Gentoo Archives: gentoo-hardened

From:	Petre Rodan <petre.rodan@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Problems emerging apache
Date:	Mon, 20 Sep 2004 08:32:58
Message-Id:	`414E95FD.1050805@avira.com`
In Reply to:	[gentoo-hardened] Problems emerging apache by Jansson Fredrik

1	Hi Jansson,
2
3	Jansson Fredrik wrote:
4	> I get an error when trying to emerge apache:
5	> .
6	> .
7	> .
8	> checking for entropy source... configure: error: /dev/urandom not found
9	> or
10	> unreadable.
11	>
12	> when looking at the avc messages I see:
13	> .
14	> .
15	> .
16	> audit(1095437044.773:0): avc: denied { read } for pid=11091
17	> exe=/bin/cat
18	> name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
19	> tcontext=system_u:object_r:urandom_device_t tclass=chr_file
20	[..]
21
22	you can create a temporary rule until this issue will be fixed in the selinux-base-policy
23
24	echo 'allow portage_t urandom_device_t:chr_file r_file_perms;' >> /etc/security/selinux/src/policy/domains/program/my.te
25	touch /etc/security/selinux/src/policy/file_contexts/program/my.fc
26	make -C /etc/security/selinux/src/policy reload
27
28	you will be able to emerge apache after this.
29
30	bye,
31	peter

File name	MIME type
signature.asc	application/pgp-signature