apport-hackers team mailing list archive

Thread
Date

[Merge] lp:~stgraber/apport/bug1445064 into lp:apport

To: mp+283752@xxxxxxxxxxxxxxxxxx
From: Stéphane Graber <stgraber@xxxxxxxxxxxx>
Date: Sun, 24 Jan 2016 23:35:36 -0000
In-reply-to: <20160124221535.17110.12337.launchpad@ackee.canonical.com>
Reply-to: mp+283752@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

The proposal to merge lp:~stgraber/apport/bug1445064 into lp:apport has been updated.

Description changed to:

This is the implemented of https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064

The original implementation of this feature was a security nightmare and had to be reverted. This new design should be safe as the host will never actually execute any code, just contact a pre-existing apport setup and forward the crash to it.

The receiving end of this is made of a systemd socket and systemd service, this binds /run/apport.socket (root owned, 0600 permission) and on connection to it, spawns the main apport script. I modified the apport script to detect systemd's environment variables, replace stdin by the connection fd and replace sys.argv by the arguments sent over the socket.

The sending part simply uses the existing container check, then checks if /run/apport.socket exists in the container. If it does, it connects to it, sends the arguments and then sends sys.stdin through.

For more details, see:
https://code.launchpad.net/~stgraber/apport/bug1445064/+merge/283752
-- 
Your team Apport upstream developers is requested to review the proposed merge of lp:~stgraber/apport/bug1445064 into lp:apport.

References

[Merge] lp:~stgraber/apport/bug1445064 into lp:apport
From: Stéphane Graber, 2016-01-24