What is RLIMIT_CORE?
RLIMIT_CORE controls how large a core dump file may be when a process is terminated by certain signals (like SIGSEGV, SIGABRT, SIGFPE). Core dumps contain a snapshot of the process’s memory and registers at the moment of the crash — invaluable for post-mortem debugging with gdb.
Quick Reference
Detailed Behaviour
When a process is killed by a signal that generates a core dump, the kernel writes the dump to a file named core (or core.PID depending on /proc/sys/kernel/core_pattern). RLIMIT_CORE limits the maximum size of this file.
- If RLIMIT_CORE is 0: no core dump file is created at all.
- If the dump would exceed the soft limit, the dump file is truncated at that size and the kernel stops writing.
- If RLIMIT_FSIZE (the file size limit) is smaller than RLIMIT_CORE, the core dump is limited to RLIMIT_FSIZE bytes instead.
Why disable core dumps (set to 0)?
- Core files can be enormous (gigabytes for large processes) and fill up disk space.
- End users generally do not know what to do with core files.
- Security: a core dump contains the process’s entire memory, which could include passwords, encryption keys, or sensitive user data. Disabling core dumps prevents this data from being written to disk.
Code Example
#include
#include <sys/resource.h>
#include
#include
int main(void)
{
struct rlimit rl;
/* Disable core dumps for security */
rl.rlim_cur = 0;
rl.rlim_max = 0;
if (setrlimit(RLIMIT_CORE, &rl) == -1) {
perror("setrlimit"); exit(1);
}
printf("Core dumps disabled\n");
/* Re-enable core dumps up to 10 MB */
rl.rlim_cur = 10 * 1024 * 1024; /* 10 MB soft */
rl.rlim_max = RLIM_INFINITY; /* hard: unlimited (root only) */
/* Note: raising hard limit requires root. For demo, set both to 10 MB */
rl.rlim_max = 10 * 1024 * 1024;
if (setrlimit(RLIMIT_CORE, &rl) == -1) {
perror("setrlimit"); exit(1);
}
printf("Core dumps enabled, max 10 MB\n");
/* Check current value */
getrlimit(RLIMIT_CORE, &rl);
printf("Core limit: soft=%lld hard=%lld\n",
(long long)rl.rlim_cur, (long long)rl.rlim_max);
/* Cause a crash to generate a core dump */
/* raise(SIGSEGV); -- uncomment to test */
return 0;
}
/* Shell equivalent: ulimit -c 0 (disable)
ulimit -c 10240 (10 MB, in KB) */Interview Questions
It completely disables core dump file creation. When the process is killed by a signal that would normally generate a core dump (SIGSEGV, SIGABRT, etc.), no file is written. This is commonly done for security (to prevent sensitive memory contents from being written to disk) and to avoid large files.
The kernel stops writing the core dump file when it reaches the soft RLIMIT_CORE size. The file is truncated at that point. The truncated file may still be partially useful for debugging, but it might be missing sections of the program’s memory.
If RLIMIT_FSIZE (the general file size limit) is set lower than RLIMIT_CORE, the core dump is limited to RLIMIT_FSIZE bytes. RLIMIT_FSIZE acts as an absolute ceiling on any file written by the process, including core dumps.
The naming pattern is controlled by the file /proc/sys/kernel/core_pattern. By default it is just ‘core’, creating a file called ‘core’ in the current directory. You can change it to include the PID (%p), program name (%e), time (%t), etc. For example: echo ‘core.%e.%p’ > /proc/sys/kernel/core_pattern