I'm sorry you experienced problems when unattended-upgrades applied
security fixes.
Failure to restart a service is either an issue with the package or with
the local configuration, thus I mark docker.io and containerd being
affected.
The blacklist is listing _packages_ not services and not applied
transitively to dependencies nor reverse dependencies, thus unattended-
upgraded was and is expected to upgrade containerd.
Please list containerd in the blacklist if you would like to prevent it
to be upgraded and trigger a docker restart.
** Also affects: containerd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: unattended-upgrades (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1906364
Title:
unattended-upgrade still restarts blacklisted daemons
Status in containerd package in Ubuntu:
New
Status in docker.io package in Ubuntu:
New
Status in unattended-upgrades package in Ubuntu:
Won't Fix
Bug description:
Hello,
Today plenty of our systems running ubuntu 20.04 were restarting the
docker daemon, even if i blacklisted the docker package. Since docker
has an dependency on containerd thats the reason why it was restarted.
IMO the blacklist should also check the full tree of dependencies...
This should NOT happen!
From the log you find:
2020-12-01 06:40:13,881 INFO Starting unattended upgrades script
2020-12-01 06:40:13,882 INFO Allowed origins are: o=Ubuntu,a=focal,
o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security,
o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:13,882 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:13,882 INFO Initial whitelist (not strict):
2020-12-01 06:40:19,139 INFO Packages that will be upgraded: containerd
qemu-block-extra qemu-kvm qemu-system-common qemu-system-data qemu-system-gui
qemu-system-x86 qemu-utils
2020-12-01 06:40:19,140 INFO Writing dpkg log to
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2020-12-01 06:40:46,996 INFO All upgrades installed
2020-12-01 06:40:50,732 INFO Starting unattended upgrades script
2020-12-01 06:40:50,732 INFO Allowed origins are: o=Ubuntu,a=focal,
o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security,
o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:50,733 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:50,733 INFO Initial whitelist (not strict):
Also this happened for us on plenty of our servers almost at the same
(why the unattended updates are not spread over time?), which
destroyed the second time an production environment.
This is not how unattended-upgraded should be, sadly this package lost
our trust and we disable it and schedule the 'unattended updates' now
on our own.
PS: Not to say that on some servers the docker daemon did not even
restart..
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1906364/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
