[Problem]
Subject: FW: RE:(2) ~RE(3): [Debug Attach] Program Symbols Not Loading
+ Tomasz Swierczek
Hello Tomasz,
A problem has been reported that the "Debug Attach" function does not work in Tizen Studio.
(For more information, please refer to the mails below.)
This seems to be related to mount namespace separation operation.
If we revert https://review.tizen.org/gerrit/#/c/platform/core/appfw/launchpad/+/212712/ , it works well as expected.
It seems that the gdserver process requires setns operation to attach to the app process that is already in operation.
To solve this problem, capabilities need to be assigned to "gdserver" executable file, but it is pushed by tizen-studio
during the runtime of debugging, so "setcap" does not work because it has "sdk_user" permission.
There seems to be no solution at the moment, if you have any good ideas, please share them.
Thanks,
Jin-gyu Kim
[Solution]
Precondition : A. launchpad needs to know that the current request was made by the gdbserver.
B. launchpad needs to know the pid of the target app process.
1. Add "cap_sys_chroot" to launchpad process. (It should be also included in user@.service as an inheritable option.)
2. If the current request is executed by the gdbserver, it's namespace needs to be equal to the target app process by using setns().
- setns() requires the pid of target app process. (Please refer https://man7.org/linux/man-pages/man2/setns.2.html)
example : int fd = open("/proc/1234/ns/mnt", O_RDONLY); setns(fd,0); // "/proc/[pid]/ns/mnt"
- These must be executed before "security_manager_prepare_app()".
Change-Id: Ief42b5e40259fa074ec110cfac957508dcb468d3
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
DelegateSubgroup=init.scope
TasksMax=infinity
TimeoutStopSec={{ DEFAULT_USER_TIMEOUT_SEC*4//3 }}s
+Capabilities=cap_sys_admin,cap_mac_admin,cap_setgid,cap_dac_override,cap_sys_chroot=i
KeyringMode=inherit
OOMScoreAdjust=100
MemoryPressureWatch=skip
projects / platform / upstream / systemd.git / commitdiff