On Thu, Jun 29, 2017 at 05:53:32PM +0000, Holger Levsen wrote:
> On Thu, Jun 29, 2017 at 07:49:31PM +0200, intrigeri wrote:
> > For the "disabling all such hardening" part:
> >
> > # systemctl edit haveged.service
> >
> > [Service]
> > SecureBits=
> > CapabilityBoundingSet=
> > NoNewPrivileges=no
> > PrivateTmp=no
> > PrivateDevices=no
> > PrivateNetwork=no
> > ProtectSystem=no
> > ProtectHome=no
> >
> > Save and exit, then "systemctl daemon-reload", and restart the haveged
> > service. If it starts correctly, edit the override file created by the
> > previous step ("systemctl cat haveged.service" will tell you were it
> > lives if you forgot) to re-enable bits of hardening one after the
> > other by setting them back to the default value, "systemctl
> > daemon-reload", and restart the haveged service again. Etc. :)
>
> thank you very much for these detailed instructions, much appreciated!
Well, I wanted to try this, but when I went to just try a simple restart
of hanvengd, it just started. Now all the amd64 nodes are running
havengd seemingly without any issue....
> > > yeah, quite probably. shall we clone this bug?
> > Yes, please.
>
> hopefully done with this mail.
Please note how I'm replying only to the new one.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
