[Bug 1982487] Re: apport fails with PermissionError for dump mode 2 in containers

Wed Nov 23 16:03:16 UTC 2022

** Also affects: apport (Ubuntu Bionic)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1982487

Title:
  apport fails with PermissionError for dump mode 2 in containers

Status in Apport:
  Fix Released
Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Bionic:
  New
Status in apport source package in Focal:
  Fix Released
Status in apport source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  Apport will fail for processes with dump mode 2 inside of containers.

  [Test plan]

  Run following testcase script inside a LXC container:

  ```
  #!/bin/sh
  sudo rm -rf /var/crash/* /var/log/apport.log

  sudo -u mail sh -c "ping 127.0.0.1 > /dev/null" &
  sleep 0.3
  killall -11 ping

  sleep 0.3
  cat /var/log/apport.log
  ```

  apport.log for the affected version:

  ```
  ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: called for pid 6449, signal 11, core limit 0, dump mode 2
  ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: not creating core for pid with dump mode of 2
  ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: Unhandled exception:
  Traceback (most recent call last):
    File "/usr/lib/python3/dist-packages/apport/report.py", line 681, in add_proc_info
      self["ExecutablePath"] = _read_proc_link(
    File "/usr/lib/python3/dist-packages/apport/report.py", line 92, in _read_proc_link
      return os.readlink(path, dir_fd=dir_fd)
  PermissionError: [Errno 13] Permission denied: 'exe'

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File "/usr/share/apport/apport", line 862, in <module>
      info.add_proc_info(proc_pid_fd=proc_pid_fd)
    File "/usr/lib/python3/dist-packages/apport/report.py", line 686, in add_proc_info
      raise ValueError("not accessible")
  ValueError: not accessible
  ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: pid: 6452, uid: 0, gid: 0, euid: 8, egid: 8
  ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: environment: environ({'LANG': 'C.UTF-8', 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin', 'LISTEN_PID': '6452', 'LISTEN_FDS': '1', 'LISTEN_FDNAMES': 'connection', 'INVOCATION_ID': '1352c67b4a21480a9b35db8012dafb42', 'JOURNAL_STREAM': '8:29587491', 'SYSTEMD_EXEC_PID': '6452'})
  ```

  The apport log should not show a Traceback.

  [Where problems could occur]

  The apport binary is called by the kernel when a process crashes.
  Worst case scenarios include breaking the apport binary and no problem
  report is generated any more (or apport uses too much resources).
  Users will see problems reports inside the container which cause
  additional load or disk usage. The fix is accompanied by a test case
  (run in autopkgtest).

  [Other Info]

  The autopkgtest for armhf are run inside a LXC container and some test
  cases like test_crash_setuid_drop trigger this bug.

  Due to the huge amount of broken autopkgtest tests, the diff for the
  SRUs are bigger than desired. The individual commits in
  https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/ are
  probably easier to review.

  * jammy SRU: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=1fa042cc27714c407494b3d6dfd0730bb984f3eb
  * focal SRU: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=eaa92037c7dfba621719c6f81fd75f6a09e90881

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1982487/+subscriptions