Comment 0 for bug 1906364

Hello,

Today plenty of our systems running ubuntu 20.04 were restarting the docker daemon, even if i blacklisted the docker package. Since docker has an dependency on containerd thats the reason why it was restarted. IMO the blacklist should also check the full tree of dependencies... This should NOT happen!

From the log you find:

2020-12-01 06:40:13,881 INFO Starting unattended upgrades script
2020-12-01 06:40:13,882 INFO Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:13,882 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:13,882 INFO Initial whitelist (not strict):
2020-12-01 06:40:19,139 INFO Packages that will be upgraded: containerd qemu-block-extra qemu-kvm qemu-system-common qemu-system-data qemu-system-gui qemu-system-x86 qemu-utils
2020-12-01 06:40:19,140 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2020-12-01 06:40:46,996 INFO All upgrades installed
2020-12-01 06:40:50,732 INFO Starting unattended upgrades script
2020-12-01 06:40:50,732 INFO Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:50,733 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:50,733 INFO Initial whitelist (not strict):

Also this happened for us on plenty of our servers almost at the same (why the unattended updates are not spread over time?), which destroyed the second time an production environment.

This is not how unattended-upgraded should be, sadly this package lost our trust and we disable it and schedule the 'unattended updates' now on our own.