How to Manually Obtaining Core Dump from smcd Daemon
search cancel

How to Manually Obtaining Core Dump from smcd Daemon


Article ID: 175669


Updated On:


Endpoint Protection


How to capture a core dump for debugging of a daemon or a process started from a daemon


Red Hat Enterprise Linux 7
Symantec Endpoint Protection 12.1/14


1. Set the daemon core ulimit

In daemon startup script i.e. /etc/init.d/smcd add the following line before [# Source function library] .

ulimit -c unlimited

[[email protected] ~]# cat /etc/init.d/smcd
# chkconfig: 235 98 40
# description: Symantec AntiVirus Scanner
# Provides:      smcd
# Required-Start: symcfgd
# Required-Stop: symcfgd
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Symantec endpoint for Linux client daemon
ulimit -c unlimited
# Source function library
if [ -f /etc/rc.d/init.d/functions ]; then
  . /etc/rc.d/init.d/functions
2. Enable core-dumps
Edit  /etc/profile configuration file and look for ulimit –c command and replace with
ulimit -c unlimited > /dev/null 2>&1

In case ulimit is not present in /etc/profile then look for this pattern in /etc/init.d/functions and replace with
corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0} > /dev/null 2&1"

3. Set suid dumpable control file
# echo 1 > /proc/sys/fs/suid_dumpable

4. Set a location for the core
Edit the core dump location in /etc/sysctl.conf file. For example:

This tells the kernel where to place the generated core file. Note: If you are running SELinux in enforcing mode, you may need to check that SELinux labels permit the process to generate a core file in the location you specify.

Add the following 2 lines if they are not present in sysctl.conf file.
fs.suid_dumpable = 1
kernel.core_uses_pid = 1

5. Reload the settings in /etc/sysctl.conf
# sysctl –p

6. Making the changes permanent
Reboot the system.
# init 6

7. Assigning system-wide resource use
# ulimit -c unlimited

8. Determine the Process ID (PID) of the daemon smcd
# pidof smcd

9. Disable ABRT
# service abrt-ccpp stop

The Automatic Bug Reporting Tool, abrt, can automatically capture and partially analyze cores in some cases. Here, however we want to disable it so it doesn't interfere with the manual core capture.

10. Trigger the bug
If the steps to make the problem appear are known, run them now. Otherwise, you'll just need to wait for the bug to occur.

11. Generate the core
If the bug causes the process to get a Segmentation Fault, or to terminate because of another signal, a core file will be generated automatically. If the process freezes, or enters another buggy state without terminating, you will need to manually force a core to be created by running:

# kill -ABRT smcd_PID

Note: If the dumps are not generated in the location specified, verify the directory location has full permission.