coredump: rework coredumping logic

This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data
about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a
stacktrace and writes the coredump to disk.

This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and
hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust=
and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally
priorized processes.

This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until
/var/systemd/coredump is mounted and writable.

Fixes: #2286

Makefile.am

@@ -4413,6 +4413,15 @@ systemd_coredump_LDADD += \
 	$(ELFUTILS_LIBS)
 endif
 
+nodist_systemunit_DATA += \
+	units/systemd-coredump@.service
+
+dist_systemunit_DATA += \
+	units/systemd-coredump.socket
+
+SOCKETS_TARGET_WANTS += \
+	systemd-coredump.socket
+
 rootlibexec_PROGRAMS += \
 	systemd-coredump
 
@@ -4453,7 +4462,8 @@ CLEANFILES += \
 endif
 
 EXTRA_DIST += \
-	sysctl.d/50-coredump.conf.in
+	sysctl.d/50-coredump.conf.in \
+	units/systemd-coredump@.service.in
 
 # ------------------------------------------------------------------------------
 if ENABLE_BINFMT

src/basic/socket-util.c

@@ -871,14 +871,13 @@ int send_one_fd_sa(
                 struct cmsghdr cmsghdr;
                 uint8_t buf[CMSG_SPACE(sizeof(int))];
         } control = {};
-        struct cmsghdr *cmsg;
-
         struct msghdr mh = {
                 .msg_name = (struct sockaddr*) sa,
                 .msg_namelen = len,
                 .msg_control = &control,
                 .msg_controllen = sizeof(control),
         };
+        struct cmsghdr *cmsg;
 
         assert(transport_fd >= 0);
         assert(fd >= 0);

units/.gitignore

@@ -25,6 +25,7 @@
 /systemd-binfmt.service
 /systemd-bootchart.service
 /systemd-bus-proxyd.service
+/systemd-coredump@.service
 /systemd-firstboot.service
 /systemd-fsck-root.service
 /systemd-fsck@.service

units/systemd-coredump.socket

@@ -0,0 +1,17 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Process Core Dump Socket
+Documentation=man:systemd-coredump(8)
+DefaultDependencies=no
+
+[Socket]
+ListenSequentialPacket=/run/systemd/coredump
+SocketMode=0600
+Accept=yes
+MaxConnections=16

units/systemd-coredump@.service.in

@@ -0,0 +1,24 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Process Core Dump
+Documentation=man:systemd-coredump(8)
+DefaultDependencies=no
+RequiresMountsFor=/var/lib/systemd/coredump
+Conflicts=shutdown.target
+After=systemd-remount-fs.service systemd-journald.socket
+Requires=systemd-journald.socket
+Before=shutdown.target
+
+[Service]
+ExecStart=-@rootlibexecdir@/systemd-coredump
+Nice=9
+OOMScoreAdjust=500
+PrivateNetwork=yes
+ProtectSystem=full
+RuntimeMaxSec=5min