Details
-
Feature Request
-
Resolution: Unresolved
-
Normal
-
None
-
4.13
-
False
-
None
-
False
-
Not Selected
-
0
-
0%
Description
1. Proposed title of this feature request
coredump creation should be denied by default on OpenShift Container Platform 4
2. What is the nature and description of the request?
By default, Red Hat Enterprise Linux does prevent application coredump files from being created. In OpenShift Container Platform 4 though they are being possible to be created from application running inside a pod. Given that unexpected respectively even malicious application can fill up the OpenShift Container Platform 4 - Node file-system by creating infinite number of coredump files, it's being requested to disable coredump creation from application running in pod by default. That way, the OpenShift Container Platform 4 environment is protected by default and won't hit problems when application a creting constantly coredump files.
In addition it either should be documented or functionality provided to enable creation of coredump files from application in pods so customers rely on the files can enable and capture them but are also aware about the implication this might have.
3. Why does the customer need this? (List the business requirements here)
Application running in pod and creating infinite number of coredump files can fill-up the OpenShift Container Platform 4 - Node file-system and thus trigger eviction of pods and hence impact stability and reliability of OpenShift Container Platform 4.
Given that most customers of OpenShift Container Platform 4 may not be aware about this behavior/effect, it's recommended to disable the coredump file creation by default and rather have functionality or documentation that does instruct customers that want to enable it so that it can be done but also are aware about the implication of this change.
4. List any affected packages or components.
Red Hat Enterprise Linux - CoreOS
OpenShift Container Platform 4 - Node