Comment 2 for bug 1732518

The patch in comment #4 of bug 1726372 was mostly complete but issues were discovered late as we were approached the CRD for the CVEs described in that bug:

1) The patch should be updated to forward the new dump_mode argument into the container. This is a trivial change.
2) The patch changed the functionality of apport so that it processes, in the host, all crashes that come from a "non-full" container. The PoC in the description of bug 1726372 simply creates a PID namespace, without a new mount namespace, and then calls abort(). The behavioral change introduced by the patch resulted in apport writing the core dump to /tmp/core when it didn't do that before because it ignored such crashes.
3) The combination of the patch and the fix for CVE-2017-14177, which added a new required dump_mode command line option to Apport, made it potentially dangerous for an updated Apport in the host to forward a crash to a non-updated Apport in a container as the dump_mode parameter would be treated as the global_pid in the container's Apport.

These three issues are why we had to make the decision to (temporarily) drop container crash forwarding.

I won't be directly involved in re-enabling the container crash forwarding support but please feel free to ping me for a review, if needed.