Bug 1210636
| Summary: | Do not access /dev/random in the selftest and use /dev/urandom instead of /dev/random if unavailable | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Kurik <jkurik> |
| Component: | libgcrypt | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Stanislav Zidek <szidek> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.1 | CC: | arubin, jherrman, mmalik, pm-eus, szidek, tmraz |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libgcrypt-1.5.3-12.el7_1.1 | Doc Type: | Bug Fix |
| Doc Text: |
Previously, when the dracut-fips package was installed, the libgcrypt library accessed the /dev/random device unnecessarily. This caused SELinux to produce audit events for confined applications that link to the libgcrypt library, and the random number generator did not initialize properly. With this update, libgcrypt no longer accesses /dev/random during the startup self-test, and if /dev/random is not accessible, libgcrypt uses /dev/urandom instead. As a result, SELinux no longer inappropriately creates libgcrypt-linked audit events, and the random number generator is initialized properly.
|
Story Points: | --- |
| Clone Of: | 1205217 | Environment: | |
| Last Closed: | 2015-05-12 17:56:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1205217 | ||
| Bug Blocks: | |||
|
Description
Jan Kurik
2015-04-10 08:58:06 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0966.html |