Devuan bug report logs - #316
Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: Mike Tubby <mike@tubby.org>
Subject: bug#316 closed by Mark Hindley <mark@hindley.org.uk> (Fixed in
 Debian)
Message-ID: <handler.316.D316.16733639793272.notifdone@bugs.devuan.org>
References: <Y72B+JZfZzjRISFh@hindley.org.uk>
 <49a7eb19-8e49-64e5-e42e-9fd7b109d65c@tubby.org>
X-Devuan-PR-Message: they-closed 316
X-Devuan-PR-Package: haveged
X-Devuan-PR-Keywords: debian beowulf
Reply-To: 316@bugs.devuan.org
Date: Tue, 10 Jan 2023 15:20:05 +0000
Content-Type: multipart/mixed; boundary="----------=_1673364005-3283-1"

[Message part 1 (text/plain, inline)]

This is an automatic notification regarding your bug report
which was filed against the haveged package:

#316: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

It has been closed by Mark Hindley <mark@hindley.org.uk>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mark Hindley <mark@hindley.org.uk> by
replying to this email.


-- 
316: https://bugs.devuan.org/cgi/bugreport.cgi?bug=316
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]

From: Mark Hindley <mark@hindley.org.uk>

To: 316-done@bugs.devuan.org

Subject: Fixed in Debian

Date: Tue, 10 Jan 2023 15:19:20 +0000

Version: 1.9.1-8

[Message part 3 (message/rfc822, inline)]

From: Mike Tubby <mike@tubby.org>

To: submit@bugs.devuan.org

Subject: Package 'haveged' wont start on Devuan Beowulf due to broken PID file specification

Date: Fri, 12 Apr 2019 22:37:29 +0100

[Message part 4 (text/plain, inline)]

Package: haveged
Version: 1.9.1-6

Dell R210-II servers upgraded to Beowulf on 12th April 2019, now package 
'haveged' (entropy daemon) fails to start:
    a) at boot
    b) via 'service haveged start'
    c) from the command line, if the PID file is specified

All attempts at running haveged result in an apparmor/audit as follows:

Apr 12 21:54:41 ns0 kernel: [ 4684.518633] audit: type=1400 
audit(1555102481.459:19): apparmor="DENIED" operation="mknod" 
profile="/usr/sbin/haveged" *name="/run/haveged.pid"* pid=9474 
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

With apparmor suggesting that haveged is being refused permission for 
haveged to make a node, for the pid file


Stopping apparmor with 'aa-teardown' allows haveged to start as expected:

root@ns0:/etc/apparmor.d/local# aa-teardown
Unloading AppArmor profiles
root@ns0:/etc/apparmor.d/local# service haveged restart
[ ok ] Restarting entropy daemon: haveged.
root@ns0:/etc/apparmor.d/local# ps ax | grep haveged
 9741 ?        Ss     0:00 /usr/sbin/haveged -w 1024
 9761 pts/0    S+     0:00 grep haveged
root@ns0:/etc/apparmor.d/local#

Haveged is documented as using the path /var/run/haveged.pid by default 
and not /run/haveged.pid.  Checking the binary with 'strings' confirms this:

root@ns0:/etc/apparmor.d/local# strings /usr/sbin/haveged | grep pid
getpid
pidfile
/var/run/haveged.pid
daemon pidfile, default: /var/run/haveged.pid
root@ns0:/etc/apparmor.d/local#


Adding an entry to /etc/apparmor.d/local/usr.sbin.haveged as follows:

root@ns0:/etc/apparmor.d/local# cat usr.sbin.haveged
# Site-specific additions and overrides for usr.sbin.haveged.
# For more details, please see /etc/apparmor.d/local/README.

/var/run/haveged.pid rw,
/run/haveged.pid rw,

Allows haveged to work as expected.


Clearly something with haveged and/or apparmor is broken here...


Mike

[Message part 5 (text/html, inline)]

Send a report that this bug log contains spam.