Search code examples
linuxunixcoredump

How to change core pattern only for a particular application?

My application requires the core dump file to be generated in a specific pattern. I want the core file generated with file name in a given format (which contains PID of the process, etc). This can be done by setting the pattern in /proc/sys/kernel/core_pattern. using specifiers like %p, %e. But this method will affect the core file pattern globally. I don't want this to happen. I'm not allowed to change the core pattern of other processes and others' processes.

How do I do this without affecting other processes?

And how do I do this when /proc is read-only?

Solution

  • man core tells us:

    Piping core dumps to a program

    Since kernel 2.6.19, Linux supports an alternate syntax for the /proc/sys/kernel/core_pattern file. If the first character of this file is a pipe symbol (|), then the remainder of the line is interpreted as a program to be executed. Instead of being written to a disk file, the core dump is given as standard input to the program.

    Note the following points:

    • The program must be specified using an absolute pathname (or a pathname relative to the root directory, /), and must immediately follow the '|' character.

    • The process created to run the program runs as user and group root.

    • Command-line arguments can be supplied to the program (since Linux 2.6.24), delimited by white space (up to a total line length of 128 bytes).

    • The command-line arguments can include any of the % specifiers listed above. For example, to pass the PID of the process that is being dumped, specify %p in an argument.

    You can put a script there, like e.g.

    | /path/to/myscript %p %s %c

    You can detect which process is triggering the coredump: (man core):

           %%  a single % character
       %p  PID of dumped process
       %u  (numeric) real UID of dumped process
       %g  (numeric) real GID of dumped process
       %s  number of signal causing dump
       %t  time of dump, expressed as seconds since the Epoch,  1970-01-01
           00:00:00 +0000 (UTC)
       %h  hostname (same as nodename returned by uname(2))
       %e  executable filename (without path prefix)
       %E  pathname of executable, with slashes ('/') replaced by exclama‐
           tion marks ('!').
       %c  core file size soft resource limit of crashing  process  (since
           Linux 2.6.24)

    Now all you have to do is "do the default thing" for other processes than your own