Comment 3 for bug 1438758

St├ęphane Graber (stgraber) wrote :

After thinking about it some more, the above solution will still let the user bypass various protections (seccomp, capability drop, ...) and implementing all of that in apport is starting to feel a bit ridiculous.

Instead I'll work on a different patch to apport which will have it attach to the namespaces it requires to generate the crash file, but not actually run any code from within the container. That should give us the right result which is a valid crash file appearing in /var/crash of the container but no untrusted code being executed from the outside.