save-entropy errors on jail after update to 5.4-RELEASE
Alexander Rusinov
boot at eurocom.od.ua
Wed May 11 07:41:29 PDT 2005
Renato Botelho wrote:
>I updated my box and a jail that runs inside this box to 5.4-RELEASE yesterday.
>After it, I'm receiving emails from this jail with error messages
>about /usr/libexec/save-entropy
>I'm receiving messages like this:
>mv: /var/db/entropy/saved-entropy.7: No such file or directory
>mv: /var/db/entropy/saved-entropy.5: No such file or directory
>override r-------- operator/operator for
>/var/db/entropy/saved-entropy.5? (y/n [n]) not overwritten
>override r-------- operator/operator for
>/var/db/entropy/saved-entropy.4? (y/n [n]) not overwritten
>override r-------- operator/operator for
>/var/db/entropy/saved-entropy.3? (y/n [n]) not overwritten
>override r-------- operator/operator for
>/var/db/entropy/saved-entropy.2? (y/n [n]) not overwritten
>here is the files inside the jail:
>renato at data:~> sudo ls -l /var/db/entropy/
>total 16
>-r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.1
>-r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.2
>-r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.3
>-r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.4
>-r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.5
>-r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.6
>-r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.7
>-r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.8
>Anybody could help me to fix it?
>thanks in advance
I suspect this happens because of concurrent access to /dev/random from
multiple save-entropy scripts launched exactly as the same time by
jailed cron daemons.
I got rid of those emails by putting
entropy_dir="NO"
into rc.conf of all jails. I'm not shure, is this secure?
Also consider enabling cron time jitter for jailed crons, by putting
something like this into jail rc.conf:
cron_flags="-J10"
