Tuesday, January 30, 2024

[SOLVED] How to change core pattern only for a particular application?

Issue

My application requires the core dump file to be generated in a specific pattern. I want the core file generated with file name in a given format (which contains PID of the process, etc). This can be done by setting the pattern in /proc/sys/kernel/core_pattern. using specifiers like %p, %e. But this method will affect the core file pattern globally. I don't want this to happen. I'm not allowed to change the core pattern of other processes and others' processes.

How do I do this without affecting other processes?

And how do I do this when /proc is read-only?


Solution

man core tells us:

Piping core dumps to a program

Since kernel 2.6.19, Linux supports an alternate syntax for the /proc/sys/kernel/core_pattern file. If the first character of this file is a pipe symbol (|), then the remainder of the line is interpreted as a program to be executed. Instead of being written to a disk file, the core dump is given as standard input to the program.

Note the following points:

  • The program must be specified using an absolute pathname (or a pathname relative to the root directory, /), and must immediately follow the '|' character.

  • The process created to run the program runs as user and group root.

  • Command-line arguments can be supplied to the program (since Linux 2.6.24), delimited by white space (up to a total line length of 128 bytes).

  • The command-line arguments can include any of the % specifiers listed above. For example, to pass the PID of the process that is being dumped, specify %p in an argument.

You can put a script there, like e.g.

| /path/to/myscript %p %s %c

You can detect which process is triggering the coredump: (man core):

       %%  a single % character
       %p  PID of dumped process
       %u  (numeric) real UID of dumped process
       %g  (numeric) real GID of dumped process
       %s  number of signal causing dump
       %t  time of dump, expressed as seconds since the Epoch,  1970-01-01
           00:00:00 +0000 (UTC)
       %h  hostname (same as nodename returned by uname(2))
       %e  executable filename (without path prefix)
       %E  pathname of executable, with slashes ('/') replaced by exclama‐
           tion marks ('!').
       %c  core file size soft resource limit of crashing  process  (since
           Linux 2.6.24)

Now all you have to do is "do the default thing" for other processes than your own



Answered By - sehe
Answer Checked By - Gilberto Lyons (WPSolving Admin)
at