The patch in comment #4 of bug 1726372 was mostly complete but issues were discovered late as we were approached the CRD for the CVEs described in that bug:
1) The patch should be updated to forward the new dump_mode argument into the container. This is a trivial change. 2) The patch changed the functionality of apport so that it processes, in the host, all crashes that come from a "non-full" container. The PoC in the description of bug 1726372 simply creates a PID namespace, without a new mount namespace, and then calls abort(). The behavioral change introduced by the patch resulted in apport writing the core dump to /tmp/core when it didn't do that before because it ignored such crashes. 3) The combination of the patch and the fix for CVE-2017-14177, which added a new required dump_mode command line option to Apport, made it potentially dangerous for an updated Apport in the host to forward a crash to a non-updated Apport in a container as the dump_mode parameter would be treated as the global_pid in the container's Apport. These three issues are why we had to make the decision to (temporarily) drop container crash forwarding. I won't be directly involved in re-enabling the container crash forwarding support but please feel free to ping me for a review, if needed. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14177 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732518 Title: Please re-enable container support in apport To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1732518/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
