Renato Botelho wrote:
I suspect this happens because of concurrent access to /dev/random from multiple save-entropy scripts launched exactly as the same time by jailed cron daemons.I updated my box and a jail that runs inside this box to 5.4-RELEASE yesterday.
After it, I'm receiving emails from this jail with error messages about /usr/libexec/save-entropy
I'm receiving messages like this:
mv: /var/db/entropy/saved-entropy.7: No such file or directory mv: /var/db/entropy/saved-entropy.5: No such file or directory override r-------- operator/operator for /var/db/entropy/saved-entropy.5? (y/n [n]) not overwritten override r-------- operator/operator for /var/db/entropy/saved-entropy.4? (y/n [n]) not overwritten override r-------- operator/operator for /var/db/entropy/saved-entropy.3? (y/n [n]) not overwritten override r-------- operator/operator for /var/db/entropy/saved-entropy.2? (y/n [n]) not overwritten
here is the files inside the jail:
[EMAIL PROTECTED]:~> sudo ls -l /var/db/entropy/ total 16 -r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.1 -r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.2 -r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.3 -r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.4 -r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.5 -r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.6 -r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.7 -r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.8
Anybody could help me to fix it?
thanks in advance
I got rid of those emails by putting entropy_dir="NO" into rc.conf of all jails. I'm not shure, is this secure?
Also consider enabling cron time jitter for jailed crons, by putting something like this into jail rc.conf:
cron_flags="-J10"
-- Alexander Rusinov
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
