+++ This bug was initially created as a clone of Bug #1276931 +++
Description of problem:
Abrt (again) hijacks core dumps of my programs that I am developing.
I have set ulimit -c explicitly to get dumps for further analysis, I really do not want some bloody system to hijack them.
Please note somewhere in the project that you should honour the ulimit. This is the second time already I have to report this. Please keep your hands away from my binaries!!!!!
Version-Release number of selected component (if applicable):
22
How reproducible:
1 make a program that crashes.
2 Enable ulimit -c.
3 Run the program, watch it crash.
4 See the message "core dumped".
5 See the core dump not in the directory where it should be, even though you enabled ulimit -c to get that.
6 Be highly annoyed that *again* the bloody OS is messing with your binaries.
Additional info:
I can see you want crash reports. I don't see why you want random binaries, I don't see why you do not honour my ulimit -c setting.
Please remember some people do other stuff than browsing and email.
--- Additional comment from Jakub Filak on 2015-11-02 08:47:10 CET ---
I am terribly sorry for the inconvenience. I can assure you this is a bug and it is probably caused by selinux preventing abrt from creating the core dump file in the right place. We try really hard to discover these bugs and here is our test case verifying that abrt honors 'ulimit -c':
https://github.com/abrt/abrt/blob/master/tests/runtests/compat-cores/runtest.sh
--- Additional comment from Jakub Filak on 2015-11-02 09:36 CET ---
$ mkdir coredumps
$ cd coredumps/
$ ulimit -c unlimited
$ ulimit -c
unlimited
# Generate an arbitrary crash
$ will_segfault
Will segfault.
Segmentation fault (core dumped)
# journal contains message logged by abrt-hook-ccpp trying to create the core file in the process' CWD
$ sudo journalctl -n 5
Nov 02 09:21:43 localhost.localdomain audit[1393]: <audit-1400> avc: denied { getattr } for pid=1393 comm="abrt-hook-ccpp" path="ipc:[4026531839]" dev="nsfs" ino=4026531839 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
Nov 02 09:21:43 localhost.localdomain abrt-hook-ccpp[1393]: Can't open process's CWD for CompatCore: Permission denied
Nov 02 09:21:43 localhost.localdomain audit[1393]: <audit-1400> avc: denied { read } for pid=1393 comm="abrt-hook-ccpp" name="coredumps" dev="dm-1" ino=272302 scontext=system_u:system_r:abrt_dump_oops_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0
Nov 02 09:21:43 localhost.localdomain abrt-hook-ccpp[1393]: Can't open /proc/sys/fs/suid_dumpable
Nov 02 09:21:43 localhost.localdomain kernel: will_segfault[1392]: segfault at 0 ip 00000000004008ae sp 00007ffdc0575ec0 error 4 in will_segfault[400000+1000]
# ABRT has detected the crash
$ abrt-cli list
id ecd85a3f16cb78eb236429b1b969eb870c76b2b3
reason: will_segfault killed by SIGSEGV
time: Mon 02 Nov 2015 09:21:43 AM CET
cmdline: will_segfault
package: will-crash-0.10-1.fc22
uid: 1000 (jfilak)
count: 1
Directory: /var/spool/abrt/ccpp-2015-11-02-09:21:43-1392
# However, no core file has been created in the working directory
$ ls
# Turn SELinux permissive
$ sudo sentenforce 0
# Regenerated the crash
$ will_segfault
Will segfault.
Segmentation fault (core dumped)
# The core file has been created
$ ls
core.1447
$ sudo ausearch -m AVC -ts today
$ rpm -q selinux-policy
selinux-policy-3.13.1-128.18.fc22.noarch