diff --git a/rng-tools.spec b/rng-tools.spec index 747dd7a..f64360e 100644 --- a/rng-tools.spec +++ b/rng-tools.spec @@ -16,6 +16,7 @@ License: GPLv2+ URL: https://github.com/nhorman/rng-tools Source0: https://github.com/nhorman/rng-tools/archive/v%{version}/rng-tools-%{version}.tar.gz Source1: rngd.service +Source2: rngd-wake-threshold.service BuildRequires: gcc make BuildRequires: gettext @@ -64,15 +65,19 @@ Hardware random number generation tools. # install systemd unit file install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} +install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2} + +%pre +getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd %post -%systemd_post rngd.service +%systemd_post rngd.service rngd-wake-threshold.service %preun -%systemd_preun rngd.service +%systemd_preun rngd.service rngd-wake-threshold.service %postun -%systemd_postun_with_restart rngd.service +%systemd_postun_with_restart rngd.service rngd-wake-threshold.service %files %{!?_licensedir:%global license %%doc} @@ -83,14 +88,16 @@ install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1} %{_mandir}/man1/rngtest.1.* %{_mandir}/man8/rngd.8.* %attr(0644,root,root) %{_unitdir}/rngd.service +%attr(0644,root,root) %{_unitdir}/rngd-wake-threshold.service %changelog * Mon May 24 2021 Vladis Dronov - 6.12-4 +- Allow rngd to run as non-privledged user (bz 1965318) - Update the rngd.service file - Add 3 small upstream patches fixing issues * Wed Apr 28 2021 Vladis Dronov - 6.12-3 -- There is no need to hardcode _sbindir anymore, also the old value is incorrect +- There is no need to hardcode _sbindir anymore, also the old value is incorrect (bz 1965318) * Fri Apr 16 2021 Mohan Boddu - 6.12-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 diff --git a/rngd-wake-threshold.service b/rngd-wake-threshold.service new file mode 100644 index 0000000..f7b3de9 --- /dev/null +++ b/rngd-wake-threshold.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hardware RNG Entropy Gatherer Wake threshold service +Before=rngd.service + +[Service] +CapabilityBoundingSet=CAP_SYS_ADMIN +AmbientCapabilities=CAP_SYS_ADMIN +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold" + +[Install] +WantedBy=sysinit.target diff --git a/rngd.service b/rngd.service index 1cc09da..3fe2192 100644 --- a/rngd.service +++ b/rngd.service @@ -1,9 +1,15 @@ [Unit] Description=Hardware RNG Entropy Gatherer Daemon ConditionVirtualization=!container +Requires=rngd-wake-threshold.service [Service] -ExecStart=/usr/sbin/rngd -f +User=rngd +Group=rngd +CapabilityBoundingSet=CAP_SYS_ADMIN +AmbientCapabilities=CAP_SYS_ADMIN +ExecStart=/usr/sbin/rngd -f --fill-watermark=0 +TimeoutStartSec=60s [Install] WantedBy=multi-user.target diff --git a/tests/selftest/runtest.sh b/tests/selftest/runtest.sh index a826e4c..f6b3ade 100755 --- a/tests/selftest/runtest.sh +++ b/tests/selftest/runtest.sh @@ -65,6 +65,7 @@ rlJournalStart else rlFail "Selftest Failed" fi + rlFileSubmit $TESTLOG rlPhaseEnd rlPhaseStartCleanup