touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #63247
[Bug 1433584] [NEW] Version 0.82.1ubuntu2.1 breaks unattended upgrades on unprivileged Docker containers
Public bug reported:
Since update of the unattended-upgrades package to version
0.82.1ubuntu2.1, unprivileged Docker containers cannot properly perform
unattended upgrades anymore. They fail with the following error message:
=================================================
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 1186, in <module>
main(options)
File "/usr/bin/unattended-upgrade", line 993, in main
os.nice(-19)
PermissionError: [Errno 1] Operation not permitted
=================================================
This is due to the fact that the script tries to set a negative nice
value, which is by default not allowed on unprivileged Docker
containers. In previous package versions, the script was trying to set a
nice value of 0, which was allowed.
To solve this issue, two solutions could be considered:
- The unattended-upgrades package should remain using a nice value of 0
- The containers should be started with the "--cap-add=CAP_SYS_NICE" option. Unfortunately, it is not possible to add this capability to running containers.
More information:
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy unattended-upgrades
unattended-upgrades:
Installed: 0.82.1ubuntu2.1
Candidate: 0.82.1ubuntu2.1
Version table:
*** 0.82.1ubuntu2.1 0
500 http://ubunturepo/ trusty-updates/main amd64 Packages
100 /var/lib/dpkg/status
0.82.1ubuntu2 0
500 http://ubunturepo/ trusty/main amd64 Packages
** Affects: unattended-upgrades (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Since update of the unattended-upgrades package to version
0.82.1ubuntu2.1, unprivileged Docker containers cannot properly perform
unattended upgrades anymore. They fail with the following error message:
=================================================
Traceback (most recent call last):
- File "/usr/bin/unattended-upgrade", line 1186, in <module>
- main(options)
- File "/usr/bin/unattended-upgrade", line 993, in main
- os.nice(-19)
+ File "/usr/bin/unattended-upgrade", line 1186, in <module>
+ main(options)
+ File "/usr/bin/unattended-upgrade", line 993, in main
+ os.nice(-19)
PermissionError: [Errno 1] Operation not permitted
=================================================
This is due to the fact that the script tries to set a negative nice
value, which is by default not allowed on unprivileged Docker
containers. In previous package versions, the script was trying to set a
nice value of 0, which was allowed.
To solve this issue, two solutions could be considered:
- The unattended-upgrades package should remain using a nice value of 0
- The containers should be started with the "--cap-add=CAP_SYS_NICE" option. Unfortunately, it is not possible to add this capability to running containers.
More information:
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy unattended-upgrades
unattended-upgrades:
- Installed: 0.82.1ubuntu2.1
- Candidate: 0.82.1ubuntu2.1
- Version table:
- *** 0.82.1ubuntu2.1 0
- 500 http://sisuburep.vptt.ch/rep/ trusty-updates/main amd64 Packages
- 100 /var/lib/dpkg/status
- 0.82.1ubuntu2 0
- 500 http://sisuburep.vptt.ch/rep/ trusty/main amd64 Packages
+ Installed: 0.82.1ubuntu2.1
+ Candidate: 0.82.1ubuntu2.1
+ Version table:
+ *** 0.82.1ubuntu2.1 0
+ 500 http://ubunturepo/ trusty-updates/main amd64 Packages
+ 100 /var/lib/dpkg/status
+ 0.82.1ubuntu2 0
+ 500 http://ubunturepo/ trusty/main amd64 Packages
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1433584
Title:
Version 0.82.1ubuntu2.1 breaks unattended upgrades on unprivileged
Docker containers
Status in unattended-upgrades package in Ubuntu:
New
Bug description:
Since update of the unattended-upgrades package to version
0.82.1ubuntu2.1, unprivileged Docker containers cannot properly
perform unattended upgrades anymore. They fail with the following
error message:
=================================================
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 1186, in <module>
main(options)
File "/usr/bin/unattended-upgrade", line 993, in main
os.nice(-19)
PermissionError: [Errno 1] Operation not permitted
=================================================
This is due to the fact that the script tries to set a negative nice
value, which is by default not allowed on unprivileged Docker
containers. In previous package versions, the script was trying to set
a nice value of 0, which was allowed.
To solve this issue, two solutions could be considered:
- The unattended-upgrades package should remain using a nice value of 0
- The containers should be started with the "--cap-add=CAP_SYS_NICE" option. Unfortunately, it is not possible to add this capability to running containers.
More information:
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy unattended-upgrades
unattended-upgrades:
Installed: 0.82.1ubuntu2.1
Candidate: 0.82.1ubuntu2.1
Version table:
*** 0.82.1ubuntu2.1 0
500 http://ubunturepo/ trusty-updates/main amd64 Packages
100 /var/lib/dpkg/status
0.82.1ubuntu2 0
500 http://ubunturepo/ trusty/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1433584/+subscriptions
Follow ups
References
