The fix below worked for me too. However, this means the error is still
present in the buster version of the haveged package. I think it's a
little more important to get this fixed, as the Buster release notes
explicitly suggest using haveged as a possible means of improving the
RNG entropy on first boot to avoid unnecessary boot delays. Without it,
people will install haveged and either not notice that it fails to
start, wonder why it refuses to start, or wonder why they are still
getting boot delays.
It seems like a pretty trivial patch without any adverse side effects.
Justin Pasher
On Mon, 22 Oct 2018 16:01:51 +0200 Axel Beckert <a...@debian.org> wrote:
> Package: haveged
> Version: 1.9.1-6
> Severity: important
> Tags: patch
>
> Hi,
>
> haveged silently fails to start on one of my machines, seemingly due
> to apparmor. From /var/log/syslog after unsucessfully trying to start
> haveged:
>
> Oct 22 15:40:26 someone haveged: haveged starting up
> Oct 22 15:40:26 someone kernel: [24678702.682596] audit: type=1400
audit(1540215626.982:65757): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/haveged" name="/run/haveged.pid" pid=7421
comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
>
> What helped was adding the line
>
> /run/haveged.pid w,
>
> to /etc/apparmor.d/local/usr.sbin.haveged, so you should probably add
> that line to /etc/apparmor.d/usr.sbin.haveged.
