Devuan bug report logs - #316
Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: Mark Hindley <mark@hindley.org.uk>
Subject: bug#316: marked as done (Package 'haveged' wont start on Devuan
 Beowulf due to broken PID file specification)
Message-ID: <handler.316.D316.16733639793272.ackdone@bugs.devuan.org>
References: <Y72B+JZfZzjRISFh@hindley.org.uk>
 <49a7eb19-8e49-64e5-e42e-9fd7b109d65c@tubby.org>
X-Devuan-PR-Message: closed 316
X-Devuan-PR-Package: haveged
X-Devuan-PR-Keywords: debian beowulf
Reply-To: 316@bugs.devuan.org
Date: Tue, 10 Jan 2023 15:20:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1673364001-3283-0"

[Message part 1 (text/plain, inline)]

Your message dated Tue, 10 Jan 2023 15:19:20 +0000
with message-id <Y72B+JZfZzjRISFh@hindley.org.uk>
and subject line Fixed in Debian
has caused the Devuan bug report #316,
regarding Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.devuan.org
immediately.)


-- 
316: https://bugs.devuan.org/cgi/bugreport.cgi?bug=316
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]

From: Mike Tubby <mike@tubby.org>

To: submit@bugs.devuan.org

Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

Date: Fri, 12 Apr 2019 22:37:29 +0100

[Message part 3 (text/plain, inline)]

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
    a) at boot
    b) via 'service haveged start'
    c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
 9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
 9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike

[Message part 4 (text/html, inline)]

[Message part 5 (message/rfc822, inline)]

From: Mark Hindley <mark@hindley.org.uk>

To: 316-done@bugs.devuan.org

Subject: Fixed in Debian

Date: Tue, 10 Jan 2023 15:19:20 +0000

Version: 1.9.1-8

Send a report that this bug log contains spam.