Devuan logs - #316, boring messages

Message sent to [email protected], [email protected]:

Subject: bug#316: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification
Reply-To: Mike Tubby <[email protected]>, [email protected]
Resent-From: Mike Tubby <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected]
Resent-Date: Fri, 12 Apr 2019 21:48:01 UTC
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
To: [email protected]
From: Mike Tubby <[email protected]>
Message-ID: <[email protected]>
Date: Fri, 12 Apr 2019 22:37:29 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------759921CCF242D01BAEF80700"
Content-Language: en-GB

This is a multi-part message in MIME format.
--------------759921CCF242D01BAEF80700
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
     a) at boot
     b) via 'service haveged start'
     c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
  9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
  9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike



--------------759921CCF242D01BAEF80700
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Package: haveged<br>
    Version: 1.9.1-6<br>
    <br>
    Dell R210-II servers upgraded to Beowulf on 12th April 2019, now
    package 'haveged' (entropy daemon) fails to start:<br>
        a) at boot<br>
        b) via 'service haveged start'<br>
        c) from the command line, if the PID file is specified<br>
    <br>
    <p>All attempts at running haveged result in an apparmor/audit as
      follows:</p>
    <p><tt>Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400
        audit(1555102481.459:19): apparmor="DENIED" operation="mknod"
        profile="/usr/sbin/haveged" <b><font color="#ff0000">name="/run/haveged.pid"</font></b>
        pid=9474 comm="haveged" requested_mask="c" denied_mask="c"
        fsuid=0 ouid=0</tt><br>
      <br>
    </p>
    <p>With apparmor suggesting that haveged is being refused permission
      for haveged to make a node, for the pid file<br>
    </p>
    <p><br>
    </p>
    <p>Stopping apparmor with 'aa-teardown' allows haveged to start as
      expected:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> aa-teardown</tt><tt><br>
      </tt><tt>Unloading AppArmor profiles</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> service haveged restart</tt><tt><br>
      </tt><tt>[ ok ] Restarting entropy daemon: haveged.</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> ps ax | grep haveged</tt><tt><br>
      </tt><tt> 9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024</tt><tt><br>
      </tt><tt> 9761 pts/0    S+     0:00 grep haveged</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
      <br>
    </p>
    <p>Haveged is documented as using the path /var/run/haveged.pid by
      default and not /run/haveged.pid.  Checking the binary with
      'strings' confirms this:<br>
    </p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> strings /usr/sbin/haveged |
        grep pid</tt><tt><br>
      </tt><tt>getpid</tt><tt><br>
      </tt><tt>pidfile</tt><tt><br>
      </tt><tt>/var/run/haveged.pid</tt><tt><br>
      </tt><tt>daemon pidfile, default: /var/run/haveged.pid</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
    </p>
    <p><br>
    </p>
    <p>Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as
      follows:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> cat usr.sbin.haveged</tt><tt><br>
      </tt><tt># Site-specific additions and overrides for
        usr.sbin.haveged.</tt><tt><br>
      </tt><tt># For more details, please see
        /etc/apparmor.d/local/README.</tt><tt><br>
      </tt><tt><br>
      </tt><tt>/var/run/haveged.pid rw,</tt><tt><br>
      </tt><tt>/run/haveged.pid rw,</tt><br>
      <br>
    </p>
    <p>Allows haveged to work as expected.</p>
    <p><br>
    </p>
    <p>Clearly something with haveged and/or apparmor is broken here...</p>
    <p><br>
    </p>
    <p>Mike</p>
    <p><br>
    </p>
  </body>
</html>

--------------759921CCF242D01BAEF80700--

Message sent:

X-Loop: [email protected]
From: [email protected] (Devuan bug Tracking System)
To: Mike Tubby <[email protected]>
Subject: bug#316: Acknowledgement (Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification)
Message-ID: <[email protected]>
In-Reply-To: <[email protected]>
References: <[email protected]>
Precedence: bulk
X-Devuan-PR-Message: ack 316
X-Devuan-PR-Package: haveged
X-Devuan-PR-Keywords: 
Reply-To: [email protected]

Thank you for the problem report you have sent regarding Devuan.
This is an automatically generated reply, to let you know your message has
been received.  It is being forwarded to the developers mailing list for
their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 [email protected]

If you wish to submit further information on your problem, please send
it to [email protected] (and *not* to
[email protected]).

Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.

Devuan Bugs Owner
(administrator, Devuan bugs database)

Message sent to [email protected], [email protected]:

Subject: bug#316: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification
Reply-To: Mark Hindley <[email protected]>, [email protected]
Resent-From: Mark Hindley <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected]
Resent-Date: Tue, 14 Jan 2020 19:18:01 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
References: <[email protected]>
Date: Tue, 14 Jan 2020 19:01:13 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)

Control: tag -1 beowulf debian

Mike

Thanks.

This seems to be Debian #911604 which is fixed in version 1.9.1-8,
but not buster.

At least there is a configuration workaround.

Mark

Message received at [email protected]:

Date: Tue, 14 Jan 2020 19:01:13 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Re: Package 'haveged' wont start on Devuan Beowulf due to broken PID
 file specification
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)

Control: tag -1 beowulf debian

Mike

Thanks.

This seems to be Debian #911604 which is fixed in version 1.9.1-8,
but not buster.

At least there is a configuration workaround.

Mark

Message received at [email protected]:

Received: (at control) by bugs.devuan.org; 21 May 2020 10:20:03 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Thu, 21 May 2020 10:20:03 +0000 (UTC)
Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id C95B8F608FF
	for <[email protected]>; Thu, 21 May 2020 12:16:45 +0200 (CEST)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1jbiFn-0007Tu-Tc
	for [email protected]; Thu, 21 May 2020 11:16:44 +0100
Received: (nullmailer pid 7097 invoked by uid 1000);
	Thu, 21 May 2020 10:16:43 -0000
Date: Thu, 21 May 2020 11:16:43 +0100
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Add forwarded debian bug numbers
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debbugs-No-Ack: No Thanks
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

forwarded 437 https://bugs.debian.org/959747
forwarded 426 https://bugs.debian.org/939435
forwarded 433 https://bugs.debian.org/959050
forwarded 437 https://bugs.debian.org/959747
forwarded 316 https://bugs.debian.org/911604
forwarded 350 https://bugs.debian.org/813347
forwarded 428 https://bugs.debian.org/950986
forwarded 463 https://bugs.debian.org/922550

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: [email protected]
From: "Devuan bug Tracking System" <[email protected]>
To: Mark Hindley <[email protected]>
Subject: bug#316: marked as done (Package 'haveged' wont start on Devuan
 Beowulf due to broken PID file specification)
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
X-Devuan-PR-Message: closed 316
X-Devuan-PR-Package: haveged
X-Devuan-PR-Keywords: debian beowulf
Reply-To: [email protected]
Date: Tue, 10 Jan 2023 15:20:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1673364001-3283-0"

This is a multi-part message in MIME format...

------------=_1673364001-3283-0
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your message dated Tue, 10 Jan 2023 15:19:20 +0000
with message-id <[email protected]>
and subject line Fixed in Debian
has caused the Devuan bug report #316,
regarding Package 'haveged' wont start on Devuan Beowulf due to broken PID =
file specification
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


--=20
316: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D316
Devuan Bug Tracking System
Contact [email protected] with problems

------------=_1673364001-3283-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by bugs.devuan.org; 12 Apr 2019 21:40:07 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Fri, 12 Apr 2019 23:40:06 +0200 (CEST)
Received: from relay1.thorcom.net (relay1.thorcom.net [195.171.43.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 41EA8F608E6
	for <[email protected]>; Fri, 12 Apr 2019 23:37:32 +0200 (CEST)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=tubby.org [email protected] header.b="LydBlxO8";
	dkim-atps=neutral
Received: from public.tubby.org ([82.68.212.67])
	by relay1.thorcom.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1hF3rX-0002W7-AU
	for [email protected]; Fri, 12 Apr 2019 22:37:31 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tubby.org;
	 s=mail; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To:Sender:
	Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
	List-Post:List-Owner:List-Archive;
	bh=l2b5VVDCI3T/HlbW9cGibmJvLPnX0y3oJ+54UylBjD4=; b=LydBlxO8icmHiN9TdOI1v0pQfS
	3ZND6Tj6wnAFO2b4vCL2SGQaVURaCqHidN+2CJj2ObymvOC8yGp/j+2BKMOq9/AOLJiAU5P0Cb5Wg
	kySXnDTQEDP2KenWhnjpjExTlPxxuIT4Neafi+zOeUsfgyTVNeirgJUE9wXgXYnQ/1RhvuboqObXN
	OzKCXneUHLfQat9MLiFZ9WkHSsQUK7WLiEnxF69dXhgCQNzyk9OxlFARev+Hl7UcF45gXaYgju5J4
	J8bpWAeLgPH5uyGJj4BDtkqGr8XdnjnpvP8xaH8V8V9aUGQfPq5Zyn7t1Q2nWuP2I4086U6XqWfMo
	I4aEf10A==;
Received: from gate.tubby.org ([82.68.212.65] helo=[192.168.144.20])
	by public.tubby.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.90_1)
	(envelope-from <[email protected]>)
	id 1hF3rW-00075r-Mi
	for [email protected]; Fri, 12 Apr 2019 22:37:30 +0100
To: [email protected]
From: Mike Tubby <[email protected]>
Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file
 specification
Message-ID: <[email protected]>
Date: Fri, 12 Apr 2019 22:37:29 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------759921CCF242D01BAEF80700"
Content-Language: en-GB
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

This is a multi-part message in MIME format.
--------------759921CCF242D01BAEF80700
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
     a) at boot
     b) via 'service haveged start'
     c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
  9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
  9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike



--------------759921CCF242D01BAEF80700
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Package: haveged<br>
    Version: 1.9.1-6<br>
    <br>
    Dell R210-II servers upgraded to Beowulf on 12th April 2019, now
    package 'haveged' (entropy daemon) fails to start:<br>
        a) at boot<br>
        b) via 'service haveged start'<br>
        c) from the command line, if the PID file is specified<br>
    <br>
    <p>All attempts at running haveged result in an apparmor/audit as
      follows:</p>
    <p><tt>Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400
        audit(1555102481.459:19): apparmor="DENIED" operation="mknod"
        profile="/usr/sbin/haveged" <b><font color="#ff0000">name="/run/haveged.pid"</font></b>
        pid=9474 comm="haveged" requested_mask="c" denied_mask="c"
        fsuid=0 ouid=0</tt><br>
      <br>
    </p>
    <p>With apparmor suggesting that haveged is being refused permission
      for haveged to make a node, for the pid file<br>
    </p>
    <p><br>
    </p>
    <p>Stopping apparmor with 'aa-teardown' allows haveged to start as
      expected:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> aa-teardown</tt><tt><br>
      </tt><tt>Unloading AppArmor profiles</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> service haveged restart</tt><tt><br>
      </tt><tt>[ ok ] Restarting entropy daemon: haveged.</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> ps ax | grep haveged</tt><tt><br>
      </tt><tt> 9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024</tt><tt><br>
      </tt><tt> 9761 pts/0    S+     0:00 grep haveged</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
      <br>
    </p>
    <p>Haveged is documented as using the path /var/run/haveged.pid by
      default and not /run/haveged.pid.  Checking the binary with
      'strings' confirms this:<br>
    </p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> strings /usr/sbin/haveged |
        grep pid</tt><tt><br>
      </tt><tt>getpid</tt><tt><br>
      </tt><tt>pidfile</tt><tt><br>
      </tt><tt>/var/run/haveged.pid</tt><tt><br>
      </tt><tt>daemon pidfile, default: /var/run/haveged.pid</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
    </p>
    <p><br>
    </p>
    <p>Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as
      follows:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> cat usr.sbin.haveged</tt><tt><br>
      </tt><tt># Site-specific additions and overrides for
        usr.sbin.haveged.</tt><tt><br>
      </tt><tt># For more details, please see
        /etc/apparmor.d/local/README.</tt><tt><br>
      </tt><tt><br>
      </tt><tt>/var/run/haveged.pid rw,</tt><tt><br>
      </tt><tt>/run/haveged.pid rw,</tt><br>
      <br>
    </p>
    <p>Allows haveged to work as expected.</p>
    <p><br>
    </p>
    <p>Clearly something with haveged and/or apparmor is broken here...</p>
    <p><br>
    </p>
    <p>Mike</p>
    <p><br>
    </p>
  </body>
</html>

--------------759921CCF242D01BAEF80700--

------------=_1673364001-3283-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 316-done) by bugs.devuan.org; 10 Jan 2023 15:19:39 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 10 Jan 2023 15:19:39 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id xFGkD/+BvWNcJAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 10 Jan 2023 15:19:27 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 36E0DDB6; Tue, 10 Jan 2023 15:19:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 41CD2B69
	for <[email protected]>; Tue, 10 Jan 2023 15:19:22 +0000 (UTC)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1pFGPI-0002HP-EW
	for [email protected]; Tue, 10 Jan 2023 15:19:20 +0000
Received: (nullmailer pid 32205 invoked by uid 1000);
	Tue, 10 Jan 2023 15:19:20 -0000
Date: Tue, 10 Jan 2023 15:19:20 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Fixed in Debian
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debbugs-No-Ack: No Thanks

Version: 1.9.1-8
------------=_1673364001-3283-0--

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: [email protected]
From: "Devuan bug Tracking System" <[email protected]>
To: Mike Tubby <[email protected]>
Subject: bug#316 closed by Mark Hindley <[email protected]> (Fixed in
 Debian)
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
X-Devuan-PR-Message: they-closed 316
X-Devuan-PR-Package: haveged
X-Devuan-PR-Keywords: debian beowulf
Reply-To: [email protected]
Date: Tue, 10 Jan 2023 15:20:05 +0000
Content-Type: multipart/mixed; boundary="----------=_1673364005-3283-1"

This is a multi-part message in MIME format...

------------=_1673364005-3283-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This is an automatic notification regarding your bug report
which was filed against the haveged package:

#316: Package 'haveged' wont start on Devuan Beowulf due to broken PID file=
 specification

It has been closed by Mark Hindley <[email protected]>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mark Hindley <mark@hin=
dley.org.uk> by
replying to this email.


--=20
316: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D316
Devuan Bug Tracking System
Contact [email protected] with problems

------------=_1673364005-3283-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 316-done) by bugs.devuan.org; 10 Jan 2023 15:19:39 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 10 Jan 2023 15:19:39 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id xFGkD/+BvWNcJAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 10 Jan 2023 15:19:27 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 36E0DDB6; Tue, 10 Jan 2023 15:19:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 41CD2B69
	for <[email protected]>; Tue, 10 Jan 2023 15:19:22 +0000 (UTC)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1pFGPI-0002HP-EW
	for [email protected]; Tue, 10 Jan 2023 15:19:20 +0000
Received: (nullmailer pid 32205 invoked by uid 1000);
	Tue, 10 Jan 2023 15:19:20 -0000
Date: Tue, 10 Jan 2023 15:19:20 +0000
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Fixed in Debian
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debbugs-No-Ack: No Thanks

Version: 1.9.1-8
------------=_1673364005-3283-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by bugs.devuan.org; 12 Apr 2019 21:40:07 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from tupac3.dyne.org [195.169.149.119]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Fri, 12 Apr 2019 23:40:06 +0200 (CEST)
Received: from relay1.thorcom.net (relay1.thorcom.net [195.171.43.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 41EA8F608E6
	for <[email protected]>; Fri, 12 Apr 2019 23:37:32 +0200 (CEST)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=tubby.org [email protected] header.b="LydBlxO8";
	dkim-atps=neutral
Received: from public.tubby.org ([82.68.212.67])
	by relay1.thorcom.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1hF3rX-0002W7-AU
	for [email protected]; Fri, 12 Apr 2019 22:37:31 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tubby.org;
	 s=mail; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To:Sender:
	Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
	List-Post:List-Owner:List-Archive;
	bh=l2b5VVDCI3T/HlbW9cGibmJvLPnX0y3oJ+54UylBjD4=; b=LydBlxO8icmHiN9TdOI1v0pQfS
	3ZND6Tj6wnAFO2b4vCL2SGQaVURaCqHidN+2CJj2ObymvOC8yGp/j+2BKMOq9/AOLJiAU5P0Cb5Wg
	kySXnDTQEDP2KenWhnjpjExTlPxxuIT4Neafi+zOeUsfgyTVNeirgJUE9wXgXYnQ/1RhvuboqObXN
	OzKCXneUHLfQat9MLiFZ9WkHSsQUK7WLiEnxF69dXhgCQNzyk9OxlFARev+Hl7UcF45gXaYgju5J4
	J8bpWAeLgPH5uyGJj4BDtkqGr8XdnjnpvP8xaH8V8V9aUGQfPq5Zyn7t1Q2nWuP2I4086U6XqWfMo
	I4aEf10A==;
Received: from gate.tubby.org ([82.68.212.65] helo=[192.168.144.20])
	by public.tubby.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.90_1)
	(envelope-from <[email protected]>)
	id 1hF3rW-00075r-Mi
	for [email protected]; Fri, 12 Apr 2019 22:37:30 +0100
To: [email protected]
From: Mike Tubby <[email protected]>
Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file
 specification
Message-ID: <[email protected]>
Date: Fri, 12 Apr 2019 22:37:29 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------759921CCF242D01BAEF80700"
Content-Language: en-GB
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

This is a multi-part message in MIME format.
--------------759921CCF242D01BAEF80700
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
     a) at boot
     b) via 'service haveged start'
     c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
  9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
  9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike



--------------759921CCF242D01BAEF80700
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Package: haveged<br>
    Version: 1.9.1-6<br>
    <br>
    Dell R210-II servers upgraded to Beowulf on 12th April 2019, now
    package 'haveged' (entropy daemon) fails to start:<br>
        a) at boot<br>
        b) via 'service haveged start'<br>
        c) from the command line, if the PID file is specified<br>
    <br>
    <p>All attempts at running haveged result in an apparmor/audit as
      follows:</p>
    <p><tt>Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400
        audit(1555102481.459:19): apparmor="DENIED" operation="mknod"
        profile="/usr/sbin/haveged" <b><font color="#ff0000">name="/run/haveged.pid"</font></b>
        pid=9474 comm="haveged" requested_mask="c" denied_mask="c"
        fsuid=0 ouid=0</tt><br>
      <br>
    </p>
    <p>With apparmor suggesting that haveged is being refused permission
      for haveged to make a node, for the pid file<br>
    </p>
    <p><br>
    </p>
    <p>Stopping apparmor with 'aa-teardown' allows haveged to start as
      expected:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> aa-teardown</tt><tt><br>
      </tt><tt>Unloading AppArmor profiles</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> service haveged restart</tt><tt><br>
      </tt><tt>[ ok ] Restarting entropy daemon: haveged.</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> ps ax | grep haveged</tt><tt><br>
      </tt><tt> 9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024</tt><tt><br>
      </tt><tt> 9761 pts/0    S+     0:00 grep haveged</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
      <br>
    </p>
    <p>Haveged is documented as using the path /var/run/haveged.pid by
      default and not /run/haveged.pid.  Checking the binary with
      'strings' confirms this:<br>
    </p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> strings /usr/sbin/haveged |
        grep pid</tt><tt><br>
      </tt><tt>getpid</tt><tt><br>
      </tt><tt>pidfile</tt><tt><br>
      </tt><tt>/var/run/haveged.pid</tt><tt><br>
      </tt><tt>daemon pidfile, default: /var/run/haveged.pid</tt><tt><br>
      </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br>
    </p>
    <p><br>
    </p>
    <p>Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as
      follows:</p>
    <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> cat usr.sbin.haveged</tt><tt><br>
      </tt><tt># Site-specific additions and overrides for
        usr.sbin.haveged.</tt><tt><br>
      </tt><tt># For more details, please see
        /etc/apparmor.d/local/README.</tt><tt><br>
      </tt><tt><br>
      </tt><tt>/var/run/haveged.pid rw,</tt><tt><br>
      </tt><tt>/run/haveged.pid rw,</tt><br>
      <br>
    </p>
    <p>Allows haveged to work as expected.</p>
    <p><br>
    </p>
    <p>Clearly something with haveged and/or apparmor is broken here...</p>
    <p><br>
    </p>
    <p>Mike</p>
    <p><br>
    </p>
  </body>
</html>

--------------759921CCF242D01BAEF80700--

------------=_1673364005-3283-1--