** Description changed:
[Impact]
Apport will fail for processes with dump mode 2 inside of containers.
[Test plan]
Run following testcase script inside a LXC container:
```
#!/bin/sh
sudo rm -rf /var/crash/* /var/log/apport.log
sudo -u mail sh -c "ping 127.0.0.1 > /dev/null" &
sleep 0.3
killall -11 ping
sleep 0.3
cat /var/log/apport.log
```
apport.log for the affected version:
```
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: called for pid 6449,
signal 11, core limit 0, dump mode 2
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: not creating core for pid
with dump mode of 2
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: Unhandled exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport/report.py", line 681, in
add_proc_info
self["ExecutablePath"] = _read_proc_link(
File "/usr/lib/python3/dist-packages/apport/report.py", line 92, in
_read_proc_link
return os.readlink(path, dir_fd=dir_fd)
PermissionError: [Errno 13] Permission denied: 'exe'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/share/apport/apport", line 862, in <module>
info.add_proc_info(proc_pid_fd=proc_pid_fd)
File "/usr/lib/python3/dist-packages/apport/report.py", line 686, in
add_proc_info
raise ValueError("not accessible")
ValueError: not accessible
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: pid: 6452, uid: 0, gid: 0,
euid: 8, egid: 8
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: environment:
environ({'LANG': 'C.UTF-8', 'PATH':
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin',
'LISTEN_PID': '6452', 'LISTEN_FDS': '1', 'LISTEN_FDNAMES': 'connection',
'INVOCATION_ID': '1352c67b4a21480a9b35db8012dafb42', 'JOURNAL_STREAM':
'8:29587491', 'SYSTEMD_EXEC_PID': '6452'})
```
The apport log should not show a Traceback.
[Where problems could occur]
The apport binary is called by the kernel when a process crashes. Worst
case scenarios include breaking the apport binary and no problem report
is generated any more (or apport uses too much resources). Users will
see problems reports inside the container which cause additional load or
disk usage. The fix is accompanied by a test case (run in autopkgtest).
[Other Info]
The autopkgtest for armhf are run inside a LXC container and some test
cases like test_crash_setuid_drop trigger this bug.
+
+ Due to the huge amount of broken autopkgtest tests, the diff for the
+ SRUs are bigger than desired. The individual commits in
+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/ are
+ probably easier to review.
+
+ * jammy SRU:
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=1fa042cc27714c407494b3d6dfd0730bb984f3eb
+ * focal SRU:
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=eaa92037c7dfba621719c6f81fd75f6a09e90881
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1982487
Title:
apport fails with PermissionError for dump mode 2 in containers
Status in Apport:
Fix Released
Status in apport package in Ubuntu:
Fix Released
Status in apport source package in Focal:
New
Status in apport source package in Jammy:
New
Bug description:
[Impact]
Apport will fail for processes with dump mode 2 inside of containers.
[Test plan]
Run following testcase script inside a LXC container:
```
#!/bin/sh
sudo rm -rf /var/crash/* /var/log/apport.log
sudo -u mail sh -c "ping 127.0.0.1 > /dev/null" &
sleep 0.3
killall -11 ping
sleep 0.3
cat /var/log/apport.log
```
apport.log for the affected version:
```
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: called for pid 6449,
signal 11, core limit 0, dump mode 2
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: not creating core for pid
with dump mode of 2
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: Unhandled exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport/report.py", line 681, in
add_proc_info
self["ExecutablePath"] = _read_proc_link(
File "/usr/lib/python3/dist-packages/apport/report.py", line 92, in
_read_proc_link
return os.readlink(path, dir_fd=dir_fd)
PermissionError: [Errno 13] Permission denied: 'exe'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/share/apport/apport", line 862, in <module>
info.add_proc_info(proc_pid_fd=proc_pid_fd)
File "/usr/lib/python3/dist-packages/apport/report.py", line 686, in
add_proc_info
raise ValueError("not accessible")
ValueError: not accessible
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: pid: 6452, uid: 0, gid: 0,
euid: 8, egid: 8
ERROR: apport (pid 6452) Thu Jul 21 12:59:45 2022: environment:
environ({'LANG': 'C.UTF-8', 'PATH':
'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin',
'LISTEN_PID': '6452', 'LISTEN_FDS': '1', 'LISTEN_FDNAMES': 'connection',
'INVOCATION_ID': '1352c67b4a21480a9b35db8012dafb42', 'JOURNAL_STREAM':
'8:29587491', 'SYSTEMD_EXEC_PID': '6452'})
```
The apport log should not show a Traceback.
[Where problems could occur]
The apport binary is called by the kernel when a process crashes.
Worst case scenarios include breaking the apport binary and no problem
report is generated any more (or apport uses too much resources).
Users will see problems reports inside the container which cause
additional load or disk usage. The fix is accompanied by a test case
(run in autopkgtest).
[Other Info]
The autopkgtest for armhf are run inside a LXC container and some test
cases like test_crash_setuid_drop trigger this bug.
Due to the huge amount of broken autopkgtest tests, the diff for the
SRUs are bigger than desired. The individual commits in
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/ are
probably easier to review.
* jammy SRU:
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=1fa042cc27714c407494b3d6dfd0730bb984f3eb
* focal SRU:
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/log/?h=eaa92037c7dfba621719c6f81fd75f6a09e90881
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1982487/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
