Merge lp:~stgraber/apport/pidns-support into lp:~apport-hackers/apport/trunk
Status: | Merged |
---|---|
Merged at revision: | 2747 |
Proposed branch: | lp:~stgraber/apport/pidns-support |
Merge into: | lp:~apport-hackers/apport/trunk |
Diff against target: |
58 lines (+20/-4) 2 files modified
data/apport (+19/-3) etc/init.d/apport (+1/-1) |
To merge this branch: | bzr merge lp:~stgraber/apport/pidns-support |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Martin Pitt (community) | Approve | ||
Review via email: mp+200893@code.launchpad.net |
Description of the change
This adds support for PID namespaces in apport.
With that change, crashes originating from a container on a system running a >= 3.12 kernel will be automatically redirected to apport inside the container.
This is done through a new wrapper called apport-
This script will be called with an extended core pattern which includes %P (PID in the host namespace), if that one doesn't match with %p (PID in the calling namespace), the script will look for /proc/<pid in host ns>/root/
On pre-3.12 systems, all crashes will simply be forwarded to apport on the host (as used to be the case).
If apport isn't installed in the calling namespace, the wrapper will simply exit 0 (instead of the current behaviour of either spamming apport.log with useless content and stacktraces or worse, getting apport to think a perfectly sane process just crashed).
On top of that change, the change below will be needed in the distribution packaging:
=== modified file 'debian/
--- debian/
+++ debian/
@@ -1,6 +1,7 @@
etc
usr/share/
usr/share/
+usr/share/
usr/share/
usr/share/
usr/share/
=== modified file 'debian/
--- debian/
+++ debian/
@@ -30,7 +30,7 @@
rm -f /var/lib/
fi
- echo "|/usr/
+ echo "|/usr/
echo 2 > /proc/sys/
end script
Let me know if you have any question.
Thanks Stéphane! The general logic/approach looks fine to me, it's nice to get this working.
To be honest I'm not too thrilled about introducing a completely new shell wrapper for this. In the "normal" case of a non-containerized desktop system it adds further overhead to a crash (the extra shell call), and the script is very hard to test automatically, even for basic things like syntax errors. Also, it hardcodes the installed path of apport, which doesn't respect the install/prefix options of setup.py and makes it hard to test changes to data/apport in the source tree.
Could we put the "%p != %P → call apport in the container" logic into data/apport itself? With os.execl() this is not any more difficult than in shell, it would make this more accessible to integrating with the existing tests, and completely avoids the hardcoded path.
This would also potentially allow us to go a step further and instead of os.execl() just do os.chroot(), so that the host's "apport" script is used in the containers. data/apport doesn't change that often really, and the .crash format has never been broken in the entire apport history (if it does, we'd need to drop the chroot()ing, and go back to exec'ing). What do you think about that?
If all that is impractical, I'd like the new shell wrapper to have "set -euC", and the hardcoded path be replaced with a macro that setup.py install turns into the destination path.
Thanks!