Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
containerd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned | ||
crun (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Won't Fix
|
Undecided
|
Unassigned | ||
docker.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned | ||
golang-github-containers-common (Ubuntu) |
Fix Released
|
High
|
Reinhard Tartler | ||
Impish |
Fix Released
|
High
|
Reinhard Tartler | ||
golang-github-opencontainers-specs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned | ||
libpod (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Sometime betweek August 28 and September 4 2021 the ubuntu:impish images published on dockerhub began erroring when executing the commands defined in /etc/apt/
I have this reproducer, which is probably not as minimal as it can be but looks reliable:
1. docker run -it --rm ubuntu:impish bash
2. apt update
3. apt install git
4. apt -y remove git
This results in:
E: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/
E: Sub-process returned an error code
*Removing* a package is not strictly needed to trigger the failure, but it seems that *two* apt operations are needed to trigger it, so this reproducer found by athos-ribeiro also works:
docker run -it --rm ubuntu:impish /bin/bash -c 'apt-get update; apt-get full-upgrade -y; apt-get install -y jq'
This doesn't happen when using ubuntu:hirsute.
CVE References
tags: | added: rls-ii-incoming |
tags: | added: fr-1704 |
tags: | removed: rls-ii-incoming |
Changed in runc (Ubuntu Impish): | |
status: | Confirmed → Invalid |
Changed in containerd (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in containerd (Ubuntu Impish): | |
status: | Confirmed → Fix Released |
no longer affects: | runc (Ubuntu Impish) |
no longer affects: | runc (Ubuntu) |
Changed in crun (Ubuntu): | |
status: | Confirmed → Fix Released |
no longer affects: | glibc (Ubuntu) |
no longer affects: | glibc (Ubuntu Impish) |
affects: | cloud-images → ubuntu-translations |
no longer affects: | ubuntu-translations |
Confirmed with:
docker run -it --rm ubuntu:impish /bin/bash -c 'apt-get update; apt-get full-upgrade -y; apt-get install -y jq'