← Back to team overview

apport-hackers team mailing list archive

[Merge] lp:~stgraber/apport/bug1445064 into lp:apport

 

The proposal to merge lp:~stgraber/apport/bug1445064 into lp:apport has been updated.

Description changed to:

This is the implementation of https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064

The original implementation of this feature was a security nightmare and had to be reverted. This new design should be safe as the host will never actually execute any code, just contact a pre-existing apport setup and forward the crash to it.

This change introduces a couple of systemd units to setup a new /run/apport.socket UNIX socket. Upon receiving a container crash, the host apport looks for that socket in the crashed process' root. If found, it attempts to connect to it, then send the command line arguments it received along with its stdin.

Systemd in the container spawns apport whenever a crash happens, apport then connects to the host through the fd it receives from systemd and receives the stdin fd as well as the argument list from the host.

It then mangles its own sys.stdin and sys.argv to match what's sent by the host, then continues execution as normal.


The code change is pretty self contained, only new external dependency is on python3-systemd.

For more details, see:
https://code.launchpad.net/~stgraber/apport/bug1445064/+merge/283752
-- 
Your team Apport upstream developers is requested to review the proposed merge of lp:~stgraber/apport/bug1445064 into lp:apport.


References