[Bug 1732518] Re: Please re-enable container support in apport

Stéphane Graber stgraber at stgraber.org
Wed Nov 15 22:21:00 UTC 2017 

This debdiff re-introduces the forwarding code, it also cleans a number
of things up:

 - It fixes a regression of apport on systems using upstart
 - It replaces the is_container logic with a is_same_ns function that lets us check things more carefully.
 - If the pidns differs but mntns doesn't, apport will process the crash locally, using the global pid.
 - If the mntns differs but pidns doesn't, then the crash is just plain ignored
 - If pidns and mntns differ and an apport receiver socket can be found, the crash is forwarded. If none can be found, the crash is ignored.
 - All arguments except the first and last are now sent to the receiver.
 - The receiver has a check for the number of received arguments, ignoring any crash that doesn't match its view of the world.
 - The ucred is used for pid passing, translating the pid across pidns.

I've done the following tests:
 - Standard crash on host => crash in /var/crash of host
 - Crash on host in a different pidns => crash in /var/crash of host
 - Crash on host in a different mtnns => no crash file
 - Crash on host in a different pidns and mntns => no crash file (no receiver found)
 - Crash in container with receiver setup => crash in /var/crash of container

** Patch added: "debdiff for xenial"
   https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518/+attachment/5009693/+files/xenial.diff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1732518

Title:
  Please re-enable container support in apport

Status in apport package in Ubuntu:
  Triaged
Status in apport source package in Xenial:
  Triaged
Status in apport source package in Zesty:
  Triaged
Status in apport source package in Artful:
  Triaged
Status in apport source package in Bionic:
  Triaged

Bug description:
  The latest security update for apport disabled container crash
  forwarding, this is a feature which users do rely on in production and
  while it may have been appropriate to turn it off to put a security
  update out, this needs to be re-enabled ASAP.

  I provided a patch which fixed the security issue before the security
  issue was publicly disclosed so pushing an SRU to all Ubuntu releases
  re-enabling this code should be pretty trivial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518/+subscriptions

More information about the foundations-bugs mailing list