Disabling the clone3 call should only be a temporary workaround to get 21.10 released, this still must be fixed properly so it can be reenabled in 22.04.
I feel like that docker change is working around a bug in crun/runc regarding the default seccomp policy and not the proper fix either. It will do nothing to prevent this from happening again with the next syscall glibc uses. Any changes for the host docker/runc/crun/libpod/whatever needs to be SRUed to all releases like we did for newfstatat() in glibc 2.33. I really want to make sure that we don't just fix this issue but also don't end up with the same thing when glibc 2.35 or later drops with another syscall. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943049 Title: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true' To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs