Bug 1285779

Summary: Do not access /dev/random in the selftest and use /dev/urandom instead of /dev/random if unavailable
Product: Red Hat Enterprise Linux 6 Reporter: Stanislav Zidek <szidek>
Component: libgcryptAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 6.7   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1205217 Environment:
Last Closed: 2016-05-25 16:25:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stanislav Zidek 2015-11-26 12:39:36 UTC 
+++ This bug was initially created as a clone of Bug #1205217 +++

Same problem present in RHEL-6 (libgcrypt-1.4.5-11.el6_4).

SELinux blocks many confined domains from accessing /dev/random which is correct as pulling from it drains system entropy. libgcrypt should not try to access it and it should also gracefully fallback to /dev/urandom instead of abort.
Comment 1 Tomas Mraz 2015-11-26 12:58:14 UTC 
The situation is different on RHEL-6 as the selftest is not run in the library constructor there. So although the problem is still there it is less pronounced and we do not have any customer case attached for RHEL-6.
Comment 2 Stanislav Zidek 2015-11-26 17:24:23 UTC 
Thanks for noting, Tomas. Taking it into consideration, I am further lowering the priority and severity.
Comment 4 RHEL Program Management 2016-05-25 16:25:53 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.