Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 May 2005 17:41:13 +0300
From:      Alexander Rusinov <boot@eurocom.od.ua>
To:        Renato Botelho <rbgarga@gmail.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: save-entropy errors on jail after update to 5.4-RELEASE
Message-ID:  <42821989.1060806@eurocom.od.ua>
In-Reply-To: <747dc8f305051106423ed1384@mail.gmail.com>
References:  <747dc8f305051106423ed1384@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Renato Botelho wrote:

>I updated my box and a jail that runs inside this box to 5.4-RELEASE yesterday.
>
>After it, I'm receiving emails from this jail with error messages
>about /usr/libexec/save-entropy
>
>I'm receiving messages like this:
>
>mv: /var/db/entropy/saved-entropy.7: No such file or directory
>mv: /var/db/entropy/saved-entropy.5: No such file or directory
>override r--------  operator/operator for
>/var/db/entropy/saved-entropy.5? (y/n [n]) not overwritten
>override r--------  operator/operator for
>/var/db/entropy/saved-entropy.4? (y/n [n]) not overwritten
>override r--------  operator/operator for
>/var/db/entropy/saved-entropy.3? (y/n [n]) not overwritten
>override r--------  operator/operator for
>/var/db/entropy/saved-entropy.2? (y/n [n]) not overwritten
>
>here is the files inside the jail:
>
>renato@data:~> sudo ls -l /var/db/entropy/
>total 16
>-r--------  1 operator  operator  2048 May 11 10:33 saved-entropy.1
>-r--------  1 operator  operator  2048 May 11 10:33 saved-entropy.2
>-r--------  1 operator  operator  2048 May 11 10:22 saved-entropy.3
>-r--------  1 operator  operator  2048 May 11 10:22 saved-entropy.4
>-r--------  1 operator  operator  2048 May 11 10:11 saved-entropy.5
>-r--------  1 operator  operator  2048 May 11 10:11 saved-entropy.6
>-r--------  1 operator  operator  2048 May 11 10:00 saved-entropy.7
>-r--------  1 operator  operator  2048 May 11 10:00 saved-entropy.8
>
>Anybody could help me to fix it?
>
>thanks in advance
>  
>
I suspect this happens because of concurrent access to /dev/random from 
multiple save-entropy scripts launched exactly as the same time by 
jailed cron daemons.

I got rid of those emails by putting
entropy_dir="NO"
into rc.conf of all jails. I'm not shure, is this secure?

Also consider enabling cron time jitter for jailed crons, by putting 
something like this into jail rc.conf:
cron_flags="-J10"

-- 
Alexander Rusinov

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42821989.1060806>