I'd like to give you all an update and outline our plans for this. The Canonical server team has made analysis of this issue a top priority. We've identified and tested out several possible theories. Our findings suggest that the breakage involves two distinct issues, one the BindTo= issue mentioned above, the other caused by a bug in the docker.io package causing the service to stop on package upgrade; see specifically the service stop command at the end of /var/lib/dpkg/info/docker.io.prerm. We'll use LP: #1870514 to track the former issue, and #1906364 the latter. LP: #1658691 gives some past background for reference.
The tricky part is that unfortunately any change we make to docker.io requires the running of the prerm script (the version of the script already present on your system, not the one we'd be installing), and thus triggers the bug. In other words, updating your system to prevent the bug will cause one more docker stop. Thereafter, the upgrade will not restart the service when rolling out CVE fixes to either containerd or docker.io; it may prompt to do so if running interactively (e.g. https://imgur.com/2Za5dbQ.png), otherwise it should respect the debconf setting. We would appreciate feedback, testing and/or review of the proposed fix, available in this PPA: https://launchpad.net/~bryce/+archive/ubuntu/containerd-sru-lp1870514 -docker-dh/ ** Also affects: unattended-upgrades (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: docker.io (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: containerd (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Hirsute) Importance: Undecided Status: Won't Fix ** Also affects: docker.io (Ubuntu Hirsute) Importance: Undecided Status: Confirmed ** Also affects: containerd (Ubuntu Hirsute) Importance: Undecided Status: Confirmed ** Also affects: unattended-upgrades (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: docker.io (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: containerd (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: docker.io (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: containerd (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: unattended-upgrades (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: docker.io (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: containerd (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: unattended-upgrades (Ubuntu Groovy) Status: New => Won't Fix ** No longer affects: containerd (Ubuntu) ** Changed in: unattended-upgrades (Ubuntu Focal) Status: New => Won't Fix ** Changed in: unattended-upgrades (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: unattended-upgrades (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: docker.io (Ubuntu Xenial) Importance: Undecided => High ** Changed in: docker.io (Ubuntu Xenial) Status: New => In Progress ** Changed in: docker.io (Ubuntu Xenial) Assignee: (unassigned) => Bryce Harrington (bryce) ** Changed in: docker.io (Ubuntu Xenial) Importance: High => Critical ** Changed in: docker.io (Ubuntu Bionic) Importance: Undecided => Critical ** Changed in: docker.io (Ubuntu Bionic) Status: New => In Progress ** Changed in: docker.io (Ubuntu Focal) Importance: Undecided => Critical ** Changed in: docker.io (Ubuntu Focal) Status: New => In Progress ** Changed in: docker.io (Ubuntu Groovy) Importance: Undecided => Critical ** Changed in: docker.io (Ubuntu Groovy) Status: New => In Progress ** Changed in: docker.io (Ubuntu Hirsute) Importance: Undecided => Critical ** Changed in: docker.io (Ubuntu Hirsute) Status: Confirmed => In Progress ** Changed in: docker.io (Ubuntu Hirsute) Assignee: (unassigned) => Bryce Harrington (bryce) ** No longer affects: containerd (Ubuntu Xenial) ** No longer affects: containerd (Ubuntu Bionic) ** No longer affects: containerd (Ubuntu Focal) ** No longer affects: containerd (Ubuntu Groovy) ** No longer affects: containerd (Ubuntu Hirsute) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1906364 Title: unattended-upgrade still restarts blacklisted daemons To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1906364/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
