Docker image build fails if base image is ubuntu:22.04

[Furisto]

Bug description

When building an image from within a Gitpod workspace that uses ubuntu:22.04 as base image it fails with the following error:

E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

Steps to reproduce

Build an image that uses ubuntu:22.04 as base image, for example ws-daemon.

Workspace affected

No response

Expected behavior

No response

Example repository

No response

Anything else?

See https://pascalroeleven.nl/2021/09/09/ubuntu-21-10-and-fedora-35-in-docker/ and https://github.com/moby/moby/pull/42681 for details

This prevented us from building ws-daemon from within a Gitpod workspace. It'll impact anyone that uses a distro with glibc 2.34 as base image.

[atduarte]

Not a Gitpod specific issue: https://stackoverflow.com/questions/71941032/why-i-cannot-run-apt-update-inside-a-fresh-ubuntu22-04

[aledbf]

@Furisto this could be related to not having clone3 in the seccomp-profile

[Furisto]

Not a Gitpod specific issue: https://stackoverflow.com/questions/71941032/why-i-cannot-run-apt-update-inside-a-fresh-ubuntu22-04

Not so sure. Our docker version in the workspace should already have that fix and it is still failing. As @aledbf has pointed out, I suspect that our seccomp profile messes with it.

[ggbecker]

Not a Gitpod specific issue: https://stackoverflow.com/questions/71941032/why-i-cannot-run-apt-update-inside-a-fresh-ubuntu22-04

Not so sure. Our docker version in the workspace should already have that fix and it is still failing. As @aledbf has pointed out, I suspect that our seccomp profile messes with it.

I also suspect this. I've just opened an issue that manifests the same problem https://github.com/gitpod-io/gitpod/issues/11963

[utam0k]

FYI https://medium.com/nttlabs/ubuntu-21-10-and-fedora-35-do-not-work-on-docker-20-10-9-1cd439d9921