Received: (at 316-done) by bugs.devuan.org; 10 Jan 2023 15:19:39 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Tue, 10 Jan 2023 15:19:39 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id xFGkD/+BvWNcJAAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Tue, 10 Jan 2023 15:19:27 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 36E0DDB6; Tue, 10 Jan 2023 15:19:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 41CD2B69 for <[email protected]>; Tue, 10 Jan 2023 15:19:22 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pFGPI-0002HP-EW for [email protected]; Tue, 10 Jan 2023 15:19:20 +0000 Received: (nullmailer pid 32205 invoked by uid 1000); Tue, 10 Jan 2023 15:19:20 -0000 Date: Tue, 10 Jan 2023 15:19:20 +0000 From: Mark Hindley <[email protected]> To: [email protected] Subject: Fixed in Debian Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debbugs-No-Ack: No Thanks Version: 1.9.1-8
Mike Tubby <[email protected]>:Mark Hindley <[email protected]>:Mark Hindley <[email protected]>
to [email protected].
Full text available.Mark Hindley <[email protected]>
to [email protected].
Full text available.Received: (at 316) by bugs.devuan.org; 14 Jan 2020 19:10:02 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for <debbugs@localhost> (single-drop); Tue, 14 Jan 2020 19:10:02 +0000 (UTC) Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 2A30FF60C22 for <[email protected]>; Tue, 14 Jan 2020 20:01:15 +0100 (CET) Received: from apollo.hindleynet ([192.168.1.3] helo=apollo) by mx.hindley.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <[email protected]>) id 1irRRC-0000YB-0j for [email protected]; Tue, 14 Jan 2020 19:01:14 +0000 Received: from mark by apollo with local (Exim 4.84_2) (envelope-from <[email protected]>) id 1irRRB-000537-20 for [email protected]; Tue, 14 Jan 2020 19:01:13 +0000 Date: Tue, 14 Jan 2020 19:01:13 +0000 From: Mark Hindley <[email protected]> To: [email protected] Subject: Re: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debbugs-No-Ack: No Thanks User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=0.0 required=5.0 tests=FAKE_REPLY_C,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org Control: tag -1 beowulf debian Mike Thanks. This seems to be Debian #911604 which is fixed in version 1.9.1-8, but not buster. At least there is a configuration workaround. Mark
[email protected], [email protected]:bug#316; Package haveged.
Full text available.Received: (at submit) by bugs.devuan.org; 12 Apr 2019 21:40:07 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from tupac3.dyne.org [195.169.149.119] by fulcanelli with IMAP (fetchmail-6.3.26) for <debbugs@localhost> (single-drop); Fri, 12 Apr 2019 23:40:06 +0200 (CEST) Received: from relay1.thorcom.net (relay1.thorcom.net [195.171.43.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 41EA8F608E6 for <[email protected]>; Fri, 12 Apr 2019 23:37:32 +0200 (CEST) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=tubby.org [email protected] header.b="LydBlxO8"; dkim-atps=neutral Received: from public.tubby.org ([82.68.212.67]) by relay1.thorcom.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <[email protected]>) id 1hF3rX-0002W7-AU for [email protected]; Fri, 12 Apr 2019 22:37:31 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tubby.org; s=mail; h=Content-Type:MIME-Version:Date:Message-ID:Subject:From:To:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=l2b5VVDCI3T/HlbW9cGibmJvLPnX0y3oJ+54UylBjD4=; b=LydBlxO8icmHiN9TdOI1v0pQfS 3ZND6Tj6wnAFO2b4vCL2SGQaVURaCqHidN+2CJj2ObymvOC8yGp/j+2BKMOq9/AOLJiAU5P0Cb5Wg kySXnDTQEDP2KenWhnjpjExTlPxxuIT4Neafi+zOeUsfgyTVNeirgJUE9wXgXYnQ/1RhvuboqObXN OzKCXneUHLfQat9MLiFZ9WkHSsQUK7WLiEnxF69dXhgCQNzyk9OxlFARev+Hl7UcF45gXaYgju5J4 J8bpWAeLgPH5uyGJj4BDtkqGr8XdnjnpvP8xaH8V8V9aUGQfPq5Zyn7t1Q2nWuP2I4086U6XqWfMo I4aEf10A==; Received: from gate.tubby.org ([82.68.212.65] helo=[192.168.144.20]) by public.tubby.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <[email protected]>) id 1hF3rW-00075r-Mi for [email protected]; Fri, 12 Apr 2019 22:37:30 +0100 To: [email protected] From: Mike Tubby <[email protected]> Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification Message-ID: <[email protected]> Date: Fri, 12 Apr 2019 22:37:29 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------759921CCF242D01BAEF80700" Content-Language: en-GB X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org This is a multi-part message in MIME format. --------------759921CCF242D01BAEF80700 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Package: haveged Version: 1.9.1-6 Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 'haveged' (entropy daemon) fails to start: a) at boot b) via 'service haveged start' c) from the command line, if the PID file is specified All attempts at running haveged result in an apparmor/audit as follows: Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 audit(1555102481.459:19): apparmor="DENIED" operation="mknod" profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 With apparmor suggesting that haveged is being refused permission for haveged to make a node, for the pid file Stopping apparmor with 'aa-teardown' allows haveged to start as expected: root@ns0:/etc/apparmor.d/local# aa-teardown Unloading AppArmor profiles root@ns0:/etc/apparmor.d/local# service haveged restart [ ok ] Restarting entropy daemon: haveged. root@ns0:/etc/apparmor.d/local# ps ax | grep haveged 9741 ? Ss 0:00 /usr/sbin/haveged -w 1024 9761 pts/0 S+ 0:00 grep haveged root@ns0:/etc/apparmor.d/local# Haveged is documented as using the path /var/run/haveged.pid by default and not /run/haveged.pid. Checking the binary with 'strings' confirms this: root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid getpid pidfile /var/run/haveged.pid daemon pidfile, default: /var/run/haveged.pid root@ns0:/etc/apparmor.d/local# Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows: root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged # Site-specific additions and overrides for usr.sbin.haveged. # For more details, please see /etc/apparmor.d/local/README. /var/run/haveged.pid rw, /run/haveged.pid rw, Allows haveged to work as expected. Clearly something with haveged and/or apparmor is broken here... Mike --------------759921CCF242D01BAEF80700 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> Package: haveged<br> Version: 1.9.1-6<br> <br> Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 'haveged' (entropy daemon) fails to start:<br> a) at boot<br> b) via 'service haveged start'<br> c) from the command line, if the PID file is specified<br> <br> <p>All attempts at running haveged result in an apparmor/audit as follows:</p> <p><tt>Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 audit(1555102481.459:19): apparmor="DENIED" operation="mknod" profile="/usr/sbin/haveged" <b><font color="#ff0000">name="/run/haveged.pid"</font></b> pid=9474 comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0</tt><br> <br> </p> <p>With apparmor suggesting that haveged is being refused permission for haveged to make a node, for the pid file<br> </p> <p><br> </p> <p>Stopping apparmor with 'aa-teardown' allows haveged to start as expected:</p> <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> aa-teardown</tt><tt><br> </tt><tt>Unloading AppArmor profiles</tt><tt><br> </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> service haveged restart</tt><tt><br> </tt><tt>[ ok ] Restarting entropy daemon: haveged.</tt><tt><br> </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> ps ax | grep haveged</tt><tt><br> </tt><tt> 9741 ? Ss 0:00 /usr/sbin/haveged -w 1024</tt><tt><br> </tt><tt> 9761 pts/0 S+ 0:00 grep haveged</tt><tt><br> </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br> <br> </p> <p>Haveged is documented as using the path /var/run/haveged.pid by default and not /run/haveged.pid. Checking the binary with 'strings' confirms this:<br> </p> <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> strings /usr/sbin/haveged | grep pid</tt><tt><br> </tt><tt>getpid</tt><tt><br> </tt><tt>pidfile</tt><tt><br> </tt><tt>/var/run/haveged.pid</tt><tt><br> </tt><tt>daemon pidfile, default: /var/run/haveged.pid</tt><tt><br> </tt><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a></tt><br> </p> <p><br> </p> <p>Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:</p> <p><tt><a class="moz-txt-link-abbreviated" href="mailto:root@ns0:/etc/apparmor.d/local#">root@ns0:/etc/apparmor.d/local#</a> cat usr.sbin.haveged</tt><tt><br> </tt><tt># Site-specific additions and overrides for usr.sbin.haveged.</tt><tt><br> </tt><tt># For more details, please see /etc/apparmor.d/local/README.</tt><tt><br> </tt><tt><br> </tt><tt>/var/run/haveged.pid rw,</tt><tt><br> </tt><tt>/run/haveged.pid rw,</tt><br> <br> </p> <p>Allows haveged to work as expected.</p> <p><br> </p> <p>Clearly something with haveged and/or apparmor is broken here...</p> <p><br> </p> <p>Mike</p> <p><br> </p> </body> </html> --------------759921CCF242D01BAEF80700--
Mike Tubby <[email protected]>:[email protected].
Full text available.[email protected], [email protected]:bug#316; Package haveged.
Full text available.Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.
Devuan Bugs Owner <[email protected]>.
Last modified:
Sat, 18 Jan 2025 04:39:02 UTC