Devuan bug report logs - #316
Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

Package: haveged; Reported by: Mike Tubby <mike@tubby.org>;
Date: Fri, 12 Apr 2019 21:48:01 UTC;
Maintainer for haveged is (unknown).

View this report as an mbox folder.


Report forwarded to devuan-bugs@lists.dyne.org, owner@bugs.devuan.org:
bug#316; Package haveged. Full text available.



Acknowledgement sent to Mike Tubby <mike@tubby.org>:
New bug report received and forwarded. Copy sent to owner@bugs.devuan.org. Full text available.



Message received at submit@bugs.devuan.org:

To: submit@bugs.devuan.org
From: Mike Tubby <mike@tubby.org>
Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file
Date: Fri, 12 Apr 2019 22:37:29 +0100

[Message part 1 (text/plain, inline)]

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
     a) at boot
     b) via 'service haveged start'
     c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
  9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
  9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike



[Message part 2 (text/html, inline)]






Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri, 6 Dec 2019 20:53:38 UTC