《coredump问题原理探究》Linux x86版第二章coredump捕获的环境配置
《coredump问题原理探究》Linux x86版第二章coredump捕获的环境配置
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://cloud.tencent.com/developer/article/1344481
在Linux下捕获coredump的方法,按照作用范围,分为:作用于当前shell的方法,作用于单个用户的方法,作用于系统所有用户的方法。
1. 作用于当前shell的方法
在当前shell设置coredump的捕获,一般是用ulimit –c 命令。这条命令的含义,可以通过man ulimit得到。
如果用ulimit –c的结果不是0,那么coredump是会捕获的。例子如下:
[buckxu@xuzhina 1]$ ulimit -c
unlimited
[buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ ./xuzhina_dump_c1
Segmentation fault (core dumped)
[buckxu@xuzhina 1]$ ls
core_xuzhina_dump_c1_7124 xuzhina_dump_c1 xuzhina_dump_c1.cpp如果当ulimit –c的结果为0,则coredump是不会捕获的。例子如下:
[buckxu@xuzhina 1]$ ls
core_xuzhina_dump_c1_7124 xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ rm core_xuzhina_dump_c1_7124
[buckxu@xuzhina 1]$ ulimit -c 0
[buckxu@xuzhina 1]$ ulimit -c
0
[buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ ./xuzhina_dump_c1
Segmentation fault
[buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp但当ulimit –c的结果为0,要重新设置,则有可能会遇到权限的问题
[buckxu@xuzhina 1]$ ulimit -c
0
[buckxu@xuzhina 1]$ ulimit -c 10
-bash: ulimit: core file size: cannot modify limit: Operation not permitted
[buckxu@xuzhina 1]$ ulimit -c 100
-bash: ulimit: core file size: cannot modify limit: Operation not permitted
[buckxu@xuzhina 1]$ ulimit -c 1000
-bash: ulimit: core file size: cannot modify limit: Operation not permitted1. 作用于单个用户的方法
最简单的方法就是把ulimit–c放在用户的配置文件。不同的shell有不同的配置文件。如bash的话,用户配置文件可以是~/.bash_profile,~/.bash_login,~/.profile。可以通过man bash这个命令找到依据:
When bash is invoked as an interactive login shell, or as a non-inter-
active shell with the --login option, it first reads and executes com-
mands from the file /etc/profile, if that file exists. After reading
that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile,
in that order, and reads and executes commands from the first one that
exists and is readable. 像本人用的是bash,那么,就在~/.bash_profile加了一行:
ulimit -c 10000然后重新登录后,都变成这样:
[buckxu@xuzhina ~]$ ulimit -c
10000验证一下:
buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ ./xuzhina_dump_c1
Segmentation fault (core dumped)
[buckxu@xuzhina 1]$ ls
core_xuzhina_dump_c1_7497 xuzhina_dump_c1 xuzhina_dump_c1.cpp还有另外一种方法,但需要重启。例子如下:
a)用root用户登录,在/etc/security/limits.conf,增加一行:
buckxu soft core 2000这个文件的含义,可以通过man limits.conf来查询。
b)重启
c)用buckxu用户登录,
[buckxu@xuzhina ~]$ ulimit -c
2000d)用其它用户登录,
[allyluo@xuzhina ~]$ ulimit -c
01. 作用于系统所有用户的方法
作用于系统所有用户的方法有两种。
一种是在/etc/profile里加一行
ulimit –c <corefile size>其中corefilesize可以是任何数值或者unlimited。
而另外一种呢,是在/etc/security/limits.conf加上一行:
* soft core unlimited #indicates unlimit on corefile size然后重启。
可以看到所有用户的corefilesize都为unlimited了。
[allyluo@xuzhina ~]$ ulimit -c
unlimited
[buckxu@xuzhina ~]$ ulimit -c
unlimited通过上面的方法,当程序崩溃时,就会产生coredump文件,但是文件名却是core。如果使用命令man core就会发现corefile有一些命名规则:
Naming of core dump files
By default, a core dump file is named core, but the /proc/sys/ker-
nel/core_pattern file (since Linux 2.6 and 2.4.21) can be set to define
a template that is used to name core dump files. The template can con-
tain % specifiers which are substituted by the following values when a
core file is created:
%% a single % character
%p PID of dumped process
%u (numeric) real UID of dumped process
%g (numeric) real GID of dumped process
%s number of signal causing dump
%t time of dump, expressed as seconds since the Epoch, 1970-01-01
00:00:00 +0000 (UTC)
%h hostname (same as nodename returned by uname(2))
%e executable filename (without path prefix)
%c core file size soft resource limit of crashing process (since
Linux 2.6.24)如果要马上设置命名规则,可以用root用户执行下面命令
echo "core-%e-%p-%u" >/proc/sys/kernel/core_pattern在本人机器的执行结果:
[buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ ./xuzhina_dump_c1
Segmentation fault (core dumped)
[buckxu@xuzhina 1]$ ls
core-xuzhina_dump_c1-1246-1000 xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ echo $UID
1000也可以用root用户在/etc/sysctl.conf加入一行
kernel.core_pattern= core-%e-%p-%u然后执行
sysctl –p在fedora系统下,只要启动了abrtd服务。它也会设置core文件的命名。
[buckxu@xuzhina ~]$ ps aux|grep abrtd
root 504 0.0 0.1 5816 1136 ? Ss 21:55 0:00 /usr/sbin/abrtd -d –s
[buckxu@xuzhina ~]$ cat /proc/sys/kernel/core_pattern
|/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e产生的core文件如下:
[buckxu@xuzhina 1]$ ls
xuzhina_dump_c1 xuzhina_dump_c1.cpp
[buckxu@xuzhina 1]$ ./xuzhina_dump_c1
Segmentation fault (core dumped)
[buckxu@xuzhina 1]$ ls
core.961 xuzhina_dump_c1 xuzhina_dump_c1.cpp实际上,core文件产生得不理想。如果多个进程要产生core dump,那么,就不知道是哪一个程序产生的,往往用gdb没办法调试。调试前还得用file命令来确定一下是哪个程序产生的。
[buckxu@xuzhina 1]$ file core.961
core.961: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from './xuzhina_dump_c1'所以,在fedora系统,最好是把abrtd服务停止掉,在/etc/sysctl.conf里加上kernel.core_pattern的设置。