subject:"\[Touch\-packages\] \[Bug 1445064\] Re\: Re\-implement container crash forwarding"

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

2016-02-15 Thread Launchpad Bug Tracker

This bug was fixed in the package apport - 2.20-0ubuntu2

---
apport (2.20-0ubuntu2) xenial; urgency=medium

  * Fix signal_crashes.test_modify_after_start test when running as
root.

apport (2.20-0ubuntu1) xenial; urgency=medium

  * New upstream release.
- Reimplement forwarding crashes into a container, via activating the new
  apport-forward.socket in the container and handing over the core dump
  fd.  This is a much safer way than the original implementation with
  nsexec.  Thanks Stéphane Graber! (LP: #1445064)
  * Drop long-obsolete sysv-rc dependency.
  * Add python3-systemd recommendation to apport, to make crash report
generation work in containers.
  * Install new systemd units into apport package.

 -- Martin Pitt   Mon, 15 Feb 2016 11:49:56
+0100

** Changed in: apport (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1445064

Title:
  Re-implement container crash forwarding

Status in apport package in Ubuntu:
  Fix Released

Bug description:
  The container crash forwarding feature must be re-implemented to use a
  safe design.

  The current thought is:
   - Introduce a systemd unit and upstart job to have a socket activated apport 
crash handler
   - When a crash comes from a container, have apport connect to the socket in 
the crashed process' root, write the arguments it received to the socket.
   - The crash handler in the container will then run and close the socket when 
it doesn't need the crashed process anymore.
   - The host crash handler then exits.

  This means that we only rely on an accessible root directory for the
  crashed process and the crash handler will be spawned by init inside
  that container. This makes it safe for privileged and unprivileged
  containers.

  As an extra security measure, rate limiting should be added so that we
  can only have 10 in-flight crashes and that any crash taking more than
  30s to be handled get cancelled (preventing host DoS).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

2016-02-12 Thread Martin Pitt

** Changed in: apport (Ubuntu)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1445064

Title:
  Re-implement container crash forwarding

Status in apport package in Ubuntu:
  In Progress

Bug description:
  The container crash forwarding feature must be re-implemented to use a
  safe design.

  The current thought is:
   - Introduce a systemd unit and upstart job to have a socket activated apport 
crash handler
   - When a crash comes from a container, have apport connect to the socket in 
the crashed process' root, write the arguments it received to the socket.
   - The crash handler in the container will then run and close the socket when 
it doesn't need the crashed process anymore.
   - The host crash handler then exits.

  This means that we only rely on an accessible root directory for the
  crashed process and the crash handler will be spawned by init inside
  that container. This makes it safe for privileged and unprivileged
  containers.

  As an extra security measure, rate limiting should be added so that we
  can only have 10 in-flight crashes and that any crash taking more than
  30s to be handled get cancelled (preventing host DoS).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

2016-02-12 Thread Martin Pitt

** Changed in: apport (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1445064

Title:
  Re-implement container crash forwarding

Status in apport package in Ubuntu:
  Fix Committed

Bug description:
  The container crash forwarding feature must be re-implemented to use a
  safe design.

  The current thought is:
   - Introduce a systemd unit and upstart job to have a socket activated apport 
crash handler
   - When a crash comes from a container, have apport connect to the socket in 
the crashed process' root, write the arguments it received to the socket.
   - The crash handler in the container will then run and close the socket when 
it doesn't need the crashed process anymore.
   - The host crash handler then exits.

  This means that we only rely on an accessible root directory for the
  crashed process and the crash handler will be spawned by init inside
  that container. This makes it safe for privileged and unprivileged
  containers.

  As an extra security measure, rate limiting should be added so that we
  can only have 10 in-flight crashes and that any crash taking more than
  30s to be handled get cancelled (preventing host DoS).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

2016-02-12 Thread Launchpad Bug Tracker

** Branch linked: lp:apport

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1445064

Title:
  Re-implement container crash forwarding

Status in apport package in Ubuntu:
  Fix Committed

Bug description:
  The container crash forwarding feature must be re-implemented to use a
  safe design.

  The current thought is:
   - Introduce a systemd unit and upstart job to have a socket activated apport 
crash handler
   - When a crash comes from a container, have apport connect to the socket in 
the crashed process' root, write the arguments it received to the socket.
   - The crash handler in the container will then run and close the socket when 
it doesn't need the crashed process anymore.
   - The host crash handler then exits.

  This means that we only rely on an accessible root directory for the
  crashed process and the crash handler will be spawned by init inside
  that container. This makes it safe for privileged and unprivileged
  containers.

  As an extra security measure, rate limiting should be added so that we
  can only have 10 in-flight crashes and that any crash taking more than
  30s to be handled get cancelled (preventing host DoS).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

2015-12-14 Thread Martin Pitt

This sounds good to me, as this now leaves the actual processing and any
permission issues to the apport instance in the container.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1445064

Title:
  Re-implement container crash forwarding

Status in apport package in Ubuntu:
  Triaged

Bug description:
  The container crash forwarding feature must be re-implemented to use a
  safe design.

  The current thought is:
   - Introduce a systemd unit and upstart job to have a socket activated apport 
crash handler
   - When a crash comes from a container, have apport connect to the socket in 
the crashed process' root, write the arguments it received to the socket.
   - The crash handler in the container will then run and close the socket when 
it doesn't need the crashed process anymore.
   - The host crash handler then exits.

  This means that we only rely on an accessible root directory for the
  crashed process and the crash handler will be spawned by init inside
  that container. This makes it safe for privileged and unprivileged
  containers.

  As an extra security measure, rate limiting should be added so that we
  can only have 10 in-flight crashes and that any crash taking more than
  30s to be handled get cancelled (preventing host DoS).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1445064/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

[Touch-packages] [Bug 1445064] Re: Re-implement container crash forwarding

5 matches

Site Navigation

Mail list logo

Footer information