** Description changed: [Impact] The apport-test-crashes package, which is used to test the Error Tracker deployments, fails produce crash files for binary applications since "various security hardening fixes" were included in apport. The problematic change is the dropping of supplemental groups in data/apport. This results in a PermissionError as it is not the root user who is calling /usr/share/apport/apport. [Test Case] The least convulted test case involves using the generate-sigsegv-crash.py script from apport-test-crashes. This ends up using a command similar to '/usr/share/apport/apport -p 4077 -s 11 -E /usr/bin/gnome-calculator < /tmp/20.10-gnome-calculator.core' which then will encounter the Traceback. 1) Comment out "check_lock()" in /usr/share/apport/apport (This is necessary as we are not running as root) 2) Put a copy of generate-sigsegv-crash.py on disk. 3) Run 'python3 /tmp/generate-sigsegv-crash.py cat' 4) Observe the following Traceback: Traceback (most recent call last): - File "/tmp/tmpvkt5d266/apport", line 599, in <module> - drop_privileges(True) - File "/tmp/tmpvkt5d266/apport", line 125, in drop_privileges - os.setgroups([]) + File "/tmp/tmpvkt5d266/apport", line 599, in <module> + drop_privileges(True) + File "/tmp/tmpvkt5d266/apport", line 125, in drop_privileges + os.setgroups([]) PermissionError: [Errno 1] Operation not permitted With the version of apport from -proposed you'll receive no such Traceback. [Regression Potential] If there is an error in the python code we code see a new traceback for any and all crashes being generated, so ensure regular crash generation works too. + + apport-test-crashes code is here: + https://code.launchpad.net/~daisy-pluckers/error-tracker-deployment/test-crashes/
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1906565 Title: traceback when running apport as non-root user Status in apport package in Ubuntu: In Progress Status in apport source package in Xenial: New Status in apport source package in Bionic: New Status in apport source package in Focal: New Status in apport source package in Groovy: New Bug description: [Impact] The apport-test-crashes package, which is used to test the Error Tracker deployments, fails produce crash files for binary applications since "various security hardening fixes" were included in apport. The problematic change is the dropping of supplemental groups in data/apport. This results in a PermissionError as it is not the root user who is calling /usr/share/apport/apport. [Test Case] The least convulted test case involves using the generate-sigsegv-crash.py script from apport-test-crashes. This ends up using a command similar to '/usr/share/apport/apport -p 4077 -s 11 -E /usr/bin/gnome-calculator < /tmp/20.10-gnome-calculator.core' which then will encounter the Traceback. 1) Comment out "check_lock()" in /usr/share/apport/apport (This is necessary as we are not running as root) 2) Put a copy of generate-sigsegv-crash.py on disk. 3) Run 'python3 /tmp/generate-sigsegv-crash.py cat' 4) Observe the following Traceback: Traceback (most recent call last): File "/tmp/tmpvkt5d266/apport", line 599, in <module> drop_privileges(True) File "/tmp/tmpvkt5d266/apport", line 125, in drop_privileges os.setgroups([]) PermissionError: [Errno 1] Operation not permitted With the version of apport from -proposed you'll receive no such Traceback. [Regression Potential] If there is an error in the python code we code see a new traceback for any and all crashes being generated, so ensure regular crash generation works too. apport-test-crashes code is here: https://code.launchpad.net/~daisy-pluckers/error-tracker-deployment/test-crashes/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1906565/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
