Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

coreadm(8)

Name

coreadm - core file administration

Synopsis

coreadm [-g pattern] [-G content] [-i pattern] [-I content] 
     [-k pattern] [-d option]... [-e option]...
coreadm [-p pattern] [-P content] [-r policy] [pid]...

Description

coreadm specifies the name and location of core files produced by abnormally-terminating processes. See the core(5) man page.

Only users and roles that belong to the Maintenance and Repair RBAC profile can execute the first form of the SYNOPSIS. This form configures system-wide core file options, including a global core file name pattern, kernel zone core file name pattern and a core file name pattern for the init(8) process. All settings are saved persistently and will be applied at boot.

Non-privileged users can execute the second form of the SYNOPSIS. This form specifies the file name pattern and core file content that the operating system uses to generate a per-process core file.

A core file name pattern is a normal file system path name with embedded variables, specified with a leading % character. The variables are expanded from values that are effective when a core file is generated by the operating system. The possible embedded variables are as follows:

%d

Executable file directory name, up to a maximum of MAXPATHLEN characters

%f

Executable file name, up to a maximum of MAXNAMELEN characters

%g

Effective group-ID

%l

The process clearance in internal format (atohexlabel "($plabel)")

%m

Machine name (uname –m)

%n

System node name (uname –n)

%p

Process-ID

%t

Decimal value of time(2)

%u

Effective user-ID

%z

Name of the zone in which process executed (zonename)

%%

Literal %

For example, the core file name pattern /var/cores/core.%f.%p would result, for command foo with process-ID 1234, in the core file name /var/cores/core.foo.1234.

A core file content description is specified using a series of tokens to identify parts of a process's binary image:

anon

Anonymous private mappings, including thread stacks that are not main thread stacks

ctf

CTF type information sections for loaded object files

data

Writable private file mappings

dism

DISM mappings

heap

Process heap

ism

ISM mappings

osm

OSM mappings

prune

Core dump pruning requests, as specified by memcntl (MC_CORE_PRUNE_IN) and memcntl (MC_CORE_PRUNE_OUT) requests

rodata

Read-only private file mappings

shanon

Anonymous shared mappings

shfile

Shared mappings that are backed by files

shm

System V shared memory

stack

Process stack

symtab

Symbol table sections for loaded object files

text

Readable and executable private file mappings

In addition, you can use the token all to indicate that core files should include all of these parts of the process's binary image. You can use the token none to indicate that no mappings are to be included. The default token indicates inclusion of the system default content (stack+heap+shm+ism+dism+osm+text+data+rodata+anon+shanon+ctf+symtab+prune). The /proc file system data structures are always present in core files regardless of the mapping content.

You can use + and - to concatenate tokens. For example, the core file content default-ism would produce a core file with the default set of mappings without any intimate shared memory mappings.

The coreadm command with no arguments reports the current system configuration, for example:

$ coreadm
    global core file pattern: /var/cores/core.%f.%p
kernel zone core file pattern: /var/cores/%z/kzcore.%t
    global core file content: all
      init core file pattern: core
      init core file content: default
           global core dumps: enabled
      kernel zone core dumps: enabled
      per-process core dumps: enabled
     global setid core dumps: enabled
per-process setid core dumps: disabled
    global core dump logging: disabled
            retention policy: summary
       diagnostic core dumps: enabled

The coreadm command with only a list of process-IDs reports each process's per-process core file name pattern, for example:


$ coreadm 278 5678
  278:   core.%f.%p default
  5678:  /home/george/cores/%f.%p.%t all-ism

Only the owner of a process or a user with the proc_owner privilege can interrogate a process in this manner.

When a process is dumping core, up to four core files can be produced: one in the per-process location, one in the system-wide global location, and, if the process was running in a local (non-global) zone, one in the global location for the zone in which that process was running. In addition, if the diagnostic option is enabled, a diagnostic core file is dumped in /var/diag/<process_uuid>. Each core file is generated according to the effective options for the corresponding location.

When generated, a global core file is created in mode 600 and owned by the superuser. Non privileged users cannot examine such files. If labeled core files are specified using the procedure in example 4, then such core files are maintained at the ADMIN_HIGH label.

Ordinary per-process core files are created in mode 600 under the credentials of the process. The owner of the process can examine such files.

A process can use memcntl to request that regions of its address space to be either included or excluded when a core dump is generated. The prune content token, mentioned above, controls whether those requests are honored for per-process core files and for global core files. For more information, see the memcntl(2) man page.

The diagnostic core files are dumped from processes that are terminated abnormally. This kind of core files are only used by coremond to collect useful data for further investigation.

A process that is or ever has been setuid or setgid since its last exec(2) presents security issues that relate to dumping core. Similarly, a process that initially had superuser privileges and lost those privileges through setuid(2) also presents security issues that are related to dumping core. A process of either type can contain sensitive information in its address space to which the current non privileged owner of the process should not have access. If setid core files are enabled, they are created mode 600 and owned by the superuser. If labeled core files are specified using the procedure in example 5, then such core files are maintained at the ADMIN_HIGH label.

Options

The following options are supported:

–d option...

Disable the specified core file option. See the –e option for descriptions of possible options.

–e option...

Enable the specified core file option. Specify option as one of the following:

global

Allow core dumps that use global core pattern.

global-setid

Allow set-id core dumps that use global core pattern.

kzone

Allow kernel zone core dumps that use the kernel zone core pattern.

log

Generate a syslog(3C) message when generation of a global core file is attempted.

process

Allow core dumps that use per-process core pattern.

diagnostic

Allow diagnostic core dumps with a default core content and pattern.

alert

Instruct whether FMA should generate an alert event after receiving diagnostic core data.

proc-setid

Allow set-id core dumps that use per-process core pattern.

–g pattern

Set the global core file name pattern to pattern. The pattern must start with a / and can contain any of the special % variables that are described in the DESCRIPTION.

Only users and roles belonging to the “Maintenance and Repair” RBAC profile can use this option.

–G content

Set the global core file content to content. You must specify content by using the tokens that are described in the DESCRIPTION.

Only users and roles belonging to the “Maintenance and Repair” RBAC profile can use this option.

–i pattern

Set the default per-process core file name to pattern. This changes the per-process pattern for any process whose per-process pattern is still set to the default. Processes that have had their per-process pattern set or are descended from a process that had its per-process pattern set (using the –p option) are unaffected. This default persists across reboot.

Only users and roles belonging to the “Maintenance and Repair” RBAC profile can use this option.

–I content

Set the default per-process core file content to content. This changes the per-process content for any process whose per-process content is still set to the default. Processes that have had their per-process content set or are descended from a process that had its per-process content set (using the –P option) are unaffected. This default persists across reboot.

Only users and roles belonging to the “Maintenance and Repair” RBAC profile can use this option.

–p pattern

Set the per-process core file name pattern to pattern for each of the specified process-IDs. The pattern can contain any of the special % variables described in the DESCRIPTION and need not begin with /. If the pattern does not begin with /, it is evaluated relative to the directory that is current when the process generates a core file.

A non privileged user can apply the –p option only to processes that are owned by that user. A user with the proc_owner privilege can apply the option to any process. The per-process core file name pattern is inherited by future child processes of the affected processes. See the fork(2) man page.

If no process-IDs are specified, the –p option sets the per-process core file name pattern to pattern on the parent process (usually the shell that ran coreadm).

–P content

Set the per-process core file content to content for each of the specified process-IDs. The content must be specified by using the tokens that are described in the DESCRIPTION.

A non privileged user can apply the –p option only to processes that are owned by that user. A user with the proc_owner privilege can apply the option to any process. The per-process core file name pattern is inherited by future child processes of the affected processes. See the fork(2) man page.

If no process-IDs are specified, the –P option sets the per-process file content to content on the parent process (usually the shell that ran coreadm).

–r policy

Set the diagnostic core retention policy. The following options can be specified:

summary

Default option. Diagnostic core files will be deleted once the summary json files are generated and reports are logged.

all

All diagnostic core files will be kept.

<n>

Specifies a number and at most n diagnostic core files will be kept for a certain binary.

<n>d

Specifies a number and diagnostic core files will be kept for n days.

–k pattern

Set the kernel zone core file name pattern to pattern. The pattern must start with a / and can contain any of the special % variables that are described in the DESCRIPTION section.

Only users and roles belonging to the Maintenance and Repair RBAC profile can use this option.


Note -  Multiple –e and –d options can be specified on the command line. Only users and roles belonging to the “Maintenance and Repair” RBAC profile can use this option.

Operands

The following operands are supported:

pid

process-ID

SMF Properties

The following properties in config_params property group are supported. Users can use coreadm commands to set or update these property or create SMF profiles with these properties to set or update the values.

global_enabled (boolean)

Allow core dumps that use global core pattern if the property is true.

global_content (string)

Set the global core file content to global_content property. You must specify content by using the tokens that are described in the DESCRIPTION section.

global_pattern (string)

Set the global core file name pattern to global_pattern property. The pattern should start with a / and can contain any of the special % variables that are described in the DESCRIPTION section.

global_setid_enabled (boolean)

Allow set-id core dumps that use global core pattern if the property is true.

global_log_enabled (boolean)

Generate a syslog message when the generation of a global core file is attempted if the property is true. For more information on syslog message, see the syslog(3C) man page.

process_enabled (boolean)

Allow core dumps that use per-process core pattern if the property is true.

process_setid_enabled (boolean)

Allow set-id core dumps that use per-process core pattern if the property is true.

init_content (string)

Set the default per-process core file content to init_content property. This changes the per-process content for any process whose per-process content is still set to the default.

init_pattern (string)

Set the default per-process core file name to init_pattern property. This changes the per-process pattern for any process whose per-process pattern is still set to the default.

kzone_enabled (boolean)

Allow kernel zone core dumps that use the kernel zone core pattern if the property is true.

kzone_pattern (string)

Set the kernel zone core file name pattern to kzone_pattern property. The pattern must start with a / and can contain any of the special % variables that are described in the DESCRIPTION section.

diagnostic_enabled (boolean)

Allow diagnostic core dumps with a default core content and pattern if the property is true.

retention_policy (string)

Set the diagnostic core retention policy to retention_policy property. The policy can be one of the following: summary, all, <n> and <n>d.

diag_alert_enabled (boolean)

FMA will generate an alert event after receiving diagnostic core data if the property is true.

Examples

Example 1 Setting the Core File Name Pattern

When executed from a user's $HOME/.profile or $HOME/.login, the following command sets the core file name pattern for all processes that are run during the login session:


example$  coreadm -p core.%f.%p

Note that since the process-ID is omitted, the per-process core file name pattern will be set in the shell that is currently running and is inherited by all child processes.

Example 2 Dumping a User's Files Into a Subdirectory

The following command dumps all of a user's core dumps into the corefiles subdirectory of the home directory, discriminated by the system node name. This command is useful for users who use many different machines but have a shared home directory.


example$  coreadm -p $HOME/corefiles/%n.%f.%p 1234

Example 3 Culling the Global Core File Repository

The following commands set up the system to produce core files in the global repository only if the executables were run from /usr/bin or /usr/sbin.


example# mkdir -p /var/cores/usr/bin
example# mkdir -p /var/cores/usr/sbin
example# coreadm -G all -g /var/cores/%d/%f.%p.%n

Example 4 Labeling Global Core Files

The following commands set up the system to produce labeled core files. Access to global core files is restricted to root. To provide additional protection, these files can be labeled with the ADMIN_HIGH label. A multilevel directory which is created and labeled ADMIN_HIGH is specified in the pattern.

example# zfs create -o multilevel=on rpool/VARSHARE/cores2
example# setlabel ADMIN_HIGH /var/share/cores2
example# coreadm -g /var/share/cores2/%f.%p
Example 5 Enabling Kernel Zone Core Dumps in per Zone Directories

The following commands set up the system to produce per kernel zone core image files in separate directories for each kernel zone. Access to kernel zone core files is restricted to root.

example# mkdir /var/cores/zonename1
example# mkdir /var/cores/zonename2
example#     .
example#     .
example#     .
example# mkdir /var/cores/zonenameN
example# coreadm -k /var/cores/%z/%f.%t -e kzone
Example 6 Maintaining Per-Process Labeled Core Files

The following commands set up a user's session to produce core files that are labeled with the clearance of the process being dumped. It assumes that the user's home directory is a multilevel filesystem. Individual subdirectories are created for each of the clearances that are available to the user.

example$ mkdir $HOME/cores
example$ for l in $(labelcfg list|tr \" -|tr ' ' -); do
> lbl=$(atohexlabel "$echo $l|tr - ' ')")
> mkdir $HOME/cores/$lbl
> setlabel $lbl $HOME/cores/$lbl
> done
example$ mkdir $HOME/cores/ADMIN_LOW
example$ coreadm -p $HOME/cores/%l/%f.%p

If the user is cleared for ADMIN_HIGH, then the following additional steps are appropriate:

example$ mkdir $HOME/cores/ADMIN_HIGH
example$ setlabel ADMIN_HIGH $HOME/cores/ADMIN_HIGH
Example 7 Setting the Diagnostic Core File Retention Policy

The following command sets up the system to keep the diagnostic core files for 30 days.

example# coreadm -r all
example# coreadm -r 30d

Files

/var/cores

Directory provided for global core file storage.

/var/diag

Directory provided for diagnostic core file storage.

Exit Status

The following exit values are returned:

0

Successful completion.

1

A fatal error occurred while either obtaining or modifying the system core file configuration.

2

Invalid command-line options were specified.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os

See Also

gcore(1), pfexec(1), svcs(1), exec(2), fork(2), setuid(2), time(2), memcntl(2), syslog(3C), core(5), prof_attr(5), user_attr(5), attributes(7), smf(7), init(8), svcadm(8)

Notes

In a local (non-global) zone, the global settings apply to processes running in that zone. In addition, the global zone's apply to processes run in any zone.

Kernel zone core dumps capture the entire machine image of the running kernel zone, the same dump that running zoneadm savecore would capture. Kernel zone core dumps may only be enabled if a kernel zone core pattern has been set. In kernel zone core pattern specifications, the executed directory name (%d) and process label (%l) specifiers are meaningless and are ignored. Also the executed file name (%f) will produce the string kzcore.

The term global settings refers to settings which are applied to the system or zone as a whole, and does not necessarily imply that the settings are to take effect in the global zone.

The coreadm service is managed by the service management facility, smf(7), under the service identifier:

svc:/system/coreadm:default

Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(8). The service's status can be queried using the svcs(1) command.

The –g, –G, –i, –I, –k, –e, and –d options can be also used by a user, role, or profile that has been granted both the solaris.smf.manage.coreadm and solaris.smf.value.coreadm authorizations.