Package: haveged
Version: 1.9.19-2
Severity: important
Tags: patch
Dear Maintainer,
the haveged version in sid fails to start due to missing apparmor permissions.
In particular, it attempts to create a semaphore in /dev/shm and is blocked. I
added a line in the apparmor configuration, allowing haveged to read and write
/dev/shm/sem.* files, and it now works again. I don't know if this can be fixed
in a better way, but this works.
thanks in advance, best regards
Giacomo Mulas
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (401, 'unstable'), (10, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.11.6-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages haveged depends on:
ii libc6 2.40-3
ii libhavege2 1.9.19-2
haveged recommends no packages.
Versions of packages haveged suggests:
ii apparmor 3.1.7-1+b2
-- Configuration Files:
/etc/apparmor.d/usr.sbin.haveged changed:
/usr/sbin/haveged {
#include <abstractions/base>
#include <abstractions/consoles>
# Required for ioctl RNDADDENTROPY
capability sys_admin,
owner @{PROC}/@{pid}/status r,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/kernel/random/poolsize r,
@{PROC}/sys/kernel/random/write_wakeup_threshold w,
/dev/random w,
/dev/shm/sem.* rw,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/cpu*/cache/ r,
/sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
/usr/sbin/haveged mr,
/run/haveged.pid w,
#include <local/usr.sbin.haveged>
}
-- no debconf information
