From d98901af66768560f0e352db72bb32d216aa9040 Mon Sep 17 00:00:00 2001
From: jingrui <jingrui@huawei.com>
Date: Mon, 8 Jul 2019 19:49:24 +0800
Subject: [PATCH] runc:disable core dump during exec

Change-Id: If649738854616c1f448a148aef1f2cc414715616
Signed-off-by: jingrui <jingrui@huawei.com>
---
 libcontainer/process_linux.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
index 29408d7..75d05b7 100644
--- a/libcontainer/process_linux.go
+++ b/libcontainer/process_linux.go
@@ -79,6 +79,8 @@ func (p *setnsProcess) signal(sig os.Signal) error {
 }
 
 func (p *setnsProcess) start() (retErr error) {
+	unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0)
+	defer unix.Prctl(unix.PR_SET_DUMPABLE, 1, 0, 0, 0)
 	defer p.messageSockPair.parent.Close()
 	// get the "before" value of oom kill count
 	oom, _ := p.manager.OOMKillCount()
-- 
2.33.0