> > The coredump socket is located in the initial network namespace. > > I understand this is a reasonable decision to avoid complicated > path management in the mount ns but keep connectivity from any > namespace. Yes, path lookup would not just be horrid it would also require playing around with credentials and current->fs. The beauty in this implementation is that its the crash dumping process itself which does everything. > > To bind > > the coredump socket userspace must hold CAP_SYS_ADMIN in the initial > > user namespace. Listening and reading can happen from whatever > > unprivileged context is necessary to safely process coredumps. > > > > When a task coredumps it opens a client socket in the initial network > > namespace and connects to the coredump socket. For now only tasks that > > are acctually coredumping are allowed to connect to the initial coredump > > socket. > > This can be controlled by BPF (cgroup sockops or LSM) if a user > really cares about spam clients. > > I think how to set up coredump is userspace responsibility. I'll reply to that in the other thread so we don't have millions of branch points. > > - Since unix_stream_connect() runs bpf programs during connect it's > > possible to even redirect or multiplex coredumps to other sockets. > > If the socket is in a cgroup, yes, and even if not, BPF LSM can > reject some requests. Indeed. I've outlined that in an earlier version as well. > > - The coredump server should mark itself as non-dumpable. > > To capture coredumps for the coredump server itself a bpf program > > should be run at connect to redirect it to another socket in > > userspace. This can be useful for debugging crashing coredump servers. > > > > - A container coredump server in a separate network namespace can simply > > bind to linuxafsk/coredump.socket and systemd-coredump fowards > > coredumps to the container. > > I think the name should be also configurable in non-initial netns. I don't see a good reason for this. We can always relax that later if we have to. The fixed address keeps the coredump setup very very dumb and simple.
