How to completely disable coredump?

yushi · May 1, 2026, 3:58am

I have set systemd.coredump.enable = false but as I saw from the description from the option:

If disabled, core dumps appear in the current directory of the crashing process.

Does that mean coredump would still be generated?

I have also looked at the source code and found that if systemd coredump is not enabled, it would just write kernel.core_pattern=core to sysctl conf. But as I read from other guides, they often recommend setting kernel.core_pattern=|/bin/false and /bin/false is not avaliable on nixos.

So how do I completely disable coredump or is systemd.coredump.enable = false enough?

dramforever · May 1, 2026, 4:37am

This should work just fine on NixOS. The point of setting it to /bin/false is for it to fail, which it does on NixOS on account of it not existing.

phaeseeKe5Ee · May 1, 2026, 6:18am

I just discovered something like this stayed in my config long time ago:

boot.kernel.sysctl = lib.mkIf (!config.systemd.coredump.enable) {
  "kernel.core_pattern" = lib.mkForce " | ${pkgs.coreutils-full}/bin/false";
};

TLATER · May 1, 2026, 8:13am

You can use lib.getExe' pkgs.coreutils-full "false", by the way. Not usually necessary, but it’s nice for packages that use (or switch to) split outputs.

phaeseeKe5Ee · May 1, 2026, 6:30pm

wow cool! didn’t know we can even write it like this. This is much cleaner.

rnhmjoj · May 1, 2026, 7:14pm

I use "kernel.core_pattern" = lib.mkForce "/dev/null" and it works just as well.

leoperegrino · May 1, 2026, 7:31pm

Out of curiosity: why would someone disable this? What’s the use case or performance gain?

waffle8946 · May 1, 2026, 7:35pm

Core dump - ArchWiki explains:

Users may wish to disable automatic core dumps for a number of reasons:

Performance: generating core dumps for memory-heavy processes can waste system resources and delay the cleanup of memory.

Disk space: core dumps of memory-heavy processes may consume disk space equal to, if not greater, than the process’s memory footprint if not compressed.

Security: core dumps, although typically readable only by root, may contain sensitive data (such as passwords or cryptographic keys), which are written to disk following a crash.

rnhmjoj · May 1, 2026, 7:41pm

I think they’re pretty much useless on NixOS: virtually no package contains debug symbols by default, so the coredumps are unreadable but still waste a ton of disk space.

(I’m not sure why they’re even enabled by default)

dramforever · May 2, 2026, 3:48am

Hmm, maybe my experiences are limited, but I certainly have not found coredumps on NixOS “pretty much useless”. Or maybe it’s just my luck and/or areas of interest?

We could tweak the coredump.conf and tmpfiles defaults to make them default to using less space (ExternalSizeMax, MaxUse, expiry date, etc), but I don’t have concrete recommendations.

These are crashes that I’ve ran into / helped with where the core dumps have indeed been pretty helpful, with nixseparatedebuginfod2 or not.

mesa#13564 Making sure you're not a bot! Note that I didn’t grab the debuginfo on this one because I didn’t want to wait for the download atm, but NixOS does have separate debug symbols for Qt and KDE stuff.
mesa#14309 Making sure you're not a bot!
nixpkgs#420513 bindfs: incompatibility with fuse3 results in many different packages crash with SIGBUS · Issue #420513 · NixOS/nixpkgs · GitHub
nix#15335 Don't throw Interrupted from JSONLogger::write by dramforever · Pull Request #15335 · NixOS/nix · GitHub This is an interesting case. Nix now has a crash handler that generates a stack trace, but I only knew it reproduces in nix-output-monitor, where the stderr was eaten. The coredump has the correct stack trace alright.