Weighing in to emphasize the urgency: − this bug is a surefire way to corrupt user data, − in a popular infrastructure component (Docker), − still not fixed a year after it was discovered (bug #2039294 is dated 2023-10-13).
The bug causes a major problem with Docker containers being unable to gracefully shut down on Ubuntu 24.04 LTS and 23.10. Containers are simply sent a SIGKILL, which results in data loss: when a process is sent a SIGKILL, it has no chance to exit cleanly. People often run databases like MySQL or Postgres in containers, and the bug prevents the DBs from writing the data to disk under load on shutdown. This renders production Docker deployments unsafe on affected distro versions. As an additional nuisance, any container shut down externally will suffer a 10 second delay as the daemon waits for the dropped signal to affect the container before sending it a SIGKILL. This renders testing environments using Docker unreliable on the affected distro versions, as containers incur large delays when stopped and restarted. A fix has been available upstream in Docker since May 2024: https://github.com/moby/moby/pull/47749 It's now October 2024 and this has still not been patched in the Ubuntu docker.io package. Can this please be treated as high priority to bring the fix into 24.04 LTS? Reliable graceful shutdown of containers is critical for anyone using Docker in production, especially on an LTS system. A workaround of deploying a custom docker-default AppArmor profile has been provided in the comments, but this really needs an official fix in the docker.io package itself. Please prioritize fixing this in the docker.io package. We have a number of production databases and services that rely on Docker and use Ubuntu LTS, not being able to gracefully stop containers without risking data loss is a huge problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063099 Title: Stopping container signal blocked by AppArmor on Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/2063099/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
