WSL 18.04 apt upgrade failure

[macxfadz]

I recently downloaded Ubuntu 18.04 App from Microsoft App Store.
Subsequently, I update app packages through sudo apt-get update and then, sudo apt-get upgrade
then I the following message came up with errors (just fresh WSL system nothing has been installed),

and, there are after I installed GCC, clang, gdb, and python3 also it's getting same upgrading error saying -

Error: insufficient privileges to access the ebtables rulesets.

Errors were encountered while processing:
/var/cache/apt/archives/ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb

Please help me to resolve this issue.
Thank you.

[shoffmeister]

https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1774120

Ubuntu are taking action by changing the package management script.

[zippaaa]

#1761 (comment)

[therealkenc]

#1761 (comment)

Which in turn is ref #767

[macxfadz]

@therealkenc Do we have an exact fix for this issue? or do we have to wait for next Ubuntu release?

[sirredbeard]

@macxfadz A temporary workaround is here: #1761 (comment)

[therealkenc]

Or maybe someone can confirm whether just purging the thing is a viable solution (I haven't looked).

[sirredbeard]

@therealkenc Preliminary testing shows that simply purging doesn't work, but it was worth a shot.

Unpacking libcurl4:amd64 (7.58.0-2ubuntu3.1) over (7.58.0-2ubuntu3) ...
Preparing to unpack .../16-ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: warning: old ebtables package pre-removal script subprocess returned error exit status 1
dpkg: trying script from the new package instead ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: error processing archive /tmp/apt-dpkg-install-sFNodb/16-ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb (--unpack):
 new ebtables package pre-removal script subprocess returned error exit status 1
dmesg: read kernel buffer failed: Function not implemented
                                                          update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
invoke-rc.d: could not determine current runlevel
Preparing to unpack .../17-libcurl3-gnutls_7.58.0-2ubuntu3.1_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.58.0-2ubuntu3.1) over (7.58.0-2ubuntu3) ...
Preparing to unpack .../18-software-properties-common_0.96.24.32.3_all.deb ...
Unpacking software-properties-common (0.96.24.32.3) over (0.96.24.32.1) ...
Preparing to unpack .../19-python3-software-properties_0.96.24.32.3_all.deb ...
Unpacking python3-software-properties (0.96.24.32.3) over (0.96.24.32.1) ...
Preparing to unpack .../20-snapd_2.32.9+18.04_amd64.deb ...
Unpacking snapd (2.32.9+18.04) over (2.32.5+18.04) ...
Preparing to unpack .../21-cloud-init_18.2-27-g6ef92c98-0ubuntu1~18.04.1_all.deb ...
Unpacking cloud-init (18.2-27-g6ef92c98-0ubuntu1~18.04.1) over (18.2-14-g6d48d265-0ubuntu1) ...
Preparing to unpack .../22-ssh-import-id_5.7-0ubuntu1.1_all.deb ...
Unpacking ssh-import-id (5.7-0ubuntu1.1) over (5.7-0ubuntu1) ...
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)
hayden@t470s:~$ echo "export DISPLAY=:0" >> .bashrc
hayden@t470s:~$ echo "export LIBGL_ALWAYS_INDIRECT=1" >> .bashrc
hayden@t470s:~$ sudo apt-get remove ebtables --purge
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'sudo apt autoremove' to remove it.
The following packages will be REMOVED:
  ebtables* lxd*
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
22 not fully installed or removed.
After this operation, 20.2 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 28478 files and directories currently installed.)
Removing lxd (3.0.0-0ubuntu4) ...
invoke-rc.d: could not determine current runlevel
Stopping Container hypervisor based on LXC: (not running).
invoke-rc.d: could not determine current runlevel
Removing lxd dnsmasq configuration
Removing ebtables (2.0.10.4-3.5ubuntu2) ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: error processing package ebtables (--remove):
 installed ebtables package pre-removal script subprocess returned error exit status 1
Errors were encountered while processing:
 ebtables
E: Sub-process /usr/bin/dpkg returned an error code (1)
hayden@t470s:~$

[macxfadz]

sudo -s also not working :( what cause this privelledge issue ?

[sirredbeard]

@macxfadz

When the ebtables upgrade script invokes the ebtables stop init script ebtables tries to open a socket and fails. Either because ebtables is at fault for misinterpreting the socket response or because WSL hasn't fully implemented iptables (although it seem to suggest WSL should support the syscalls in question here), why it fails is not entirely clear. Either way it ends up throwing a permissions error and the upgrade script shuts the whole show down. It doesn't matter what you run as or what runlevel.

The workaround linked above works. The patch coming to the init script similarly just ignores the error.

The patch works well in Cosmic, should be backported to Bionic shortly.

[therealkenc]

why it fails is not entirely clear

No, why it fails is entirely clear. WSL does not implement all Linux ABI surface. Doesn't even pretend to, per the FAQ. Aspires to, hopefully.

#1451 is AF_NETLINK. Which is not AF_UNIX. Which is not AF_PACKET. And, is not AF_INET per #767.

[sirredbeard]

@therealkenc

You may be correct. Could you please explain why this is wrong or misplaced though?

And why EPROTONOSUPPORT appears to have been added here, the syscalls in question?

I may have misunderstood.

[therealkenc]

Could you please explain why this is wrong or misplaced though?

Well, anything I could say would be speaking for Balint, which I don't. All I think he is trying to say is that etables could deal better with the error returned by WSL, which makes etables technically more correct, and thus addresses the hard fail. EPROTONOSUPPORT depends entirely on the PROTO in question. Some are SUPPORT. Some are NOSUPPORT.

And why EPROTONOSUPPORT appears to have been added here, the syscalls in question?

In the #1451 OP, nmap never even made it to a EPROTONOTSUPPORT return from socket(AF_INET, ...) to begin with. It was dying with EOPNOTSUPP on sndmsg() on an AF_NETLINK socket. The latter was addressed (narrowly, because not all NETLINK_ROUTE messages are implemented in WSL either). The former is not (or, at least not enough to make etables happy).

[sirredbeard]

I see. Thank you for clearing that up.

[macxfadz]

@therealkenc @sirredbeard - guys any elegant fix for this issue please ? :|

[sirredbeard]

@macxfadz

I mentioned a workaround above.

You can also simply hold ebtables using apt:

sudo apt-mark hold ebtables

[akshaybabloo]

by holding/disabling ebtables will it cause any problem with the network bridge between Windows and Linux? Looking at their website (http://ebtables.netfilter.org/), ebtables does a lot of stuff

[macxfadz]

@akshaybabloo sounds like we have to next release of WSL ? is n't it ?

[akshaybabloo]

@macxfadz yep. Looks like that. Or even a patch would be enough

[sirredbeard]

@akshaybabloo

ebtables is old software that few actually use any more. It is maintained as legacy software by the developers that inherited it who only provide the most basic security patches and updates.

ebtables is also not compatible with WSL yet because the WSL layer hasn't fully implemented all the advanced networking calls that ebtables and it's parent software iptables uses. So no one is really using ebtables on WSL.

@macxfadz

This bug, in the upgrade script on Ubuntu 18.04, only affects Ubuntu 18.04 images. So Ubuntu 16.04, OpenSUSE, SEL, and Kali users are unaffected. The fix is for the upgrade script in Ubuntu 18.04 to ignore the error when ebtables tries something not yet supported by WSL as part of the upgrade process. The second post on this thread contains a link to the Ubuntu bug report. If you look you will see a patch in Ubuntu has been generated, pushed to Cosmic, which is 18.10 in progress, for testing, and will filter down to Bionic, 18.04, in due time.

Windows or WSL itself will not need a patch, although it's possible eventually WSL will support the network calls ebtables is flunking out on during the upgrade.

[macxfadz]

@sirredbeard Thanks for the info ...if we holding/disabling ebtables in ubuntu 18.04 if you don't mind , can you please tell me what are the side effects we can expect? and one thing though, why is it working with 16.04 fine? as you mentioned here

This bug, in the upgrade script on Ubuntu 18.04, only affects Ubuntu 18.04 images. So Ubuntu 16.04, OpenSUSE, SEL, and Kali users are unaffected

due to 18.04 upgrade script update?

[sirredbeard]

@macxfadz

can you please tell me what are the side effects we can expect?

Very little actually relies on ebtables these days, it's just there for legacy support on some servers.

Given that ebtables doesn't work on WSL at this time, holding ebtables upgrades in WSL will have no real effect.

Holding it means it simply won't get any updates via apt-get -upgrade.

WSL is rolling out support for iptables which it means it's possible ebtables could, by extension, be supported too, there's no real demand for it though.

Ebtables is legacy software in maintenance mode, there are modern more secure tools for performing it's functionality. Ubuntu is even working on a layer to wrangle iptables.

I imagine eventually upstream distros like Debian will deprecate ebtables in time.

why is it working with 16.04 fine

The issue occurs when the ebtables upgrade script calls ebtables to stop it and ebtables fails.

The issue only occurs when ebtables is upgraded via apt.

It is working fine in 16.04 because 16.04 does not ever upgrade ebtables, there's really no need to.

ebtables itself won't work on 16.04, SLES, Kali, or Debian either.

[akshaybabloo]

Thanks @sirredbeard can confirm that the patch has been pushed for 18.10.

[macxfadz]

@sirredbeard Thank you for the explanation really helpful.

[MVoz]

@sirredbeard как вариант удалить после установочный скрипт

as an option to delete after the installation script

ls /var/lib/dpkg/info/qemu-user-static*

ls /var/lib/dpkg/info/ebtables*

rm /var/lib/dpkg/info/ebtables.postinst

apt-get -o Dpkg::Options::="--force-all" install -f

http://kde5.blogspot.com/2017/03/linux-apt-get-force.html

[macxfadz]

This solved the issue temporarily I guess. 💃
Microsoft Link

[Hypnoes]

Still not fix at this time....

[macxfadz]

@Hypnoes but mine fix for the time... that's why I mentioned "temporarily" ...sorry

[tralston]

Interesting. Updated ebtables today (via aptitude ui) and it didn't error out.

[macxfadz]

@tralston Couldn't get you, can you mentioned what do you mean by "aptitude ui"? and what modification have you carried out in order to error wipe away?

[MVoz]

@macxfadz
sudo aptitude
Ctrl + T

[onomatopellan]

The ebtables problem has been fixed. No need to hold the package anymore on Ubuntu 18.04.
https://launchpad.net/ubuntu/+source/ebtables/2.0.10.4-3.5ubuntu2.18.04.3

sudo apt-mark unhold ebtables
sudo apt update && sudo apt upgrade -y

[therealkenc]

Good to know. Closing external. [Contrast #767 and friends.]