Dev1 Galaxy Forum / Beowulf - new stuff

Re: Beowulf - new stuff

dummy@example.com (Altoid) — Sat, 16 Mar 2019 23:16:33 +0000

Hello:

Geoff 42 wrote:

... thinking that apparmor is stopping it ...

AppArmor is disabled in ASCII.

groucho@devuan:~$ sudo dmesg | grep -i apparmor
[    0.010652] AppArmor: AppArmor disabled by boot time parameter
groucho@devuan:~$

I do not have a boot time parameter disabling apparmor (ie: not my doing), so it is probably disabled at a lower level in ASCII and it's not even in the repository.
I'm guessing that there may have been good motive for all that.

When I tried my hand at the newer post-ASCII kernel, AppArmor was installed along with it.

The newer kernel ended up complicating things in my rig so I gave up.
But on uninstalling it, AppArmor was left behind and on reboot threw a few errors in the logs.

AppArmor is a service and as such you could disable it to see what happens with haveged and eventually remove it if it gives you too much trouble.
On the other hand, I guess AppArmor could be configured not to mess with haveged.

I for one am rather weary of AppArmor (or SELinux for that matter) and it's eventual usefulness in a single user installation, where you make every possible effort to run a tight ship. I see it as being more an administrator's tool in a multi-user environment but then, what do I know?

I may well be mistaken and prove to be a god-send instead of a headache.

Cheers,

Re: Beowulf - new stuff

dummy@example.com (Geoff 42) — Sat, 16 Mar 2019 20:32:42 +0000

When I look in syslog I can see where it tries to start :-

grep have syslog
Mar 16 20:12:02 beowulf kernel: [    8.642908] audit: type=1400 audit(1552767120.069:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/haveged" pid=1517 comm="apparmor_parser"
Mar 16 20:12:02 beowulf haveged: haveged starting up

But it is not running, according to ps.

Geoff

Re: Beowulf - new stuff

dummy@example.com (Geoff 42) — Sat, 16 Mar 2019 20:27:08 +0000

haveged is running ok in ASCII, but it is failing in a Beowulf VM.

In Beowulf, if I run haveged manually as root, then it keeps running :-

haveged -F -w 1024
haveged starting up

If I then ^C it and run :-

/etc/init.d/haveged start 
/etc/init.d/haveged status
[FAIL] haveged is not running ... failed!

But I noticed on the console :-

[  426.107690] kauditd_printk_skb: 5 callbacks suppressed
[  426.107691] audit: type=1400 audit(1552767537.537:17): apparmor="DENIED" operation="mknod" profile="/usr/sbin/haveged" name="/run/haveged.pid" pid=3276 comm="haveged" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

so I am thinking that apparmor is stopping it from running and I have not yet got to grips with apparmor which seems to come as standard with Beowulf.

Geoff

Re: Beowulf - new stuff

dummy@example.com (Altoid) — Sat, 16 Mar 2019 03:17:22 +0000

Hello:

Geoff 42 wrote:

... appears to start but I cannot see it running ...

I installed it and have it running in my Devuan ASCII:

groucho@devuan:~$ /etc/init.d/haveged status
[ ok ] haveged is running.
groucho@devuan:~$

I cannot remember how I did it. =-/

But see here:
https://www.techrepublic.com/article/ho … -on-linux/

Set haveged up to start at boot with the command sudo update-rc.d haveged defaults.

Then you would get a script in /etc/init.d/haveged

#! /bin/sh
### BEGIN INIT INFO
# Provides:          haveged
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Should-Start:      $syslog
# Should-Stop:       $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Entropy daemon using the HAVEGE algorithm
# Description:         haveged uses HAVEGE (HArdware Volatile Entropy Gathering
#                           and Expansion) to maintain a pool of random bytes used
#                           to fill /dev/random whenever necessary.
### END INIT INFO

Other than default options:

groucho@devuan:~$ sudo haveged --help

Usage: haveged [options]

Collect entropy and feed into random pool or write to file.
  Options:
     --buffer    , -b [] Buffer size [KW], default: 128
     --data      , -d [] Data cache size [KB], with fallback to: 16
     --inst      , -i [] Instruction cache size [KB], with fallback to: 16
     --file      , -f [] Sample output file,  default: 'sample', '-' for stdout
     --Foreground, -F    Run daemon in foreground
     --run       , -r [] 0=daemon, 1=config info, >1=KB sample
     --number    , -n [] Output size in [k|m|g|t] bytes, 0 = unlimited to stdout
     --onlinetest, -o [] [t][c] x=[a[n][w]][b[w]] 't'ot, 'c'ontinuous, default: ta8b
     --pidfile   , -p [] daemon pidfile, default: /var/run/haveged.pid
     --verbose   , -v [] Verbose mask 0=none,1=summary,2=retries,4=timing,8=loop,16=code,32=test
     --write     , -w [] Set write_wakeup_threshold [bits]
     --help      , -h    This help
groucho@devuan:~$

Cheers,

Re: Beowulf - new stuff

dummy@example.com (Geoff 42) — Fri, 01 Feb 2019 10:21:53 +0000

Another entry in daemon.log is for haveged. From /etc/init.d/haveged the description is :-

haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
 to maintain a pool of random bytes used to fill /dev/random whenever necessary.

This daemon appears to start but I cannot see it running and there are no error messages.

/etc/init.d/haveged status
[FAIL] haveged is not running ... failed!

Geoff

Beowulf - new stuff

dummy@example.com (Geoff 42) — Thu, 31 Jan 2019 16:54:02 +0000

Having installed Beowulf, I notice that there are some new daemons some of which I don't recognise. These include :-

/usr/sbin/dundee
/usr/sbin/ofonod
/usr/sbin/connmand
/usr/sbin/bluetoothd

and in my name :-

/usr/lib/geoclue-2.0/demos/agent
/usr/bin/qlipper

connman is the new network connection manager, although I don't have much to manage, just the wired ether.
bluetooth; my desktop does not have bluetooth hardware and so I can disable that.
dundee does not have a man page and I have not found anything about it yet on the net. /etc/init.d/dundee says that it is a Bluetooth DUN daemon, which I think is for DialUp Networking.
ofonod is an oFono mobile telephony daemon, according to "man ofonod". Some Ubuntu docs report that it is responsible for the mobile telephony part and bluetoothd uses it to place and answer phone calls.
https://wiki.ubuntu.com/DebuggingBluetooth

geoclue works out where you are, using WiFi, GPS, 3G etc. Brought in by LXQt.
qlipper is a clipboard history applet, brought in by LXQt.

dmesg also reports that AppArmor is enabled. There is some info at :-

https://wiki.debian.org/AppArmor/HowToUse

# aa-status
apparmor module is loaded.
11 profiles are loaded.
9 profiles are in enforce mode.
   /usr/bin/man
   /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session
   /usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session//chromium
   /usr/sbin/haveged
   libreoffice-senddoc
   libreoffice-soffice//gpg
   libreoffice-xpdfimport
   man_filter
   man_groff
2 profiles are in complain mode.
   libreoffice-oopslash
   libreoffice-soffice
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

Adding "Z" to "ps" shows the Labels. Most things are "unconfined", but if you run LibreOffice then
ps axjfZ includes :-

LABEL                            PPID   PID  PGID   SID TTY      TPGID STAT   UID   TIME COMMAND

unconfined                       2657  3111  3111  2657 pts/1     3111 R+    1026   0:00      \_ ps axjfZ
libreoffice-oopslash (complain)     1  3055  3054  3054 ?           -1 Sl    1026   0:00 /usr/lib/libreoffice/program/oosplash --calc
libreoffice-soffice (complain)   3055  3072  3054  3054 ?           -1 Sl    1026   0:01  \_ /usr/lib/libreoffice/program/soffice.bin --calc --splash-pipe=5

Geoff