The fix for this issue will be to have apport do the following tasks prior to executing the crash handler in the container:
- replicate the task's apparmor profile
- attach to all namespaces (setns)
- seteuid and setegid to 0 of that namespace
- sanitize the fd list (only 0, 1 and 2, all pointing to /dev/null)
The fix for this issue will be to have apport do the following tasks prior to executing the crash handler in the container:
- replicate the task's apparmor profile
- attach to all namespaces (setns)
- seteuid and setegid to 0 of that namespace
- sanitize the fd list (only 0, 1 and 2, all pointing to /dev/null)