Fatal glibc error: cannot get entropy for arc4random

[Elan Ruusamäe]

On 19.07.2024 21:00, Arkadiusz Miśkiewicz via pld-devel-en wrote:
> On 19/07/2024 12:48, Elan Ruusamäe wrote:
>> openssh is unable startup
>>
>> # service sshd restart
>> Fatal glibc error: cannot get entropy for arc4random
>> Aborted
>>
>> # rpm -q glibc openssh-server
>> glibc-2.39-6-th.x86_64
>> openssh-server-9.8p1-1-th.x86_64
>>
>> # uname -r
>> 3.13.0-32-generic
>>
>> from quick internet search 3.15 kernel is needed? but not specified 
>> in .spec?
>
> Hm, why 3.15?
>
> Looking at the arc4random code it fallbacks to /dev/random and 
> /dev/urandom if syscall is not available (getrandom syscall was 
> introduced in 3.17).
>
> Maybe sshd is not allowing access to these at that point?
>
> strace could tell us something.
>
# strace /usr/sbin/sshd -D

...

getrandom(0x7f12e109d270, 48, 0)        = -1 ENOSYS (Function not 
implemented)
getrandom(0x7f12e109d270, 48, 0)        = -1 ENOSYS (Function not 
implemented)
shmget(0x72, 1, 000)                    = 0
shmat(0, NULL, SHM_RDONLY)              = 0x7f12df674000
openat(AT_FDCWD, "/dev/urandom", O_RDONLY) = 7
fstat(7, {st_mode=S_IFCHR|0644, st_rdev=makedev(0x1, 0x9), ...}) = 0
read(7, 
"`\16\373H\261\343\331\203\231\262\376\263\251\31f\2051\0\212D98\177'\313P\254LT{,\v"..., 
48) = 48
getrandom(0x7fff4f092bd0, 48, 0)        = -1 ENOSYS (Function not 
implemented)
writev(2, [{iov_base="Fatal glibc error: cannot get en"..., 
iov_len=53}], 1Fatal glibc error: cannot get entropy for arc4random
) = 53
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 
= 0x7f12df673000
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
gettid()                                = 3681
getpid()                                = 3681
tgkill(3681, 3681, SIGABRT)             = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=3681, si_uid=0} ---
+++ killed by SIGABRT +++
Aborted