Ubuntu
haveged package

haveged doesn't run in container

Bug #1894877 reported by Dan Streetman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
haveged (Ubuntu)
Fix Released
Medium
Dan Streetman
Groovy
Fix Released
Medium
Dan Streetman

Bug Description

[impact]

in a container, haveged won't run, and if it does run, it fails

with 1.9.1 or earlier, the service includes ConditionVirtualization=!container which prevents running inside a container

with 1.9.8 or later, this is removed, but the package still has -w 1024 in the /etc/default/haveged which tries to write to /proc/sys/kernel/random/write_wakeup_threshold, which fails inside a container and causes haveged to exit with error

[test case]

check haveged service output:

with 1.9.1:
$ systemctl status haveged | grep -i condition
  Condition: start condition failed at Tue 2020-09-08 16:51:39 UTC; 25min ago
Sep 08 16:51:39 haveged-f systemd[1]: Condition check resulted in Entropy daemon using the HAVEGE algorithm being skipped.

with 1.9.8:
$ systemctl status haveged
● haveged.service - Entropy Daemon based on the HAVEGE algorithm
     Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2020-09-08 16:22:11 UTC; 55min ago
       Docs: man:haveged(8)
             http://www.issihosts.com/haveged/
    Process: 1510 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS (code=exited, status=1/FAILURE)
   Main PID: 1510 (code=exited, status=1/FAILURE)

Sep 08 16:22:11 haveged-g systemd[1]: haveged.service: Scheduled restart job, restart counter is at 5.
Sep 08 16:22:11 haveged-g systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Sep 08 16:22:11 haveged-g systemd[1]: haveged.service: Start request repeated too quickly.
Sep 08 16:22:11 haveged-g systemd[1]: haveged.service: Failed with result 'exit-code'.
Sep 08 16:22:11 haveged-g systemd[1]: Failed to start Entropy Daemon based on the HAVEGE algorithm.

[regression potential]

any regression would likely involve haveged failing to start and/or run.

[scope]

TBD

Dan Streetman (ddstreet)
Changed in haveged (Ubuntu Groovy):
assignee: nobody → Dan Streetman (ddstreet)
importance: Undecided → Low
status: New → In Progress
Dan Streetman (ddstreet)
Changed in haveged (Ubuntu Groovy):
importance: Low → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package haveged - 1.9.8-4ubuntu3

---------------
haveged (1.9.8-4ubuntu3) groovy; urgency=medium

  * d/p/lp1894865-Fixed-https-github.com-jirka-h-haveged-issues-29.patch:
    - Fix segfault when using --Foreground param (LP: #1894809)
  * d/p/lp1894877-don-t-fail-completely-if-we-can-t-set-write-wakeup-w.patch:
    - Don't fail if -w is used in a container (LP: #1894877)
  * d/haveged.default:
    - remove -w param by default
  * d/apparmor-profile:
    - allow haveged to actually output to stdout/stderr (LP: #1894905)
    - allow haveged to bind to unix sockets
  * d/haveged.service:
    - add ConditionVirtualization=!container
  * d/t/control, d/t/dieharder, d/t/run-tests, d/t/check-service:
    - restore dieharder test, but with limited tests
    - verify haveged service is active
    - fix run-tests to check installed haveged
    - skip dieharder tests on s390x, where dieharder is broken

 -- Dan Streetman <email address hidden> Fri, 11 Sep 2020 13:40:44 -0400

Changed in haveged (Ubuntu Groovy):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.