From owner-freebsd-stable@FreeBSD.ORG Wed May 11 14:41:29 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46C1D16A4CE for ; Wed, 11 May 2005 14:41:29 +0000 (GMT) Received: from main.eurocom.od.ua (ns2.EuroCom.Od.UA [212.15.128.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B74843D5E for ; Wed, 11 May 2005 14:41:27 +0000 (GMT) (envelope-from boot@eurocom.od.ua) Received: from localhost (localhost [127.0.0.1]) by main.eurocom.od.ua (Postfix) with ESMTP id C72501C9A02; Wed, 11 May 2005 17:41:22 +0300 (EEST) Received: from main.eurocom.od.ua ([127.0.0.1]) by localhost (main [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10131-01; Wed, 11 May 2005 17:41:22 +0300 (EEST) Received: from [212.15.128.37] (bm0.eurocom.od.ua [212.15.128.14]) by main.eurocom.od.ua (Postfix) with ESMTP id 3EA611C99FA; Wed, 11 May 2005 17:41:22 +0300 (EEST) Message-ID: <42821989.1060806@eurocom.od.ua> Date: Wed, 11 May 2005 17:41:13 +0300 From: Alexander Rusinov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.6) Gecko/20050404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Renato Botelho References: <747dc8f305051106423ed1384@mail.gmail.com> In-Reply-To: <747dc8f305051106423ed1384@mail.gmail.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at eurocom.od.ua cc: freebsd-stable@freebsd.org Subject: Re: save-entropy errors on jail after update to 5.4-RELEASE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 14:41:29 -0000 Renato Botelho wrote: >I updated my box and a jail that runs inside this box to 5.4-RELEASE yesterday. > >After it, I'm receiving emails from this jail with error messages >about /usr/libexec/save-entropy > >I'm receiving messages like this: > >mv: /var/db/entropy/saved-entropy.7: No such file or directory >mv: /var/db/entropy/saved-entropy.5: No such file or directory >override r-------- operator/operator for >/var/db/entropy/saved-entropy.5? (y/n [n]) not overwritten >override r-------- operator/operator for >/var/db/entropy/saved-entropy.4? (y/n [n]) not overwritten >override r-------- operator/operator for >/var/db/entropy/saved-entropy.3? (y/n [n]) not overwritten >override r-------- operator/operator for >/var/db/entropy/saved-entropy.2? (y/n [n]) not overwritten > >here is the files inside the jail: > >renato@data:~> sudo ls -l /var/db/entropy/ >total 16 >-r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.1 >-r-------- 1 operator operator 2048 May 11 10:33 saved-entropy.2 >-r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.3 >-r-------- 1 operator operator 2048 May 11 10:22 saved-entropy.4 >-r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.5 >-r-------- 1 operator operator 2048 May 11 10:11 saved-entropy.6 >-r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.7 >-r-------- 1 operator operator 2048 May 11 10:00 saved-entropy.8 > >Anybody could help me to fix it? > >thanks in advance > > I suspect this happens because of concurrent access to /dev/random from multiple save-entropy scripts launched exactly as the same time by jailed cron daemons. I got rid of those emails by putting entropy_dir="NO" into rc.conf of all jails. I'm not shure, is this secure? Also consider enabling cron time jitter for jailed crons, by putting something like this into jail rc.conf: cron_flags="-J10" -- Alexander Rusinov