[Bug 1943049] Re: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/.deb /var/cache/apt/archives/partial/.deb /var/cache/apt/*.bin || true'

Sat Sep 11 06:44:51 UTC 2021

Disabling the clone3 call should only be a temporary workaround to get
21.10 released, this still must be fixed properly so it can be reenabled
in 22.04.

I feel like that docker change is working around a bug in crun/runc
regarding the default seccomp policy and not the proper fix either. It
will do nothing to prevent this from happening again with the next
syscall glibc uses.

Any changes for the host docker/runc/crun/libpod/whatever needs to be
SRUed to all releases like we did for newfstatat() in glibc 2.33.

I really want to make sure that we don't just fix this issue but also
don't end up with the same thing when glibc 2.35 or later drops with
another syscall.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1943049

Title:
  Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm
  -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
  /var/cache/apt/*.bin || true'

Status in cloud-images:
  Confirmed
Status in crun package in Ubuntu:
  New
Status in docker.io package in Ubuntu:
  New
Status in glibc package in Ubuntu:
  New
Status in libpod package in Ubuntu:
  New
Status in runc package in Ubuntu:
  New
Status in crun source package in Impish:
  New
Status in docker.io source package in Impish:
  New
Status in glibc source package in Impish:
  New
Status in libpod source package in Impish:
  New
Status in runc source package in Impish:
  New

Bug description:
  Sometime betweek August 28 and September 4 2021 the ubuntu:impish
  images published on dockerhub began erroring when executing the
  commands defined in /etc/apt/apt.conf.d/docker-clean.

  I have this reproducer, which is probably not as minimal as it can be
  but looks reliable:

  1. docker run -it --rm ubuntu:impish bash
  2. apt update
  3. apt install git
  4. apt -y remove git

  This results in:

  E: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
  E: Sub-process returned an error code

  *Removing* a package is not strictly needed to trigger the failure,
  but it seems that *two* apt operations are needed to trigger it, so
  this reproducer found by athos-ribeiro also works:

  docker run -it --rm ubuntu:impish /bin/bash -c 'apt-get update; apt-
  get full-upgrade -y; apt-get install -y jq'

  This doesn't happen when using ubuntu:hirsute.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions

[Bug 1943049] Re: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'

[Bug 1943049] Re: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/.deb /var/cache/apt/archives/partial/.deb /var/cache/apt/*.bin || true'