git.ipfire.org Git - thirdparty/systemd.git/commit

author	Nick Rosbrook <enr0n@ubuntu.com>
	Wed, 6 Sep 2023 15:03:41 +0000 (11:03 -0400)
committer	Nick Rosbrook <enr0n@ubuntu.com>
	Fri, 13 Oct 2023 19:13:11 +0000 (15:13 -0400)
commit	a108c43e36d3ceb6e34efe37c014fc2cda856000
tree	c017b910ef9914bf291cfa6b835796f49d724f16	tree \| snapshot
parent	ade39d9ab849a6e8ae0f182a09e33b670463169c	commit \| diff

coredump: add support for forwarding coredump to containers

If a process crashes within a container, try and forward the coredump to
that container. To do this, check if the crashing process is in a
different pidns, and if so, find the PID of the namespace leader. We
only proceed with forwarding if that PID belongs to a cgroup that is
descendant of another cgroup with user.delegate=1 and
user.coredump_receive=1 (i.e. Delegate=yes and CoredumpReceive=yes).

If we proceed, attach to the namespaces of the leader, and send the
coredump to systemd-coredump.socket in the container. Before this is
done, we need to translate the PID, UID, and GID, and also re-gather
procfs metadata. Translate the PID, UID, and GID to the perspective of
the container by sending an SCM_CREDENTIALS message over a socket pair
from the original systemd-coredump process, to the process forked in the
container.

If we cannot successfully forward the coredump, fallback to the current
behavior so that there is still a record of the crash on the host.