如何在 docker 容器中禁用核心文件转储 [英] How to disable core file dumps in docker container
问题描述
我的 PHP 容器运行 puppeteer 来生成 PDF.通过生成 PDF 文档,它还在我的容器内创建了两个核心转储文件.我不确定它们实际上来自哪里.
主机/服务器为 CentOS 7.
我检查了以下内容:
- 没有应用程序错误日志,Browsershot/puppeteer 运行没有错误.
- 在
/var/log/messages
中找不到错误日志(例如段错误)
我尝试禁用核心转储
通过遵循
谁能帮我禁用核心转储?非常感谢.
您必须使用选项 --ulimit core=0
启动容器以禁用核心转储.
参考:https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit
示例
在主机上,临时设置coredump路径为/tmp
进行验证:
echo '/tmp/core.%e.%p' |须藤三通/proc/sys/kernel/core_pattern
像往常一样启动容器并强制进行核心转储:
docker run --rm -it bash(容器内)# 是 >/dev/null &# kill -SIGABRT $(pidof yes)# ls/tmp(显示 core.yes.)
现在,使用 --ulimit core=0
:
docker run --ulimit core=0 --rm -it bash(容器内)# 是 >/dev/null &# kill -SIGABRT $(pidof yes)# ls/tmp(没有条目)
My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.
The host/server is CentOS 7.
I've checked following:
- No application error log, Browsershot/puppeteer is running without errors.
- No error log (e.g. segfault) found in
/var/log/messages
I've tried to disable core dumps
By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:
- Adding following content to
/etc/security/limits.conf
* soft core 0
* hard core 0
Created a disable-core-dumps.sh by:
echo "ulimit -c 0 > /dev/null 2>&1" > /etc/profile.d/disable-coredumps.sh
Added following content to
/etc/systemd/coredump.conf
[Coredump]
Storage=none
ProcessSizeMax=0
And reboot the server and the container.
I've also tried to set
ulimit -c 0
inside the container (alpine)
None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:
core.131 core.52
The core files look like:
Can anyone helps me to disable the core dumps? Thanks a lot.
You have to start your container with the option --ulimit core=0
to disable coredumps.
Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit
Example
On the host, temporarily set the coredump path to /tmp
for verification:
echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern
Start a container as usual and force a core dump:
docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)
Now, with --ulimit core=0
:
docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)
这篇关于如何在 docker 容器中禁用核心文件转储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!