如何禁用Docker容器中的核心文件转储 [英] How to disable core file dumps in docker container

问题描述

我的PHP容器运行puppeteer生成PDF。通过生成PDF文档，它还在我的容器内创建了两个核心转储文件。我不确定它们的实际来源。

主机/服务器是CentOS 7。

ve检查了以下内容：

1. 没有应用程序错误日志，Browsershot / puppeteer正在运行而没有错误。


2. 在 / var / log / messages

我尝试禁用核心转储

通过遵循

有人可以帮我禁用核心转储吗？非常感谢。

解决方案

您必须使用-ulimit core = 0选项启动容器禁用核心转储。

参考：> https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container--- ulimit

示例

在主机上，将coredump路径临时设置为 / tmp 进行验证：

  echo'/tmp/core.%e.%p '| sudo tee / proc / sys / kernel / core_pattern 
  

像往常一样启动一个容器并强制进行核心转储：

  docker run --rm -it bash 
（在容器内部）
＃是> / dev / null& 
＃kill -SIGABRT $（pidof yes）
＃ls / tmp 
（显示core.yes。< pid>）
  

现在，-ulimit core = 0 ：

  docker run --ulimit core = 0 --rm -it bash 
（在容器内部）
＃是> / dev / null& 
＃kill -SIGABRT $（pidof yes）
＃ls / tmp 
（无条目）
  

My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.

The host/server is CentOS 7.

I've checked following:

1. No application error log, Browsershot/puppeteer is running without errors.
2. No error log (e.g. segfault) found in /var/log/messages

I've tried to disable core dumps

By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:

1. Adding following content to /etc/security/limits.conf

* soft core 0
* hard core 0

2. Created a disable-core-dumps.sh by: echo "ulimit -c 0 > /dev/null 2>&1" > /etc/profile.d/disable-coredumps.sh

3. Added following content to /etc/systemd/coredump.conf

[Coredump]

Storage=none
ProcessSizeMax=0

4. And reboot the server and the container.

5. I've also tried to set ulimit -c 0 inside the container (alpine)

None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:

core.131 core.52

The core files look like:

Can anyone helps me to disable the core dumps? Thanks a lot.

解决方案

You have to start your container with the option --ulimit core=0 to disable coredumps.

Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit

Example

On the host, temporarily set the coredump path to /tmp for verification:

echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern

Start a container as usual and force a core dump:

docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)

Now, with --ulimit core=0:

docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)

这篇关于如何禁用Docker容器中的核心文件转储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！