如何禁用Docker容器中的核心文件转储 [英] How to disable core file dumps in docker container
问题描述
我的PHP容器运行puppeteer生成PDF。通过生成PDF文档,它还在我的容器内创建了两个核心转储文件。我不确定它们的实际来源。
主机/服务器是CentOS 7。
ve检查了以下内容:
- 没有应用程序错误日志,Browsershot / puppeteer正在运行而没有错误。
- 在
/ var / log / messages
我尝试禁用核心转储
通过遵循
有人可以帮我禁用核心转储吗?非常感谢。
您必须使用-ulimit core = 0选项启动容器
禁用核心转储。
参考:> https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container--- ulimit
示例
在主机上,将coredump路径临时设置为 / tmp
进行验证:
echo'/tmp/core.%e.%p '| sudo tee / proc / sys / kernel / core_pattern
像往常一样启动一个容器并强制进行核心转储:
docker run --rm -it bash
(在容器内部)
#是> / dev / null&
#kill -SIGABRT $(pidof yes)
#ls / tmp
(显示core.yes。< pid>)
现在,-ulimit core = 0
:
docker run --ulimit core = 0 --rm -it bash
(在容器内部)
#是> / dev / null&
#kill -SIGABRT $(pidof yes)
#ls / tmp
(无条目)
My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.
The host/server is CentOS 7.
I've checked following:
- No application error log, Browsershot/puppeteer is running without errors.
- No error log (e.g. segfault) found in
/var/log/messages
I've tried to disable core dumps
By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:
- Adding following content to
/etc/security/limits.conf
* soft core 0
* hard core 0
Created a disable-core-dumps.sh by:
echo "ulimit -c 0 > /dev/null 2>&1" > /etc/profile.d/disable-coredumps.sh
Added following content to
/etc/systemd/coredump.conf
[Coredump]
Storage=none
ProcessSizeMax=0
And reboot the server and the container.
I've also tried to set
ulimit -c 0
inside the container (alpine)
None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:
core.131 core.52
The core files look like:
Can anyone helps me to disable the core dumps? Thanks a lot.
You have to start your container with the option --ulimit core=0
to disable coredumps.
Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit
Example
On the host, temporarily set the coredump path to /tmp
for verification:
echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern
Start a container as usual and force a core dump:
docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)
Now, with --ulimit core=0
:
docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)
这篇关于如何禁用Docker容器中的核心文件转储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!