How do I get a coredump from a setcap executable?

To prevent the escape of privileged data, setcap executables on Linux don't dump core:

ijw@build$ cat > test.c
main() { abort(); }
ijw@build$ gcc test.c
test.c: In function ‘main’:
test.c:1: warning: incompatible implicit declaration of built-in function ‘abort’
ijw@build$ ./a.out 
Aborted (core dumped)
ijw@build$ sudo setcap "cap_net_admin=+ep" a.out                 
ijw@build$ ./a.out 
Aborted

Is there any way to enable it when you're debugging and actually want to see the co开发者_StackOverflowre file?

I have two answers after more research.

1. You can change the system behaviour in its entirety. This isn't really suitable beyond a one user development machine but it does the trick:

   echo 1 > /proc/sys/fs/suid_dumpable
   

   Tested, works.

2. You can change the behaviour of the specific program by calling prctl() in it:

   prctl(PR_SET_DUMPABLE, 1);
   

   In this way, the privileged program determines for itself that it should be dumpable, and the system as a whole is not affected.

   I've not tried this one.