journal files, which we however officially support. hence, please make this configurable via env var, so that we at least can tell people that if they really want this, there is a way out without patching |
|
Doesn't coredump run as root? |
838a71e to
96c1beb
Compare
|
Ah yes it's sent as the user of the crashed process - I have changed it to check the context, and allow it if the sender is [email protected]. The core files limit can be set anyway with privileges, and the storage too, so it should be ok I think, and it avoids breaking compat. |
| log_ratelimit_warning_errno(r, JOURNAL_LOG_RATELIMIT, | ||
| "Failed to retrieve credentials for PID " PID_FMT ", ignoring: %m", | ||
| ucred->pid); | ||
| else if (context->unit && startswith(context->unit, "systemd-coredump@")) |
I can still add an env var of course if you want it, if there's some other use case to enable |
|
i still think there should be an env var for this knob |
96c1beb to
170791c
Compare
Unprivileged processes can send 768M in a FD-based message to journald, which will be malloc'ed in one go, likely causing memory issues. Set the limit for unprivileged users to 24M. Allow coredumps as an exception, since we always allowed storing up to the 768M max core files in the journal. Reported on yeswehack.com as #YWH-PGM9780-48
170791c to
8ac2c4d
Compare
Unprivileged processes can send 768M in a FD-based message to journald, which will be malloc'ed in one go, likely causing memory issues. Set the limit for unprivileged users to 24M.
Allow coredumps as an exception, since we always allowed storing up to the 768M max core files in the journal.
Reported on yeswehack.com as #YWH-PGM9780-48