Bug 1205217
Summary: | Do not access /dev/random in the selftest and use /dev/urandom instead of /dev/random if unavailable | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Mraz <tmraz> | |
Component: | libgcrypt | Assignee: | Tomas Mraz <tmraz> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Stanislav Zidek <szidek> | |
Severity: | medium | Docs Contact: | ||
Priority: | high | |||
Version: | 7.1 | CC: | arubin, jherrman, mmalik, szidek, tmraz | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | libgcrypt-1.5.3-13.el7 | Doc Type: | Bug Fix | |
Doc Text: |
Previously, when the dracut-fips package was installed, the libgcrypt library accessed the /dev/random device unnecessarily. This caused SELinux to produce audit events for confined applications that link to the libgcrypt library, and the random number generator did not initialize properly. With this update, libgcrypt no longer accesses /dev/random during the startup self-test, and if /dev/random is not accessible, libgcrypt uses /dev/urandom instead. As a result, SELinux no longer inappropriately creates libgcrypt-linked audit events, and the random number generator is initialized properly.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1210636 1285779 (view as bug list) | Environment: | ||
Last Closed: | 2015-11-20 10:22:59 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 717789, 1210636 |
Description
Tomas Mraz
2015-03-24 13:07:43 UTC
*** Bug 1189448 has been marked as a duplicate of this bug. *** This bug has been closed as CURRENTRELEASE due to delivery of the fix in a z-stream. As the component is not on ACL, the fix is currently included in y-stream as well. For more information please see the zstream process documentation: * https://engineering.redhat.com/trac/ZStream/attachment/wiki/WikiStart/Z-Stream_process_update_4.odp . |