In my previous report, I said that adding a line
/dev/shm/sem.* rw,
to /etc/apparmor.d/usr.sbin.haveged solved the problem. It does not. Also
the l permission is required, so
/dev/shm/sem.* rwl,
I had first added all permissions, then removed one by one till I found the
minimal working set. Unfortunately, rw appeared to work because
/dev/shm/sem.haveged_sem had already been created by the previous trials.
Upon a reboot, it did not, so haveged failed again to start. Now I double
checked, and rwl does indeed suffice for haveged to correctly start after a
reboot.
I also tried tightening the permission to explicitly the
/dev/shm/sem.haveged_sem file, without wildcards, but it fails. Apparently
because haveged _first_ creates a temporary file with another name, _then_
renames it to /dev/shm/sem.haveged_sem. To tighten the permissions would
thus perhaps require changing how the file is created?
Hope this is useful, best regards,
Giacomo
--
_________________________________________________________________
Giacomo Mulas <giacomo.mu...@inaf.it>
_________________________________________________________________
INAF - Osservatorio Astronomico di Cagliari
via della scienza 5 - 09047 Selargius (CA)
tel. +39 070 71180247
mob. : +39 329 6603810
_________________________________________________________________
"every year keeps getting shorter, never seem to find the time
plans that either come to naught, or half a page of scribbled lines
the time is gone, the song is over, thought I'd something more to say"
(Pink Floyd)
_________________________________________________________________
