mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-05 09:17:44 +03:00
2a9b9323cd
We need to make sure that our coredump pattern handler manages to read process metadata from /proc/$PID/ before the kernel reaps the crashed process. By default the kernel will reap the process as soon as it can. By setting kernel.core_pipe_limit to a non-zero the kernel will wait for userspace to finish before reaping. We'll set the value to 16, which allows 16 crashes to be processed in parallel. This matches the MaxConnections= setting in systemd-coredump.socket. See: #17301 (This doesn't close 17301, since we probably should also gracefully handle if /proc/$PID/ vanished already while our coredump handler runs, just in case people loclly set the sysctl back to zero. i.e. we should collect what we can and rather issue an incomplete log record than none.)
39 lines
1.8 KiB
Plaintext
39 lines
1.8 KiB
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# See sysctl.d(5) for the description of the files in this directory.
|
|
|
|
# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
|
|
# by the kernel will start a second copy of itself as the
|
|
# systemd-coredump@.service, which will do the actual processing and storing of
|
|
# the core dump.
|
|
#
|
|
# See systemd-coredump(8) and core(5).
|
|
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
|
|
|
|
# Allow that 16 coredumps are dispatched in parallel by the kernel. We want to
|
|
# be able to collect process metadata from /proc/%P/ while processing
|
|
# coredumps, and thus need to make sure the crashed processes are not reaped
|
|
# until we finished collecting what we need. The kernel default for this sysctl
|
|
# is "0" which means the kernel doesn't wait for userspace processes to finish
|
|
# processing before reaping the crashed processes — by setting this higher the
|
|
# kernel will delay reaping until we are done, but only for the specified
|
|
# number of crashes in parallel. The value of 16 is chosen to match
|
|
# systemd-coredump.socket's MaxConnections= value.
|
|
kernel.core_pipe_limit=16
|
|
|
|
# Also dump processes executing a set-user-ID/set-group-ID program that is
|
|
# owned by a user/group other than the real user/group ID of the process, or
|
|
# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
|
|
#
|
|
# systemd-coredump will store the core file owned by the effective uid and gid
|
|
# of the running process (and not the filesystem-user-ID which the kernel uses
|
|
# when saving a core dump).
|
|
#
|
|
# See proc(5), setuid(2), capabilities(7).
|
|
fs.suid_dumpable=2
|