How to disable core file dumps in docker container

问题

My PHP container runs puppeteer to generate PDF. By generating a PDF document, it also creates two core dump files inside my container. I am not sure where they actually come from.

The host/server is CentOS 7.

I've checked following:

1. No application error log, Browsershot/puppeteer is running without errors.
2. No error log (e.g. segfault) found in /var/log/messages

I've tried to disable core dumps

By following Disable core dumps section of https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/, I've done:

1. Adding following content to /etc/security/limits.conf

* soft core 0
* hard core 0

2. Created a disable-core-dumps.sh by: echo “ulimit -c 0 > /dev/null 2>&1” > /etc/profile.d/disable-coredumps.sh

3. Added following content to /etc/systemd/coredump.conf

[Coredump]

Storage=none
ProcessSizeMax=0

4. And reboot the server and the container.

5. I've also tried to set ulimit -c 0 inside the container (alpine)

None of the tricks above work for me. Everytime the puppeteer generates a PDF it always create two core dump files like below:

core.131 core.52

The core files look like:

Can anyone helps me to disable the core dumps? Thanks a lot.

回答1:

You have to start your container with the option --ulimit core=0 to disable coredumps.

Reference: https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit

Example

On the host, temporarily set the coredump path to /tmp for verification:

echo '/tmp/core.%e.%p' | sudo tee /proc/sys/kernel/core_pattern

Start a container as usual and force a core dump:

docker run --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(shows core.yes.<pid>)

Now, with --ulimit core=0:

docker run --ulimit core=0 --rm -it bash
(inside the container)
# yes > /dev/null &
# kill -SIGABRT $(pidof yes)
# ls /tmp
(No entries)

回答2:

i have this problem too on the docker swarm service and --ulimit core=0 does not work in swarm service i used below command and worked for me in docker swarm service!

sysctl -w kernel.core_pattern=/dev/null

来源：https://stackoverflow.com/questions/58704192/how-to-disable-core-file-dumps-in-docker-container