Public bug reported:
If you install upstart-sysv the service haveged won't start anymore
cause the apparmor profile is missing a rule for the PID file.
Aug 4 16:16:24 containertest1 kernel: [ 160.141325] audit: type=1400
audit(1501856184.508:120): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/haveged" name="/run/haveged.pid" pid=7628
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
This problem can be fixed with add a line to the apparmor profile
/etc/apparmor.d/usr.sbin.haveged:
/run/haveged.pid rw,
Full version of profile:
----------------------------------------
# Last Modified: Fri Aug 21 15:23:17 2015
#include <tunables/global>
/usr/sbin/haveged {
#include <abstractions/base>
# Required for ioctl RNDADDENTROPY
capability sys_admin,
owner @{PROC}/@{pid}/status r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/kernel/random/poolsize r,
@{PROC}/sys/kernel/random/write_wakeup_threshold w,
/dev/random w,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/cpu*/cache/ r,
/sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
/usr/sbin/haveged mr,
/run/haveged.pid rw,
#include <local/usr.sbin.haveged>
}
--------------------------------------------
You can reload the profile with a reboot or apparmor_parser -r
/etc/apparmor.d/usr.sbin.haveged
** Affects: haveged (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708674
Title:
Haveged with AppArmor issue on Upstart
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haveged/+bug/1708674/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
