Bug 12425 - named could not open entropy source /dev/urandom
Summary: named could not open entropy source /dev/urandom
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact:
URL:
Whiteboard: MGA5TOO
Keywords: 6sta2
Depends on:
Blocks:
 
Reported: 2014-01-25 08:00 CET by Bit Twister
Modified: 2017-05-26 12:48 CEST (History)
2 users (show)

See Also:
Source RPM: bind-9.10.5-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bit Twister 2014-01-25 08:00:10 CET 
Description of problem:

named[2376]: could not open entropy source /dev/urandom: file not found
named[2376]: using pre-chroot entropy source /dev/urandom


Version-Release number of selected component (if applicable):


How reproducible: always


Steps to Reproduce:
1. install bind. configure named. reboot
2. journalctl -b | grep dev/urandom


Reproducible: 

Steps to Reproduce:
Comment 1 Thierry Vignaud 2014-01-26 18:19:10 CET 
Colin, I guess it's a duplicate of the static nodes bug you fixed?

CC: (none) => thierry.vignaud
Assignee: bugsquad => mageia
Source RPM: bind-9.9.4.P2-1.mga4.src.rpm => systemd

Comment 2 Colin Guthrie 2014-01-26 18:50:35 CET 
Don't think so Thierry. urandom shouldn't need ACL stuff or a backing module so the static node config doesn't really come into it.

Dunno why this would break to be honest :s
Comment 3 Bit Twister 2015-07-01 10:42:29 CEST 
Verified problem is valid on Release 5.
Comment 4 Colin Guthrie 2015-07-01 11:26:59 CEST 
I'm guessing this is actually a chrooting problem with named. It likely doesn't create/expose the urandom device.

The 2nd line in the log seems to suggest this. Reassigning to named package.

Version: Cauldron => 5
Source RPM: systemd => named

Comment 5 Colin Guthrie 2015-07-01 11:35:14 CEST 
ls /var/lib/named/dev -lh
total 0
srw-rw-rw- 1 root root    0 May 28 12:32 log=
crw-rw-rw- 1 root root 1, 3 Oct  4  2006 null
crw-rw-rw- 1 root root 1, 8 Oct  4  2006 random
crw-rw-rw- 1 root root 1, 8 Apr 27  2007 urandom
crw-r--r-- 1 root root 1, 5 May  5  2013 zero


So I have urandom un my /var/lib/named/dev but it was created long, long ago (also it's minor number is incorrect - it should be 9).

Looking at the /usr/sbin/setup-named-chroot.sh script it seems to not do anything related to this so I suspect my system is working because it's been upgraded for a long, long time!

This whole chroot thing in named is just weird. It would probably make more sense to kill it off and use the various built in systemd Protect* directives to secure things. The chroot stuff is just fragile...
Samuel Verschelde 2015-07-01 12:21:39 CEST

Summary: 4_rc: named could not open entropy source /dev/urandom => named could not open entropy source /dev/urandom
Whiteboard: (none) => MGA5TOO

Bit Twister 2016-07-06 22:57:09 CEST

Summary: named could not open entropy source /dev/urandom => 6_s1: named could not open entropy source /dev/urandom

Bit Twister 2017-01-23 19:31:02 CET

Status comment: (none) => 6_s2
Summary: 6_s1: named could not open entropy source /dev/urandom => named could not open entropy source /dev/urandom
Source RPM: named => bind-9.10.4.P5-1.mga6.src.rpm

Comment 6 Marja Van Waes 2017-01-23 19:46:55 CET 
reassigning to registered bind maintainer

CC: (none) => marja11
Version: 5 => Cauldron
Assignee: mageia => guillomovitch

Bit Twister 2017-01-31 18:49:27 CET

Keywords: (none) => 6sta2
Status comment: 6_s2 => (none)

Bit Twister 2017-04-18 09:48:45 CEST

Source RPM: bind-9.10.4.P5-1.mga6.src.rpm => bind-9.10.4.P8-1.mga6.src.rpm

Bit Twister 2017-05-03 13:27:24 CEST

Source RPM: bind-9.10.4.P8-1.mga6.src.rpm => bind-9.10.5-1.mga6.src.rpm

Comment 7 Guillaume Rousse 2017-05-26 12:48:35 CEST 
Fixed in release 9.10.5-2.mga6.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.