Apport 2.28.0 gained systemd-coredump integration

tl;dr As of Apport 2.28.0 in Ubuntu 24.04 systemd-coredump can be installed in parallel to Apport.


In case a process crashes (i.e. terminates with a certain signal like SIGSEGV, see signal(7)), the kernel will write a core dump file. The kernel can be configured in /proc/sys/kernel/core_pattern to pipe the core dump to a program. There can be only one core dump handler configured. The apport service (shipped by the apport binary package) configures apport to be the core dump handler. Apport is installed by default in Ubuntu.

Besides Apport there are corekeeper, minicoredumper, and systemd-coredump in the Ubuntu archive that can be used as core dump handler. Since only one can be configured in /proc/sys/kernel/core_pattern those packages declare that they provide, conflict, and replace core-dump-handler. Due to that at most one of those packages can be installed, i.e. installing systemd-coredump will cause APT to remove apport (and also apport-gtk, apport-kde, and apport-noui).

A few users requested to switch from Apport to systemd-coredump:

Apport and systemd-coredump have a different scope and design. Systemd-coredump acquires, saves and processes code dumps. There is a coredumpctl command line tool for listing, info, dumping, and debugging. Apport on the other hand is tailored to collecting crashes and debugging information to report them to Ubuntu’s error tracker or Launchpad.

Except for the coredumpctl command line tool systemd-coredump does not have any advantage over Apport and only covers parts of what Apport does. It can be useful to support systemd-coredump in the long run. systemd-coredump works on many Linux distributions. It could get more users and more documentation could be found online. Systemd-coredump could get more features added than apport in the long run.

Change in Ubuntu 24.04

Apport 2.28.0 in Ubuntu 24.04 gained the support for reading crash reports from systemd-coredump. By default the package apport-core-dump-handler is installed which provides the Apport kernel core dump handler. Users of Ubuntu 24.04 and later can install systemd-coredump (replacing apport-core-dump-handler) and use it as core dump handler. In previous Ubuntu releases installing systemd-coredump would remove Apport (and probably other parts of the Ubuntu system with it).

Implemented Specification

Move the apport service (which configures /usr/share/apport/apport as crash dump handler) into the separate package apport-core-dump-handler. Keep everything else in the apport package, because the apport-forward@.service needs /usr/share/apport/apport.

Implement reading the crash data from systemd-coredump via the sd-journal API into a Problem Report object. Extend /usr/share/apport/apport to read the systemd-coredump data and write it as report file for Apport. Then Apport can collect additional system information in the normal way and report that report file in the usual way. Currently the core dump can be included in the report file or referenced as file. Maybe this could be extended to refer to the location systemd-coredump stores the dump (to avoid duplicating that information on disk).

Systemd-coredump needs to notify Apport in case of new crashes. Fedora’s ABRT does this by using the systemd journal API to watch for logging events from systemd-coredump. Instead of watching the logging events, add a service that runs after the systemd-coredump service:

# /usr/lib/systemd/system/apport-coredump-hook@.service
# This service is responsible for reading the coredump data from systemd journal
# after a crash has occurred, and generating a crash file to /var/crash/.
ExecStart=/usr/share/apport/apport --from-systemd-coredump %i

This service is triggered after a successful systemd-coredump@.service:

# /usr/lib/systemd/system/systemd-coredump@.service.d/apport-coredump-hook.conf


Apport and systemd-coredump support forwarding crashes into containers. For this feature to work, the same crash dump handler needs to be available on the host and in the container. If Apport is used as core dump handler on the host, crashes will be forwarded to the container in case Apport is installed in the container. If systemd-coredump is used as core dump handler on the host, crashes will be forwarded to the container in case systemd-coredump is installed in the container. If Apport is installed in the container in addition to systemd-coredump, the forwarded crash is forwarded to Apport (the same way as it would be forwarded on the host).

Forwarding to the container will not work if systemd-coredump is the core dump handler on the host, but only Apport is installed in the container. See Bug #2063349 “systemd-coredump handler does not forward the cras...” : Bugs : apport package : Ubuntu