Disabling the clone3 call should only be a temporary workaround to get
21.10 released, this still must be fixed properly so it can be reenabled
in 22.04.

I feel like that docker change is working around a bug in crun/runc
regarding the default seccomp policy and not the proper fix either. It
will do nothing to prevent this from happening again with the next
syscall glibc uses.

Any changes for the host docker/runc/crun/libpod/whatever needs to be
SRUed to all releases like we did for newfstatat() in glibc 2.33.

I really want to make sure that we don't just fix this issue but also
don't end up with the same thing when glibc 2.35 or later drops with
another syscall.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943049

Title:
  Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm
  -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
  /var/cache/apt/*.bin || true'

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to