From ab999c9280750bd3ffa2339811299655cdbb892d Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 17 Oct 2025 17:49:41 +0900 Subject: [PATCH] coredump: enter mount namespace even when the crashed process is in the same PID namespace Otherwise, we may not get stacktrace of the crashed process when it is in running a mount namespace, especially when it is in a portable service or service that uses RootImage=/RootDirectory=. --- src/coredump/coredump-kernel-helper.c | 2 -- src/coredump/coredump-submit.c | 19 +++++++++++++------ src/coredump/coredump-submit.h | 1 - 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/coredump/coredump-kernel-helper.c b/src/coredump/coredump-kernel-helper.c index be3b756a231..bdadba10b61 100644 --- a/src/coredump/coredump-kernel-helper.c +++ b/src/coredump/coredump-kernel-helper.c @@ -55,8 +55,6 @@ int coredump_kernel_helper(int argc, char *argv[]) { r = coredump_send_to_container(&context); if (r >= 0) return 0; - - (void) acquire_pid_mount_tree_fd(&config, &context); } /* If this is PID 1, disable coredump collection, we'll unlikely be able to process diff --git a/src/coredump/coredump-submit.c b/src/coredump/coredump-submit.c index ba11e9001a5..78d46c28c98 100644 --- a/src/coredump/coredump-submit.c +++ b/src/coredump/coredump-submit.c @@ -463,7 +463,7 @@ static int maybe_remove_external_coredump( return true; } -int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpContext *context) { +static int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpContext *context) { #if HAVE_DWFL_SET_SYSROOT _cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF, fd = -EBADF; _cleanup_close_pair_ int pair[2] = EBADF_PAIR; @@ -537,10 +537,17 @@ int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpContext *con #endif } -static int attach_mount_tree(int mount_tree_fd) { +static int attach_mount_tree(const CoredumpConfig *config, CoredumpContext *context) { int r; - assert(mount_tree_fd >= 0); + assert(config); + assert(context); + + r = acquire_pid_mount_tree_fd(config, context); + if (r < 0) + return r; + + assert(context->mount_tree_fd >= 0); r = detach_mount_namespace(); if (r < 0) @@ -550,7 +557,7 @@ static int attach_mount_tree(int mount_tree_fd) { if (r < 0) return log_warning_errno(r, "Failed to create directory: %m"); - r = mount_setattr(mount_tree_fd, "", AT_EMPTY_PATH, + r = mount_setattr(context->mount_tree_fd, "", AT_EMPTY_PATH, &(struct mount_attr) { /* MOUNT_ATTR_NOSYMFOLLOW is left out on purpose to allow libdwfl to resolve symlinks. * libdwfl will use openat2() with RESOLVE_IN_ROOT so there is no risk of symlink escape. @@ -561,7 +568,7 @@ static int attach_mount_tree(int mount_tree_fd) { if (r < 0) return log_warning_errno(errno, "Failed to change properties of mount tree: %m"); - r = move_mount(mount_tree_fd, "", -EBADF, MOUNT_TREE_ROOT, MOVE_MOUNT_F_EMPTY_PATH); + r = move_mount(context->mount_tree_fd, "", -EBADF, MOUNT_TREE_ROOT, MOVE_MOUNT_F_EMPTY_PATH); if (r < 0) return log_warning_errno(errno, "Failed to attach mount tree: %m"); @@ -666,7 +673,7 @@ int coredump_submit(const CoredumpConfig *config, CoredumpContext *context) { (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, config->keep_free, config->max_use); } - if (context->mount_tree_fd >= 0 && attach_mount_tree(context->mount_tree_fd) >= 0) + if (attach_mount_tree(config, context) >= 0) root = MOUNT_TREE_ROOT; /* Now, let's drop privileges to become the user who owns the segfaulted process and allocate the diff --git a/src/coredump/coredump-submit.h b/src/coredump/coredump-submit.h index b36790f9164..89b07cec9aa 100644 --- a/src/coredump/coredump-submit.h +++ b/src/coredump/coredump-submit.h @@ -3,5 +3,4 @@ #include "coredump-forward.h" -int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpContext *context); int coredump_submit(const CoredumpConfig *config, CoredumpContext *context); -- 2.47.3