tree-wide: introduce disable_core_dumps helper and port existing users

Changes the core_pattern to prevent any core dumps by the kernel. Does
nothing if we're in a container environment as this is system wide
setting.

diff --git a/src/basic/util.c b/src/basic/util.c
index 2a39ff2b5383686c6261e9d7900eeb16a927969b..b1e6f5002efe970c22019bcde62e626d40619b4d 100644 (file)
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -61,6 +61,7 @@
 #include "umask-util.h"
 #include "user-util.h"
 #include "util.h"
+#include "virt.h"
 
 int saved_argc = 0;
 char **saved_argv = NULL;
@@ -615,3 +616,9 @@ int str_verscmp(const char *s1, const char *s2) {
 
         return strcmp(os1, os2);
 }
+
+/* Turn off core dumps but only if we're running outside of a container. */
+void disable_core_dumps(void) {
+        if (detect_container() <= 0)
+                (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
+}

diff --git a/src/basic/util.h b/src/basic/util.h
index 20181ab91702e4349076e66ad07bef6b66ea2d7b..c10cfea95233e591b7bb2fe50822374edb450ba5 100644 (file)
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -191,3 +191,5 @@ int update_reboot_parameter_and_warn(const char *param);
 int version(void);
 
 int str_verscmp(const char *s1, const char *s2);
+
+void disable_core_dumps(void);

diff --git a/src/core/main.c b/src/core/main.c
index 63533dbe101b2c4b7ff4d0e31e3986cf06e7f836..ef7d7f58dc4112ad2abe4459a7a4f215da59c8fe 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -91,6 +91,7 @@
 #include "terminal-util.h"
 #include "umask-util.h"
 #include "user-util.h"
+#include "util.h"
 #include "virt.h"
 #include "watchdog.h"
 
@@ -1603,7 +1604,7 @@ static void initialize_coredump(bool skip_setup) {
         /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
          * until the systemd-coredump tool is enabled via sysctl. */
         if (!skip_setup)
-                (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
+                disable_core_dumps();
 }
 
 static void do_reexecute(

diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index e6063cc980e76f58e76ef936a45665b53e661154..f83a951df70272bb2c1cfce9079198aa740e19df 100644 (file)
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -1126,7 +1126,7 @@ static int gather_pid_metadata(
                 /* If this is PID 1 disable coredump collection, we'll unlikely be able to process it later on. */
                 if (is_pid1_crash((const char**) context)) {
                         log_notice("Due to PID 1 having crashed coredump collection will now be turned off.");
-                        (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
+                        disable_core_dumps();
                 }
 
                 set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);