Score:0

Ubuntu

`kernel.core_pattern` is not effective on my Ubuntu 18.04 VM after rebooting

yaobin

10/24/22, 11:27 PM

Test Environment

I'm using the ubuntu/bionic64 Vagrant box as my test environment.

Pre-conditions

After creating the VM, I only installed ansible 2.9.23 by following the instructions in the official document.

I also installed the ansible.posix collection (ansible-galaxy collection install ansible.posix) because I'll want to use the module ansible.posix.sysctl.

Verify the current core pattern was not what I wanted:

vagrant@ubuntu-bionic:~$ sysctl kernel.core_pattern
kernel.core_pattern = |/usr/share/apport/apport %p %s %c %d %P %E

Also, /etc/sysctl.conf didn't have the core pattern:

vagrant@ubuntu-bionic:~$ grep "core_pattern" /etc/sysctl.conf
vagrant@ubuntu-bionic:~$

My Intention

I want to change the core pattern to /var/tmp/core.%h.%e.%t.

What I Did

I ran the following ansible command:

ansible -bKvvv -m "sysctl" -a "name=kernel.core_pattern state=present value='/var/tmp/core.%h.%e.%t' reload=yes" localhost

and it succeeded with the output:

localhost | CHANGED => {
    "changed": true, 
    "invocation": {
        "module_args": {
            "ignoreerrors": false, 
            "name": "kernel.core_pattern", 
            "reload": true, 
            "state": "present", 
            "sysctl_file": "/etc/sysctl.conf", 
            "sysctl_set": false, 
            "value": "/var/tmp/core.%h.%e.%t"
        }
    }
}

I also checked the current configuration:

vagrant@ubuntu-bionic:/etc$ sysctl kernel.core_pattern
kernel.core_pattern = /var/tmp/core.%h.%e.%t

I also confirmed that the core_pattern was written into /etc/sysctl.conf:

vagrant@ubuntu-bionic:~$ grep "core_pattern" /etc/sysctl.conf 
kernel.core_pattern=/var/tmp/core.%h.%e.%t

Then I rebooted my VM. After rebooting, the currently effective core_pattern got rolled back:

vagrant@ubuntu-bionic:~$ sysctl kernel.core_pattern
kernel.core_pattern = |/usr/share/apport/apport %p %s %c %d %P %E

My Thoughts and What I Have Tried

This question doesn't seem to be applicable for me because, firstly, it was asked about 10 years ago and, secondly, Ubuntu Server 18.04 does not seem to use upstart anymore.

I thought some other .conf files may be read later than /etc/sysctl.conf so the settings were overridden somewhere. But sysctl(8) man page lists the order of the .conf files to be read and it looks like /etc/sysctl.conf should be the last one that overrides everything else.

sysctl.conf(5) man page provides the list of the same order as sysctl(8).

I didn't find anything in sysctl.d(5), either. In fact, its section "CONFIGURATION DIRECTORIES AND PRECEDENCE" confirms my understanding:

Files in /etc/ override files with the same name in /run/ and /lib/. Files in /run/ override files with the same name in /lib/.

I found kernel.core_pattern would be set as expected once I ran sudo sysctl --system manually. That may mean that by default these system settings are not read.

301

1 + 0

configuration

kernel

18.04

systemd-coredump

Score:0

Ubuntu

yaobin

10/25/22, 10:24 PM

After further investigation, I found kernel.core_pattern was overwritten by the package apport at system booting.

I should have thought of checking apport when I saw the string "/usr/share/apport/apport". I wasn't sure if apport was actually the one that overwrites kernel.core_pattern, so I decided to take a look at its source code.

By running apt-cache policy apport, I found the version I was using was 2.20.9-0ubuntu7.24:

vagrant@ubuntu-bionic:~$ apt-cache policy apport
apport:
  Installed: 2.20.9-0ubuntu7.24
  Candidate: 2.20.9-0ubuntu7.24
  Version table:
 *** 2.20.9-0ubuntu7.24 500
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.20.9-0ubuntu7 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
vagrant@ubuntu-bionic:~$

Then on apport's LaunchPad page, I found its download link: apport_2.20.9-0ubuntu7.tar.gz.

Searching in the source code, I found the file debian/apport.init has the following content:

do_start()
{
    ...
    ...
    echo "|$AGENT %p %s %c %d %P" > /proc/sys/kernel/core_pattern
    echo 2 > /proc/sys/fs/suid_dumpable
}

So I ran dpkg -L apport on my VM to see if there was this file:

vagrant@ubuntu-bionic:~$ dpkg -L apport | grep init
/etc/init.d
/etc/init.d/apport

There wasn't any file with the exactly matching file name, but I decided to take a look at /etc/init.d/apport and found this was the file I was looking for:

do_start()
{
        ...
        ...
        echo "|$AGENT %p %s %c %d %P %E" > /proc/sys/kernel/core_pattern
        echo 2 > /proc/sys/fs/suid_dumpable
}

I knew that /etc/sysctl.conf is read by the service systemd-sysctl, so the next thing I wanted to determine was whether systemd-sysctl was started before apport.

I searched if there was any apport-related service and found one:

vagrant@ubuntu-bionic:~$ systemctl list-units | grep apport
apport.service                                                                      loaded active exited    LSB: automatic crash report generation

I then checked their inter-dependency and found apport.service is started after systemd-sysctl.service:

vagrant@ubuntu-bionic:~$ systemctl list-dependencies apport.service
apport.service
● ├─system.slice
● └─sysinit.target
...
●   ├─systemd-sysctl.service
...
...
vagrant@ubuntu-bionic:~$

That means systemd-sysctl.service correctly reads my setting of kernel.core_pattern in /etc/sysctl.conf but the setting is then immediately overwritten by apport.service.

To verify this, I added two lines in /etc/init.d/apport:

do_start()
{
        ...
        ...
        # NOTE(ywen): Write the current value to a file.
        sysctl kernel.core_pattern > /home/vagrant/sysctl.kernel.core_pattern.txt

        echo "|$AGENT %p %s %c %d %P %E" > /proc/sys/kernel/core_pattern
        echo 2 > /proc/sys/fs/suid_dumpable

        # NOTE(ywen): Append the current value to the file.
        sysctl kernel.core_pattern >> /home/vagrant/sysctl.kernel.core_pattern.txt
}

Then I rebooted the VM. When the VM was up again, I found the file /home/vagrant/sysctl.kernel.core_pattern.txt had the following content:

vagrant@ubuntu-bionic:~$ cat sysctl.kernel.core_pattern.txt 
kernel.core_pattern = /var/tmp/core.%h.%e.%t
kernel.core_pattern = |/usr/share/apport/apport %p %s %c %d %P %E
vagrant@ubuntu-bionic:~$

So, indeed, my setting was correctly read but then overwritten by apport.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: `kernel.core_pattern` is not effective on my Ubuntu 18.04 VM after rebooting

TH: `kernel.core_pattern` ไม่มีผลกับ Ubuntu 18.04 VM หลังจากรีบูตเครื่อง

RO: `kernel.core_pattern` nu este eficient pe VM-ul meu Ubuntu 18.04 după repornire

RU: `kernel.core_pattern` не действует на моей виртуальной машине Ubuntu 18.04 после перезагрузки

VI: `kernel.core_potype` không hiệu quả trên máy ảo Ubuntu 18.04 của tôi sau khi khởi động lại

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.