On 10/25/2015 05:54 AM, Shayan Pooya wrote:
I noticed the following core_pattern behavior in my linux box while running docker containers. I am not sure if it is bug, but it is inconsistent and not documented. If the core_pattern is set on the host, the containers will observe and use the pattern for dumping cores (there is no per cgroup core_pattern). According to core(5) for setting core_pattern one can: 1. echo "/tmp/cores/core.%e.%p" > /proc/sys/kernel/core_pattern 2. echo "|/bin/custom_core /tmp/cores/ %e %p " > /proc/sys/kernel/core_pattern The former pattern evaluates the /tmp/cores path in the container's filesystem namespace. Which means, the host does not see a core file in /tmp/cores. However, the latter evaluates the /bin/custom_core path in the global filesystem namespace. Moreover, if /bin/core decides to write the core to a path (/tmp/cores in this case as shown by the arg to custom_core), the path will be evaluated in the global filesystem namespace as well. The latter behaviour is counter-intuitive and error-prone as the container can fill up the core-file directory which it does not have direct access to (which means the core is also not accessible for debugging if someone only has access to the container).
Hi Shayan, We found the same problem with what you described here. Is there any document for this behaviour? I want to know is that intentional or as you said a 'bug'. Maybe that's intentional to provide a way for admin to collect core dumps from all containers as Richard said. I am interested in it too. Anyone can help here? Yang
Currently, I work around this issue by detecting that the process is crashing from a container (by comparing the namespace pid to the global pid) and refuse to dump the core if it is from a container. Tested on Ubuntu (kernel 3.16) and Fedora (kernel 4.1). -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
