[Bug 1943049] Re: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
Launchpad Bug Tracker
1943049 at bugs.launchpad.net
Thu Nov 4 17:23:16 UTC 2021
This bug was fixed in the package containerd - 1.5.5-0ubuntu3~20.04.1
---------------
containerd (1.5.5-0ubuntu3~20.04.1) focal; urgency=medium
* Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).
- d/rules: set GO111MODULE to off, this avoid Internet connection during
the build.
containerd (1.5.5-0ubuntu3) impish; urgency=medium
* SECURITY UPDATE: insufficiently restricted directory permissions
- debian/patches/1.5-reduce-directory-permissions.patch: reduce
permissions for bundle dir in runtime/v1/linux/bundle.go,
runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
snapshots/btrfs/btrfs.go.
- CVE-2021-41103
containerd (1.5.5-0ubuntu2) impish; urgency=medium
* d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
(LP: #1943049).
-- Lucas Kanashiro <kanashiro at ubuntu.com> Fri, 08 Oct 2021 11:45:38
-0300
** Changed in: containerd (Ubuntu Focal)
Status: Fix Committed => Fix Released
** Changed in: docker.io (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1943049
Title:
Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm
-f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
/var/cache/apt/*.bin || true'
Status in cloud-images:
Confirmed
Status in containerd package in Ubuntu:
Fix Released
Status in crun package in Ubuntu:
Confirmed
Status in docker.io package in Ubuntu:
Fix Released
Status in glibc package in Ubuntu:
Confirmed
Status in golang-github-containers-common package in Ubuntu:
Fix Released
Status in golang-github-opencontainers-specs package in Ubuntu:
Fix Released
Status in libpod package in Ubuntu:
Fix Released
Status in containerd source package in Bionic:
Fix Released
Status in docker.io source package in Bionic:
Fix Released
Status in containerd source package in Focal:
Fix Released
Status in docker.io source package in Focal:
Fix Released
Status in containerd source package in Hirsute:
Fix Released
Status in docker.io source package in Hirsute:
Fix Released
Status in containerd source package in Impish:
Fix Released
Status in crun source package in Impish:
Confirmed
Status in docker.io source package in Impish:
Fix Released
Status in glibc source package in Impish:
Confirmed
Status in golang-github-containers-common source package in Impish:
Fix Released
Status in golang-github-opencontainers-specs source package in Impish:
Fix Released
Status in libpod source package in Impish:
Fix Released
Bug description:
Sometime betweek August 28 and September 4 2021 the ubuntu:impish
images published on dockerhub began erroring when executing the
commands defined in /etc/apt/apt.conf.d/docker-clean.
I have this reproducer, which is probably not as minimal as it can be
but looks reliable:
1. docker run -it --rm ubuntu:impish bash
2. apt update
3. apt install git
4. apt -y remove git
This results in:
E: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code
*Removing* a package is not strictly needed to trigger the failure,
but it seems that *two* apt operations are needed to trigger it, so
this reproducer found by athos-ribeiro also works:
docker run -it --rm ubuntu:impish /bin/bash -c 'apt-get update; apt-
get full-upgrade -y; apt-get install -y jq'
This doesn't happen when using ubuntu:hirsute.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions
More information about the foundations-bugs
mailing list