trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: trafficserver-3.2.4 unstable?
Date Thu, 14 Feb 2013 18:18:49 GMT


Am 07.02.2013 14:19, schrieb Reindl Harald:
>>> LimitNOFILE=100000
>>> LimitMEMLOCK=infinity
>>> OOMScoreAdjust=-1000
>>> PrivateTmp=yes
>>> CapabilityBoundingSet=~CAP_SYS_PTRACE
>>> InaccessibleDirectories=/boot
>>> InaccessibleDirectories=/home
>>> InaccessibleDirectories=/usr/local/scripts
>>> InaccessibleDirectories=/var/lib/rpm
>>> InaccessibleDirectories=/var/spool
>
> CONFIG proxy.config.diags.debug.enabled INT 0
> CONFIG proxy.config.diags.debug.tags STRING http.*|dns.*
> CONFIG proxy.config.dump_mem_info_frequency INT 0
> CONFIG proxy.config.stack_dump_enabled 0
> 
> the first 3 values where already there, we will see
> for me "stack_dump_enabled" is new and unclear what
> it is supposed to do

FYI: "CONFIG proxy.config.stack_dump_enabled 0" resolves the
instability in context of "CapabilityBoundingSet=~CAP_SYS_PTRACE"

maybe this should not be implicitly enabled - not because my
systemd-settings, more because in context of servers any code
which does not run can not make troubles in a security-context


Mime
View raw message