如何在 docker 容器中禁用核心文件转储 [英] How to disable core file dumps in docker container

问题描述

我的 PHP 容器运行 puppeteer 来生成 PDF.通过生成 PDF 文档，它还在我的容器内创建了两个核心转储文件.我不确定它们实际上来自哪里.

主机/服务器为 CentOS 7.

我检查了以下内容:

1. 没有应用程序错误日志，Browsershot/puppeteer 运行没有错误.
2. 在 /var/log/messages
中找不到错误日志(例如段错误)

我尝试禁用核心转储

通过遵循

谁能帮我禁用核心转储?非常感谢.

解决方案

您必须使用选项 --ulimit core=0 启动容器以禁用核心转储.

参考:https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit

示例

在主机上，临时设置coredump路径为/tmp进行验证:

echo '/tmp/core.%e.%p' |须藤三通/proc/sys/kernel/core_pattern

像往常一样启动容器并强制进行核心转储:

docker run --rm -it bash(容器内)# 是 >/dev/null &# kill -SIGABRT $(pidof yes)# ls/tmp(显示 core.yes.)

现在，使用 --ulimit core=0:

docker run --ulimit core=0 --rm -it bash(容器内)# 是 >/dev/null &# kill -SIGABRT $(pidof yes)# ls/tmp(没有条目)

My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.

The host/server is CentOS 7.

I've checked following:

1. No application error log, Browsershot/puppeteer is running without errors.
2. No error log (e.g. segfault) found in /var/log/messages

I've tried to disable core dumps

By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:

1. Adding following content to /etc/security/limits.conf

* soft core 0
* hard core 0

2. Created a disable-core-dumps.sh by: echo "ulimit -c 0 > /dev/null 2>&1" > /etc/profile.d/disable-coredumps.sh

3. Added following content to /etc/systemd/coredump.conf

[Coredump]

Storage=none
ProcessSizeMax=0

4. And reboot the server and the container.

5. I've also tried to set ulimit -c 0 inside the container (alpine)

None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:

core.131 core.52

The core files look like:

Can anyone helps me to disable the core dumps? Thanks a lot.

解决方案

You have to start your container with the option --ulimit core=0 to disable coredumps.

Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit

Example

On the host, temporarily set the coredump path to /tmp for verification:

echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern

Start a container as usual and force a core dump:

docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)

Now, with --ulimit core=0:

docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)

这篇关于如何在 docker 容器中禁用核心文件转储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！