Bug 478306 - Core excavator is not compatible with my pam_namespace setup
Summary: Core excavator is not compatible with my pam_namespace setup
Status: RESOLVED FIXED
Alias: None
Product: drkonqi
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords: qt6
Depends on:
Blocks:
 
Reported: 2023-12-09 15:13 UTC by hexchain
Modified: 2023-12-19 17:25 UTC (History)
0 users

See Also:
Latest Commit: https://invent.kde.org/plasma/drkonqi/-/commit/81c5d3220cc92718c74423f17c58db11cfead699
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description hexchain 2023-12-09 15:13:27 UTC 
SUMMARY
I have a pam_namespace configuration in place to make /tmp private for each user[1]. After a crash, drkonqi tries to excavate the core file with a privileged helper process, but the core ends up in the root mount namespace, and being inaccessible by the user process:

# ls -l /proc/self/ns/mnt
lrwxrwxrwx 1 root root 0 Dec  9 23:09 /proc/self/ns/mnt -> 'mnt:[4026531841]'
# ls -l /tmp/drkonqi-coredump-excavator.qemVAY
total 916492
-rw-r--r-- 1 hexchain root 938487808 Dec  9 22:56 core

% ls -l /proc/self/ns/mnt
lrwxrwxrwx 1 hexchain hexchain 0 Dec  9 23:10 /proc/self/ns/mnt -> mnt:[4026533106]
% ls -l /tmp/drkonqi*
total 88
-rw-r--r-- 1 hexchain hexchain 87467 Dec  9 13:14 sentry_payload.json

Is it possible to make drkonqi compatible with such kind of setup?

STEPS TO REPRODUCE
1. Set up pam_namespace; see [1].
2. Let kwin_wayland crash

OBSERVED RESULT
drkonqi-polkit-helper[131080]: Core dump excavation complete 0 QProcess::NormalExit "/tmp/drkonqi-coredump-excavator.qemVAY/core"
drkonqi[130864]: true QDBusError("", "") "/tmp/drkonqi-coredump-excavator.qemVAY/core"
drkonqi[130864]: Failed to move excavated core to target location QFileInfo(/tmp/drkonqi-coredump-excavator.qemVAY/core) "/tmp/drkonqi-core.gXtwZR/core"

EXPECTED RESULT
drkonqi should be able to successfully fetch the core.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.90.0
KDE Frameworks Version: 5.246.0
Qt Version: 6.6.1
Kernel Version: 6.6.5-arch1-1 (64-bit)
Graphics Platform: Wayland

drkonqi at c90d3a58

ADDITIONAL INFORMATION

[1] The configuration looks like this:

/etc/security/namespace.init:
```
#!/bin/sh
# It receives polydir path as $1, the instance path as $2,
# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
# and user name in $4.

if [ "$1" = "/tmp" ]; then
    user="$4"
    mkdir -p /tmp/{.X11,.XIM,.ICE,.font}-unix
    chown $user:$user /tmp/{.X11,.XIM,.ICE,.font}-unix
    chmod +t /tmp/{.X11,.XIM,.ICE,.font}-unix
fi

exit 0
```

/etc/security/namespace.conf:
```
/tmp    /tmp/user-private/      user:create     root
```

/etc/pam.d/system-login:
```
# append this line:
session    optional   pam_namespace.so
```
Comment 1 Bug Janitor Service 2023-12-09 22:53:11 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/drkonqi/-/merge_requests/209
Comment 2 Harald Sitter 2023-12-19 17:25:41 UTC 
Git commit 81c5d3220cc92718c74423f17c58db11cfead699 by Harald Sitter.
Committed on 19/12/2023 at 18:22.
Pushed by sitter into branch 'master'.

coredump-polkit: excavate into a caller specified directory

the user doesn't necessarily have access to the root's /tmp when in a
namespace. instead pass in a target directory fd from user scope for us
to write into from root scope

M  +17   -13   src/coredump/dumpexcavator/automaticcoredumpexcavator.cpp
M  +29   -20   src/coredump/polkit/main.cpp
M  +1    -1    src/coredump/polkit/org.kde.drkonqi.policy

https://invent.kde.org/plasma/drkonqi/-/commit/81c5d3220cc92718c74423f17c58db11cfead699