1 |
I get an error when trying to emerge apache: |
2 |
. |
3 |
. |
4 |
. |
5 |
checking for entropy source... configure: error: /dev/urandom not found |
6 |
or |
7 |
unreadable. |
8 |
|
9 |
when looking at the avc messages I see: |
10 |
. |
11 |
. |
12 |
. |
13 |
audit(1095437044.773:0): avc: denied { read } for pid=11091 |
14 |
exe=/bin/cat |
15 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
16 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
17 |
audit(1095437044.784:0): avc: denied { read } for pid=11097 |
18 |
exe=/bin/grep |
19 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
20 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
21 |
audit(1095437044.794:0): avc: denied { read } for pid=11098 |
22 |
exe=/bin/sed |
23 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
24 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
25 |
audit(1095437044.805:0): avc: denied { read } for pid=11099 |
26 |
exe=/bin/cat |
27 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
28 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
29 |
audit(1095437044.813:0): avc: denied { read } for pid=11103 |
30 |
exe=/bin/sort |
31 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
32 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
33 |
audit(1095437045.069:0): avc: denied { read } for pid=11279 |
34 |
exe=/bin/rm |
35 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
36 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
37 |
audit(1095437045.076:0): avc: denied { read } for pid=11280 |
38 |
exe=/bin/rm |
39 |
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t |
40 |
tcontext=system_u:object_r:urandom_device_t tclass=chr_file |
41 |
|
42 |
It seems like "emerge launched" apps can't read /dev/urandom. Do I have |
43 |
to relabel emerge, sandbox, /dev/urandom... ? |
44 |
|
45 |
Have a nice weekend! |
46 |
|
47 |
Best regards |
48 |
Fredrik Jansson |
49 |
|
50 |
|
51 |
-- |
52 |
gentoo-hardened@g.o mailing list |