Hi Krister:
Thanks for your review.
在 2016-10-25二的 17:19 -0700,Krister Johansen写道:
> On Tue, Oct 25, 2016 at 03:28:56PM +0800, Cao Shufeng wrote:
> > From: Zhao Lei <zhaolei@xxxxxxxxxxxxxx>
> > It will bring us following benefit:
> > 1: Each container can change their own coredump setting
> > based on operation on /proc/sys/kernel/core_pattern
> > 2: Coredump setting changed in host will not affect
> > running containers.
> > 3: Support both case of "putting coredump in guest" and
> > "putting curedump in host".
>
> Would you explain more about case #3 here? In particular, I'm curious
> what the impact is for systems that have already configured core_pattern
> with the understanding that the program might be invoked to handle
> either a host or a container core. In particular, is there any way to
> specify that the container handler fall back to the host handler?
Yes, there is.
We need to run this command in container:
# echo "" > /proc/sys/kernel/core_pattern
Then we will run the program configured in the parent pid namespace.
And the program will run in the context where it's configured.
>
> On the systems that I've configured, /proc/sys is mounted read-only in the
> container. The host has a special program run from core_pattern that
For unprivileged containers with read only /proc/ tempfs, we need some
enhancement in container team. We need to configure core_pattern to
empty string before starting the container, so that we can keep backward
compatibility.
> determines which container generated the core. It then stores the cores
> in a directory that uniquely identifies the container. The cores are
> isolated on their own filesystem, and given a quota per-container. The
> eventual goal is to have a service evacuate the cores to an object store
> where we can make them available to the customer via a web service.
It's quit a good solution for current kernel. :)
>
> Does your change still allow a global handler in the host to process
> cores from containers? Or is that behavior removed completely?
Yes, we still support a global handler in the host.
But we need to set core_pattern in container to empty string firstly.
>
> -K
>
>
--
Best Regards,
Cao Shufeng
--------------------------------------------------
Cao Shufeng
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
No.6 Wenzhu Road, Nanjing, 210012, China
TEL: +86+25-86630566-8552
FUJITSU INTERNAL: 7998-8552
EMail: caosf.fnst@xxxxxxxxxxxxxx
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
