Ubuntu
apport package

Re-implement container crash forwarding

Bug #1445064 reported by Stéphane Graber
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
Wishlist
Stéphane Graber

Bug Description

The container crash forwarding feature must be re-implemented to use a safe design.

The current thought is:
 - Introduce a systemd unit and upstart job to have a socket activated apport crash handler
 - When a crash comes from a container, have apport connect to the socket in the crashed process' root, write the arguments it received to the socket.
 - The crash handler in the container will then run and close the socket when it doesn't need the crashed process anymore.
 - The host crash handler then exits.

This means that we only rely on an accessible root directory for the crashed process and the crash handler will be spawned by init inside that container. This makes it safe for privileged and unprivileged containers.

As an extra security measure, rate limiting should be added so that we can only have 10 in-flight crashes and that any crash taking more than 30s to be handled get cancelled (preventing host DoS).

Revision history for this message
Martin Pitt (pitti) wrote :

This sounds good to me, as this now leaves the actual processing and any permission issues to the apport instance in the container.

Martin Pitt (pitti)
Changed in apport (Ubuntu):
status: Triaged → In Progress
Martin Pitt (pitti)
Changed in apport (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.20-0ubuntu2

---------------
apport (2.20-0ubuntu2) xenial; urgency=medium

  * Fix signal_crashes.test_modify_after_start test when running as root.

apport (2.20-0ubuntu1) xenial; urgency=medium

  * New upstream release.
    - Reimplement forwarding crashes into a container, via activating the new
      apport-forward.socket in the container and handing over the core dump
      fd. This is a much safer way than the original implementation with
      nsexec. Thanks Stéphane Graber! (LP: #1445064)
  * Drop long-obsolete sysv-rc dependency.
  * Add python3-systemd recommendation to apport, to make crash report
    generation work in containers.
  * Install new systemd units into apport package.

 -- Martin Pitt <email address hidden> Mon, 15 Feb 2016 11:49:56 +0100

Changed in apport (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.