svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
coreadm(8)
System Administration Commands coreadm(8)
NAME
coreadm - core file administration
SYNOPSIS
coreadm [-g pattern] [-G content] [-i pattern] [-I content]
[-k pattern] [-d option]... [-e option]...
coreadm [-p pattern] [-P content] [-r policy] [pid]...
DESCRIPTION
coreadm specifies the name and location of core files produced by
abnormally-terminating processes. See the core(5) man page.
Only users and roles that belong to the Maintenance and Repair RBAC
profile can execute the first form of the SYNOPSIS. This form config‐
ures system-wide core file options, including a global core file name
pattern, kernel zone core file name pattern and a core file name pat‐
tern for the init(8) process. All settings are saved persistently and
will be applied at boot.
Non-privileged users can execute the second form of the SYNOPSIS. This
form specifies the file name pattern and core file content that the
operating system uses to generate a per-process core file.
A core file name pattern is a normal file system path name with embed‐
ded variables, specified with a leading % character. The variables are
expanded from values that are effective when a core file is generated
by the operating system. The possible embedded variables are as fol‐
lows:
%d
Executable file directory name, up to a maximum of MAXPATHLEN char‐
acters
%f
Executable file name, up to a maximum of MAXNAMELEN characters
%g
Effective group-ID
%l
The process clearance in internal format (atohexlabel "($plabel)")
%m
Machine name (uname -m)
%n
System node name (uname -n)
%p
Process-ID
%t
Decimal value of time(2)
%u
Effective user-ID
%z
Name of the zone in which process executed (zonename)
%%
Literal %
For example, the core file name pattern /var/cores/core.%f.%p would
result, for command foo with process-ID 1234, in the core file name
/var/cores/core.foo.1234.
A core file content description is specified using a series of tokens
to identify parts of a process's binary image:
anon
Anonymous private mappings, including thread stacks that are not
main thread stacks
ctf
CTF type information sections for loaded object files
data
Writable private file mappings
dism
DISM mappings
heap
Process heap
ism
ISM mappings
osm
OSM mappings
prune
Core dump pruning requests, as specified by memcntl
(MC_CORE_PRUNE_IN) and memcntl (MC_CORE_PRUNE_OUT) requests
rodata
Read-only private file mappings
shanon
Anonymous shared mappings
shfile
Shared mappings that are backed by files
shm
System V shared memory
stack
Process stack
symtab
Symbol table sections for loaded object files
text
Readable and executable private file mappings
In addition, you can use the token all to indicate that core files
should include all of these parts of the process's binary image. You
can use the token none to indicate that no mappings are to be included.
The default token indicates inclusion of the system default content
(stack+heap+shm+ism+dism+osm+text+data+rodata+anon+shanon+ctf+symtab+prune).
The /proc file system data structures are always present in core files
regardless of the mapping content.
You can use + and - to concatenate tokens. For example, the core file
content default-ism would produce a core file with the default set of
mappings without any intimate shared memory mappings.
The coreadm command with no arguments reports the current system con‐
figuration, for example:
$ coreadm
global core file pattern: /var/cores/core.%f.%p
kernel zone core file pattern: /var/cores/%z/kzcore.%t
global core file content: all
init core file pattern: core
init core file content: default
global core dumps: enabled
kernel zone core dumps: enabled
per-process core dumps: enabled
global setid core dumps: enabled
per-process setid core dumps: disabled
global core dump logging: disabled
retention policy: summary
diagnostic core dumps: enabled
The coreadm command with only a list of process-IDs reports each
process's per-process core file name pattern, for example:
$ coreadm 278 5678
278: core.%f.%p default
5678: /home/george/cores/%f.%p.%t all-ism
Only the owner of a process or a user with the proc_owner privilege can
interrogate a process in this manner.
When a process is dumping core, up to four core files can be produced:
one in the per-process location, one in the system-wide global loca‐
tion, and, if the process was running in a local (non-global) zone, one
in the global location for the zone in which that process was running.
In addition, if the diagnostic option is enabled, a diagnostic core
file is dumped in /var/diag/<process_uuid>. Each core file is generated
according to the effective options for the corresponding location.
When generated, a global core file is created in mode 600 and owned by
the superuser. Non privileged users cannot examine such files. If
labeled core files are specified using the procedure in example 4, then
such core files are maintained at the ADMIN_HIGH label.
Ordinary per-process core files are created in mode 600 under the cre‐
dentials of the process. The owner of the process can examine such
files.
A process can use memcntl to request that regions of its address space
to be either included or excluded when a core dump is generated. The
prune content token, mentioned above, controls whether those requests
are honored for per-process core files and for global core files. For
more information, see the memcntl(2) man page.
The diagnostic core files are dumped from processes that are terminated
abnormally. This kind of core files are only used by coremond to col‐
lect useful data for further investigation.
A process that is or ever has been setuid or setgid since its last
exec(2) presents security issues that relate to dumping core. Simi‐
larly, a process that initially had superuser privileges and lost those
privileges through setuid(2) also presents security issues that are
related to dumping core. A process of either type can contain sensitive
information in its address space to which the current non privileged
owner of the process should not have access. If setid core files are
enabled, they are created mode 600 and owned by the superuser. If
labeled core files are specified using the procedure in example 5, then
such core files are maintained at the ADMIN_HIGH label.
OPTIONS
The following options are supported:
-d option...
Disable the specified core file option. See the -e option for
descriptions of possible options.
-e option...
Enable the specified core file option. Specify option as one of the
following:
global
Allow core dumps that use global core pattern.
global-setid
Allow set-id core dumps that use global core pattern.
kzone
Allow kernel zone core dumps that use the kernel zone core pat‐
tern.
log
Generate a syslog(3C) message when generation of a global core
file is attempted.
process
Allow core dumps that use per-process core pattern.
diagnostic
Allow diagnostic core dumps with a default core content and
pattern.
alert
Instruct whether FMA should generate an alert event after
receiving diagnostic core data.
proc-setid
Allow set-id core dumps that use per-process core pattern.
-g pattern
Set the global core file name pattern to pattern. The pattern rep‐
resents a file system location and should start with a /. It can
contain any of the special % variables that are described in the
DESCRIPTION.
If the pattern is default or a blank string (eg. -g ""), the global
core file pattern is returned to the system default.
The system default is /var/cores/core.%z.%f.%u.%p
Only users and roles belonging to the "Maintenance and Repair" RBAC
profile can use this option.
-G content
Set the global core file content to content. You must specify con‐
tent by using the tokens that are described in the DESCRIPTION.
Only users and roles belonging to the "Maintenance and Repair" RBAC
profile can use this option.
-i pattern
Set the default per-process core file name to pattern. This changes
the per-process pattern for any process whose per-process pattern
is still set to the default. Processes that have had their per-
process pattern set or are descended from a process that had its
per-process pattern set (using the -p option) are unaffected. This
default persists across reboot.
Only users and roles belonging to the "Maintenance and Repair" RBAC
profile can use this option.
-I content
Set the default per-process core file content to content. This
changes the per-process content for any process whose per-process
content is still set to the default. Processes that have had their
per-process content set or are descended from a process that had
its per-process content set (using the -P option) are unaffected.
This default persists across reboot.
Only users and roles belonging to the "Maintenance and Repair" RBAC
profile can use this option.
-p pattern
Set the per-process core file name pattern to pattern for each of
the specified process-IDs. The pattern can contain any of the spe‐
cial % variables described in the DESCRIPTION and need not begin
with /. If the pattern does not begin with /, it is evaluated rela‐
tive to the directory that is current when the process generates a
core file.
A non privileged user can apply the -p option only to processes
that are owned by that user. A user with the proc_owner privilege
can apply the option to any process. The per-process core file name
pattern is inherited by future child processes of the affected pro‐
cesses. See the fork(2) man page.
If no process-IDs are specified, the -p option sets the per-process
core file name pattern to pattern on the parent process (usually
the shell that ran coreadm).
-P content
Set the per-process core file content to content for each of the
specified process-IDs. The content must be specified by using the
tokens that are described in the DESCRIPTION.
A non privileged user can apply the -p option only to processes
that are owned by that user. A user with the proc_owner privilege
can apply the option to any process. The per-process core file name
pattern is inherited by future child processes of the affected pro‐
cesses. See the fork(2) man page.
If no process-IDs are specified, the -P option sets the per-process
file content to content on the parent process (usually the shell
that ran coreadm).
-r policy
Set the diagnostic core retention policy. The following options can
be specified:
summary Default option. Diagnostic core files will be deleted
once the summary json files are generated and reports
are logged.
all All diagnostic core files will be kept.
<n> Specifies a number and at most n diagnostic core files
will be kept for a certain binary.
<n>d Specifies a number and diagnostic core files will be
kept for n days.
-k pattern
Set the kernel zone core file name pattern to pattern. The pattern
represents a files system location and should start with a /. It
can contain any of the special % variables that are described in
the DESCRIPTION section.
If the pattern is default or a blank string (eg. -k ""), the kernel
zone core file pattern is returned to the system default.
The system default is /var/cores/%z/kzcore.%t
Only users and roles belonging to the Maintenance and Repair RBAC
profile can use this option.
Note -
Multiple -e and -d options can be specified on the command line. Only
users and roles belonging to the "Maintenance and Repair" RBAC pro‐
file can use this option.
OPERANDS
The following operands are supported:
pid
process-ID
SMF PROPERTIES
The following properties in config_params property group are supported.
Users can use coreadm commands to set or update these property or cre‐
ate SMF profiles with these properties to set or update the values.
global_enabled (boolean)
Allow core dumps that use global core pattern if the property is
true.
global_content (string)
Set the global core file content to global_content property. You
must specify content by using the tokens that are described in the
DESCRIPTION section.
global_pattern (string)
Set the global core file name pattern to global_pattern property.
The pattern should start with a / and can contain any of the spe‐
cial % variables that are described in the DESCRIPTION section.
global_setid_enabled (boolean)
Allow set-id core dumps that use global core pattern if the prop‐
erty is true.
global_log_enabled (boolean)
Generate a syslog message when the generation of a global core file
is attempted if the property is true. For more information on sys‐
log message, see the syslog(3C) man page.
process_enabled (boolean)
Allow core dumps that use per-process core pattern if the property
is true.
process_setid_enabled (boolean)
Allow set-id core dumps that use per-process core pattern if the
property is true.
init_content (string)
Set the default per-process core file content to init_content prop‐
erty. This changes the per-process content for any process whose
per-process content is still set to the default.
init_pattern (string)
Set the default per-process core file name to init_pattern prop‐
erty. This changes the per-process pattern for any process whose
per-process pattern is still set to the default.
kzone_enabled (boolean)
Allow kernel zone core dumps that use the kernel zone core pattern
if the property is true.
kzone_pattern (string)
Set the kernel zone core file name pattern to kzone_pattern prop‐
erty. The pattern must start with a / and can contain any of the
special % variables that are described in the DESCRIPTION section.
diagnostic_enabled (boolean)
Allow diagnostic core dumps with a default core content and pattern
if the property is true.
retention_policy (string)
Set the diagnostic core retention policy to retention_policy prop‐
erty. The policy can be one of the following: summary, all, <n> and
<n>d.
diag_alert_enabled (boolean)
FMA will generate an alert event after receiving diagnostic core
data if the property is true.
EXAMPLES
Example 1 Setting the Core File Name Pattern
When executed from a user's $HOME/.profile or $HOME/.login, the follow‐
ing command sets the core file name pattern for all processes that are
run during the login session:
example$ coreadm -p core.%f.%p
Note that since the process-ID is omitted, the per-process core file
name pattern will be set in the shell that is currently running and is
inherited by all child processes.
Example 2 Dumping a User's Files Into a Subdirectory
The following command dumps all of a user's core dumps into the core‐
files subdirectory of the home directory, discriminated by the system
node name. This command is useful for users who use many different
machines but have a shared home directory.
example$ coreadm -p $HOME/corefiles/%n.%f.%p 1234
Example 3 Culling the Global Core File Repository
The following commands set up the system to produce core files in the
global repository only if the executables were run from /usr/bin or
/usr/sbin.
example# mkdir -p /var/cores/usr/bin
example# mkdir -p /var/cores/usr/sbin
example# coreadm -G all -g /var/cores/%d/%f.%p.%n
Example 4 Labeling Global Core Files
The following commands set up the system to produce labeled core files.
Access to global core files is restricted to root. To provide addi‐
tional protection, these files can be labeled with the ADMIN_HIGH
label. A multilevel directory which is created and labeled ADMIN_HIGH
is specified in the pattern.
example# zfs create -o multilevel=on rpool/VARSHARE/cores2
example# setlabel ADMIN_HIGH /var/share/cores2
example# coreadm -g /var/share/cores2/%f.%p
Example 5 Enabling Kernel Zone Core Dumps in per Zone Directories
The following commands set up the system to produce per kernel zone
core image files in separate directories for each kernel zone. Access
to kernel zone core files is restricted to root.
example# mkdir /var/cores/zonename1
example# mkdir /var/cores/zonename2
example# .
example# .
example# .
example# mkdir /var/cores/zonenameN
example# coreadm -k /var/cores/%z/%f.%t -e kzone
Example 6 Maintaining Per-Process Labeled Core Files
The following commands set up a user's session to produce core files
that are labeled with the clearance of the process being dumped. It
assumes that the user's home directory is a multilevel filesystem.
Individual subdirectories are created for each of the clearances that
are available to the user.
example$ mkdir $HOME/cores
example$ for l in $(labelcfg list|tr \" -|tr ' ' -); do
> lbl=$(atohexlabel "$echo $l|tr - ' ')")
> mkdir $HOME/cores/$lbl
> setlabel $lbl $HOME/cores/$lbl
> done
example$ mkdir $HOME/cores/ADMIN_LOW
example$ coreadm -p $HOME/cores/%l/%f.%p
If the user is cleared for ADMIN_HIGH, then the following additional
steps are appropriate:
example$ mkdir $HOME/cores/ADMIN_HIGH
example$ setlabel ADMIN_HIGH $HOME/cores/ADMIN_HIGH
Example 7 Setting the Diagnostic Core File Retention Policy
The following command sets up the system to keep the diagnostic core
files for 30 days.
example# coreadm -r all
example# coreadm -r 30d
FILES
/var/cores
Directory provided for global core file storage.
/var/diag
Directory provided for diagnostic core file storage.
EXIT STATUS
The following exit values are returned:
0
Successful completion.
1
A fatal error occurred while either obtaining or modifying the sys‐
tem core file configuration.
2
Invalid command-line options were specified.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os
SEE ALSO
gcore(1), pfexec(1), svcs(1), exec(2), fork(2), setuid(2), time(2),
memcntl(2), syslog(3C), core(5), prof_attr(5), user_attr(5),
attributes(7), smf(7), init(8), svcadm(8)
NOTES
In a local (non-global) zone, the global settings apply to processes
running in that zone. In addition, the global zone's apply to processes
run in any zone.
Kernel zone core dumps capture the entire machine image of the running
kernel zone, the same dump that running zoneadm savecore would capture.
Kernel zone core dumps may only be enabled if a kernel zone core pat‐
tern has been set. In kernel zone core pattern specifications, the exe‐
cuted directory name (%d) and process label (%l) specifiers are mean‐
ingless and are ignored. Also the executed file name (%f) will produce
the string kzcore.
The term global settings refers to settings which are applied to the
system or zone as a whole, and does not necessarily imply that the set‐
tings are to take effect in the global zone.
The coreadm service is managed by the service management facility,
smf(7), under the service identifier:
svc:/system/coreadm:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(8). The service's
status can be queried using the svcs(1) command.
The -g, -G, -i, -I, -k, -e, and -d options can be also used by a user,
role, or profile that has been granted both the solaris.smf.man‐
age.coreadm and solaris.smf.value.coreadm authorizations.
Oracle Solaris 11.4 02 Feb 2017 coreadm(8)