From 9ce1759311c6734deb69aa7253bf7297536a55d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Wed, 10 Jan 2018 10:36:14 +0100 Subject: [PATCH 1/2] tree-wide: introduce disable_core_dumps helper and port existing users Changes the core_pattern to prevent any core dumps by the kernel. Does nothing if we're in a container environment as this is system wide setting. --- src/basic/util.c | 7 +++++++ src/basic/util.h | 2 ++ src/core/main.c | 3 ++- src/coredump/coredump.c | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/basic/util.c b/src/basic/util.c index 2a39ff2b538..b1e6f5002ef 100644 --- a/src/basic/util.c +++ b/src/basic/util.c @@ -61,6 +61,7 @@ #include "umask-util.h" #include "user-util.h" #include "util.h" +#include "virt.h" int saved_argc = 0; char **saved_argv = NULL; @@ -615,3 +616,9 @@ int str_verscmp(const char *s1, const char *s2) { return strcmp(os1, os2); } + +/* Turn off core dumps but only if we're running outside of a container. */ +void disable_core_dumps(void) { + if (detect_container() <= 0) + (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); +} diff --git a/src/basic/util.h b/src/basic/util.h index 20181ab9170..c10cfea9523 100644 --- a/src/basic/util.h +++ b/src/basic/util.h @@ -191,3 +191,5 @@ int update_reboot_parameter_and_warn(const char *param); int version(void); int str_verscmp(const char *s1, const char *s2); + +void disable_core_dumps(void); diff --git a/src/core/main.c b/src/core/main.c index 63533dbe101..ef7d7f58dc4 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -91,6 +91,7 @@ #include "terminal-util.h" #include "umask-util.h" #include "user-util.h" +#include "util.h" #include "virt.h" #include "watchdog.h" @@ -1603,7 +1604,7 @@ static void initialize_coredump(bool skip_setup) { /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored * until the systemd-coredump tool is enabled via sysctl. */ if (!skip_setup) - (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); + disable_core_dumps(); } static void do_reexecute( diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index e6063cc980e..f83a951df70 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -1126,7 +1126,7 @@ static int gather_pid_metadata( /* If this is PID 1 disable coredump collection, we'll unlikely be able to process it later on. */ if (is_pid1_crash((const char**) context)) { log_notice("Due to PID 1 having crashed coredump collection will now be turned off."); - (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0); + disable_core_dumps(); } set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]); From 27b372c1c2cf634b865a70586cbb38f1acc772d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Mon, 23 Oct 2017 08:57:09 +0200 Subject: [PATCH 2/2] shutdown: prevent core dumps in final shutdown stage If the system is finally shutting down it makes no sense to write core dumps as the last remaining processes are terminated / killed. This is especially significant in case of a "force reboot" where all processes are hit concurrently with a SIGTERM and no orderly shutdown of processes takes place. --- src/core/shutdown.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/shutdown.c b/src/core/shutdown.c index ffab4de1013..b1f581b5482 100644 --- a/src/core/shutdown.c +++ b/src/core/shutdown.c @@ -323,6 +323,9 @@ int main(int argc, char *argv[]) { if (!in_container) sync_with_progress(); + /* Prevent coredumps */ + disable_core_dumps(); + log_info("Sending SIGTERM to remaining processes..."); broadcast_signal(SIGTERM, true, true);