apport-hackers team mailing list archive

[Stéphane Graber <stgraber@xxxxxxxxxxxx>]

Stéphane Graber has proposed merging lp:~stgraber/apport/bug1445064 into lp:apport.

Requested reviews:
  Apport upstream developers (apport-hackers)

For more details, see:
https://code.launchpad.net/~stgraber/apport/bug1445064/+merge/283752

This is the implemented of https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064

The original implementation of this feature was a security nightmare and had to be reverted. This new design should be safe as the host will never actually execute any code, just contact a pre-existing apport setup and forward the crash to it.

I've so far implemented the receiving end of this, it's made of a systemd socket and systemd service, this binds /run/apport.socket (root owned, 0600 permission) and on connection to it, spawns the main apport script. I modified the apport script to detect systemd's environment variables, replace stdin by the connection fd and replace sys.argv by the arguments sent over the socket.

The remaining part is to have apport, when receiving a crash for a container (pid != global_pid), look for /run/apport.socket in the crashed process's filesystem root and if found, connect to the socket, send an argument line and then send the whole of stdin after it, then exit.
-- 
Your team Apport upstream developers is requested to review the proposed merge of lp:~stgraber/apport/bug1445064 into lp:apport.

=== modified file 'data/apport'
--- data/apport	2015-11-04 20:04:52 +0000
+++ data/apport	2016-01-24 22:14:18 +0000
@@ -14,10 +14,12 @@
 # the full text of the license.
 
 import sys, os, os.path, subprocess, time, traceback, pwd, io
-import signal, inspect, grp, fcntl
+import signal, inspect, grp, fcntl, socket
 
 import apport, apport.fileutils
 
+from systemd.daemon import listen_fds
+
 #################################################################
 #
 # functions
@@ -303,6 +305,25 @@
 #
 #################################################################
 
+# Systemd socket activation
+if "LISTEN_FDS" in os.environ:
+    # Extract and validate the fd
+    fds = listen_fds()
+    if len(fds) < 1:
+        print("Invalid socket activation, no fd provided")
+        sys.exit(1)
+
+    # Replace stdin by the socket activation fd
+    sys.stdin.close()
+    sock = socket.fromfd(int(fds[0]), socket.AF_UNIX, socket.SOCK_STREAM)
+    sys.stdin = sock.makefile('r')
+
+    # Replace argv by the arguments received over the socket
+    line = sys.stdin.readline()
+    sys.argv = [sys.argv[0]]
+    sys.argv +=  line.split()
+
+# Normal startup
 if len(sys.argv) not in (4, 5):
     try:
         print('Usage: %s <pid> <signal number> <core file ulimit> [global pid]' % sys.argv[0])

=== added directory 'lib'
=== added directory 'lib/systemd'
=== added directory 'lib/systemd/system'
=== added file 'lib/systemd/system/apport-forward.socket'
--- lib/systemd/system/apport-forward.socket	1970-01-01 00:00:00 +0000
+++ lib/systemd/system/apport-forward.socket	2016-01-24 22:14:18 +0000
@@ -0,0 +1,12 @@
+[Unit]
+Description=Unix socket for apport crash forwarding
+
+[Socket]
+ListenStream=/run/apport.socket
+SocketMode=0600
+Accept=yes
+MaxConnections=10
+Backlog=5
+
+[Install]
+WantedBy=sockets.target

=== added file 'lib/systemd/system/apport-forward@.service'
--- lib/systemd/system/apport-forward@.service	1970-01-01 00:00:00 +0000
+++ lib/systemd/system/apport-forward@.service	2016-01-24 22:14:18 +0000
@@ -0,0 +1,11 @@
+[Unit]
+Description=Apport crash forwarding receiver
+Requires=apport-forward.socket
+
+[Service]
+Type=forking
+ExecStart=/usr/share/apport/apport
+
+[Install]
+WantedBy=multi-user.target
+Also=status.socket