I get an error when trying to emerge apache:
.
.
.
checking for entropy source... configure: error: /dev/urandom not found
or
unreadable.
when looking at the avc messages I see:
.
.
.
audit(1095437044.773:0): avc: denied { read } for pid=11091
exe=/bin/cat
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.784:0): avc: denied { read } for pid=11097
exe=/bin/grep
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.794:0): avc: denied { read } for pid=11098
exe=/bin/sed
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.805:0): avc: denied { read } for pid=11099
exe=/bin/cat
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.813:0): avc: denied { read } for pid=11103
exe=/bin/sort
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437045.069:0): avc: denied { read } for pid=11279
exe=/bin/rm
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437045.076:0): avc: denied { read } for pid=11280
exe=/bin/rm
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
It seems like "emerge launched" apps can't read /dev/urandom. Do I have
to relabel emerge, sandbox, /dev/urandom... ?
Have a nice weekend!
Best regards
Fredrik Jansson
--
gentoo-hardened@gentoo.org mailing list
.
.
.
checking for entropy source... configure: error: /dev/urandom not found
or
unreadable.
when looking at the avc messages I see:
.
.
.
audit(1095437044.773:0): avc: denied { read } for pid=11091
exe=/bin/cat
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.784:0): avc: denied { read } for pid=11097
exe=/bin/grep
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.794:0): avc: denied { read } for pid=11098
exe=/bin/sed
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.805:0): avc: denied { read } for pid=11099
exe=/bin/cat
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437044.813:0): avc: denied { read } for pid=11103
exe=/bin/sort
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437045.069:0): avc: denied { read } for pid=11279
exe=/bin/rm
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
audit(1095437045.076:0): avc: denied { read } for pid=11280
exe=/bin/rm
name=urandom dev=hda2 ino=164173 scontext=frja:sysadm_r:portage_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
It seems like "emerge launched" apps can't read /dev/urandom. Do I have
to relabel emerge, sandbox, /dev/urandom... ?
Have a nice weekend!
Best regards
Fredrik Jansson
--
gentoo-hardened@gentoo.org mailing list