From 486d2a4b0756b0fe266f8ff79e5ecdb7ae5d680c Mon Sep 17 00:00:00 2001 From: zhong-jiawei-1 Date: Mon, 24 Oct 2022 15:29:29 +0800 Subject: [PATCH] runc:disable core dump during exec --- runc-1.1.3/libcontainer/process_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/runc-1.1.3/libcontainer/process_linux.go b/runc-1.1.3/libcontainer/process_linux.go index 29408d7..75d05b7 100644 --- a/runc-1.1.3/libcontainer/process_linux.go +++ b/runc-1.1.3/libcontainer/process_linux.go @@ -79,6 +79,8 @@ func (p *setnsProcess) signal(sig os.Signal) error { } func (p *setnsProcess) start() (retErr error) { + unix.Prctl(unix.PR_SET_DUMPABLE, 0, 0, 0, 0) + defer unix.Prctl(unix.PR_SET_DUMPABLE, 1, 0, 0, 0) defer p.messageSockPair.parent.Close() // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() -- 2.30.0