Bug#897897: Kernel security fix (for CVE-2018-1108) -> AutoFS won't start

To: submit@bugs.debian.org
Subject: Bug#897897: Kernel security fix (for CVE-2018-1108) -> AutoFS won't start
From: Cédric Dufour - Idiap Research Institute <cedric.dufour@idiap.ch>
Date: Fri, 4 May 2018 15:44:13 +0200
Message-id: <[🔎] 48442ff9-8996-747c-4200-13213e721e55@idiap.ch>
Reply-to: Cédric Dufour - Idiap Research Institute <cedric.dufour@idiap.ch>, 897897@bugs.debian.org

Package: autofs
Version: 5.1.2-1
Severity: important

Hello,

Following latest Debian/Stretch kernel (security) update - and the fix for CVE-2018-1108 - autofs blocks until the kernel RNG reports its proper initialization ("random: crng init done" in dmesg), which can take up to *several minutes* in entropy-starving VMs.

Problem is the corresponding systemd unit is configured to timeout after 180 seconds. Past this timeout, AutoFS will be failed and won't start at all (until manually restarted).

One can fix this issue by having entropy poured into the VMs using rng-tools (along virtio-rng), haveged, etc.

I was wondering whether this might/ought not to be fixed in autofs itself ?

Best,

Cédric

PS: the (root) issue (kernel RNG blocking at boot) is already being discussed on LKML: https://lkml.org/lkml/2018/4/29/121

-- 
Cédric Dufour @ Idiap Research Institute

Reply to:

Follow-Ups:
- Bug#897897: Kernel security fix (for CVE-2018-1108) -> AutoFS won't start
  - From: Cédric Dufour - Idiap Research Institute <cedric.dufour@idiap.ch>

Prev by Date: Deep etch that
Next by Date: team of photo editors work for you
Previous by thread: Deep etch that
Next by thread: Bug#897897: Kernel security fix (for CVE-2018-1108) -> AutoFS won't start
Index(es):
- Date
- Thread