Control: tag -1 patch pending Hi,
Axel Beckert <a...@debian.org> (2018-10-22): > haveged silently fails to start on one of my machines, seemingly due > to apparmor. From /var/log/syslog after unsucessfully trying to start > haveged: > > Oct 22 15:40:26 someone haveged: haveged starting up > Oct 22 15:40:26 someone kernel: [24678702.682596] audit: type=1400 > audit(1540215626.982:65757): apparmor="DENIED" operation="mknod" > profile="/usr/sbin/haveged" name="/run/haveged.pid" pid=7421 comm="haveged" > requested_mask="c" denied_mask="c" fsuid=0 ouid=0 > > What helped was adding the line > > /run/haveged.pid w, > > to /etc/apparmor.d/local/usr.sbin.haveged, so you should probably add > that line to /etc/apparmor.d/usr.sbin.haveged. Everyone: please deploy -8 (just uploaded) to your buster and/or unstable systems and report back. I've tested this on a stretch system that's running with systemd, using the daemon directly, or a hacked up init script to make sure I was evading the initscript→systemd machinery through LSB functions; and everything looks good with the patch. But I'd be very happy to have success reports from sysvinit users before considering backporting this to buster. Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature