Re: [RFC PATCH] macos: Allow coredump generation

[Akihiko Odaki]

On 2024/07/23 18:09, Phil Dennis-Jordan wrote:
> This can certainly be useful in various situations! However, wholesale 
> enabling get-task-allow will enable other processes on the system to 
> inject code, connect a debugger, etc. to the Qemu process. Normally, 
> this is only something you'd enable for builds that are specifically 
> intended for debugging. I'm not sure users running Qemu in production 
> environments will necessarily appreciate this - do we perhaps want to 
> gate this behind a build configuration flag?

Yes, it is useful but shouldn't be enabled by default for a non-debug build.

> (Related: Would it perhaps make more sense to dynamically 
> generate/preprocess the entitlements file based on configuration flags 
> than have a bunch of variants of the file? You'll end up with a 
> combinatorial explosion sooner or later - I'm also thinking of 
> com.apple.vm.networking and com.apple.vm.device-access which we can't 
> enable by default because they require Apple to grant the entitlement 
> but which currently require patching if you have those entitlements.)

I agree. It's better to generate a plist.

> What do you think?
>
> Phil
>
>
> On Tue, 23 Jul 2024 at 10:59, Philippe Mathieu-Daudé <philmd@linaro.org 
> <mailto:philmd@linaro.org>> wrote:
>
>     QEMU is allowed to generate coredump on other POSIX OSes,
>     bring that functionality to macOS. Admin users still need



>     to enable the kern.coredump sysctl manually running:
>
>        % sudo sysctl kern.coredump=1
>
>     the normal users have to enable their shell running:
>
>        % ulimit -c unlimited
>
>     Reference used:
>     https://nasa.github.io/trick/howto_guides/How-to-dump-core-file-on-MacOS.html 
> <https://nasa.github.io/trick/howto_guides/How-to-dump-core-file-on-MacOS.html>

It is better to note the implication of adding 
com.apple.security.get-task-allow in the commit message.

Regards,
Akihiko Odaki