Upgrading unattended-upgrades gives errors and a warning

Bug #1642863 reported by Chai T. Rex on 2016-11-18
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
debconf (Ubuntu)
Wishlist
Unassigned

Bug Description

Ubuntu release
==============

Description: Ubuntu 16.04.1 LTS
Release: 16.04

Package version
===============

unattended-upgrades:
  Installed: 0.90ubuntu0.2
  Candidate: 0.90ubuntu0.2
  Version table:
 *** 0.90ubuntu0.2 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        100 /var/lib/dpkg/status
     0.90 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu xenial/main i386 Packages

What I expected to happen
=========================

No error or warning messages during a software upgrade.

What happened instead
=====================

When an updated version of unattended-upgrades is installed, the following error messages appear because /tmp is mounted noexec for security reasons (see the Securing Debian Manual, section 4.10 at https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10):

    Preconfiguring packages ...
    Can't exec "/tmp/unattended-upgrades.config.5svL0F": Permission denied at /usr/share/perl/5.22/IPC/Open3.pm line 178.
    open2: exec of /tmp/unattended-upgrades.config.5svL0F configure 0.90ubuntu0.1 failed at /usr/share/perl5/Debconf/ConfModule.pm line 59.

Also, the following warning occurs later on:

    Setting up unattended-upgrades (0.90ubuntu0.2) ...
    update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: unattended-upgrades 0.90ubuntu0.2
ProcVersionSignature: Ubuntu 4.4.0-47.68-generic 4.4.24
Uname: Linux 4.4.0-47-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Nov 18 02:36:54 2016
DistributionChannelDescriptor:
 # This is a distribution channel descriptor
 # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
 canonical-oem-somerville-xenial-amd64-20160624-2
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-11-01 (17 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47
PackageArchitecture: all
SourcePackage: unattended-upgrades
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apt.apt.conf.d.10periodic:
 APT::Periodic::Update-Package-Lists "0";
 APT::Periodic::Download-Upgradeable-Packages "0";
 APT::Periodic::AutocleanInterval "0";
 APT::Periodic::Unattended-Upgrade "1";
mtime.conffile..etc.apt.apt.conf.d.10periodic: 2016-11-07T13:58:08.805628

Chai T. Rex (chaitrex) wrote :
Changed in unattended-upgrades (Ubuntu):
importance: Undecided → Low
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unattended-upgrades (Ubuntu):
status: New → Confirmed
Balint Reczey (rbalint) wrote :

Debconf executes scripts from /tmp by default but you can try continuing securing the system by changing apt's temp file configuration:
https://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec

Anyway this is definitely not a bug in u-u, maybe a wishlist one for debconf.

Changed in unattended-upgrades (Ubuntu):
importance: Low → Wishlist
affects: unattended-upgrades (Ubuntu) → debconf (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers