On current Fedora Rawhide, rngd is crashing on startup, after we see some SELinux denials. This is affecting Server and KDE installs, not Workstation for some reason (haven't looked into why it doesn't happen on Workstation). This is a violation of the Final release criteria - https://fedoraproject.org/wiki/Fedora_32_Final_Release_Criteria#System_services - "All system services present after installation with one of the release-blocking package sets must start properly, unless they require hardware which is not present." The SELinux denials are these: Jan 06 03:58:36 localhost.localdomain audit[733]: AVC avc: denied { search } for pid=733 comm="rngd" name="sss" dev="dm-0" ino=4404863 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0 Jan 06 03:58:36 localhost.localdomain audit[733]: AVC avc: denied { search } for pid=733 comm="rngd" name="sss" dev="dm-0" ino=4404863 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0 Jan 06 03:58:36 localhost.localdomain audit[733]: AVC avc: denied { search } for pid=733 comm="rngd" name="sss" dev="dm-0" ino=4404863 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0 Jan 06 03:58:36 localhost.localdomain audit[733]: AVC avc: denied { read } for pid=733 comm="rngd" name="passwd" dev="dm-0" ino=4635692 scontext=system_u:system_r:rngd_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0 the backtrace looks like this (most symbols installed): #0 0x00007fadf6bcdd23 in g_get_user_database_entry () at ../glib/gutils.c:692 gecos_fields = 0x559f59f2e290 name_parts = 0x559f59f2e2d0 buffer = 0x559f59f1d160 pwd = {pw_name = 0x7fadf61ca3e0 "root", pw_passwd = 0x7fadf61ccce1 "x", pw_uid = 0, pw_gid = 0, pw_gecos = 0x7fadf61d3cdf "Super User", pw_dir = 0x7fadf61ca3df "/root", pw_shell = 0x7fadf61d3cea "/bin/sh"} pw = 0x7ffe43bc6870 error = <optimized out> bufsize = <optimized out> e = {user_name = 0x559f59f2e250 "root", real_name = 0x0, home_dir = 0x0} entry = 0x0 #1 0x00007fadf6bcde97 in g_build_home_dir () at ../glib/gutils.c:828 entry = <optimized out> home_dir = <optimized out> #2 0x00007fadf6bce242 in g_build_user_cache_dir () at ../glib/gutils.c:1827 home_dir = <optimized out> cache_dir = <optimized out> cache_dir_env = <optimized out> #3 0x00007fadf6bcf44b in g_build_user_runtime_dir () at ../glib/gutils.c:1882 runtime_dir = 0x0 runtime_dir_env = <optimized out> user_runtime_dir = <optimized out> #4 g_get_user_runtime_dir () at ../glib/gutils.c:1927 user_runtime_dir = <optimized out> #5 0x00007fadf6dce13d in get_session_address_xdg () at ../gio/gdbusaddress.c:1334 ret = 0x0 tmp = <optimized out> buf = {st_dev = 210453397508, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 124, __pad0 = 119, st_rdev = 390842024046, st_size = 370876147696, st_blksize = 2, st_blocks = 56, st_atim = {tv_sec = 140385177885152, tv_nsec = 2}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 94142897226896}, __glibc_reserved = {140385146688064, 2, 0}} bus = <optimized out> ret = <optimized out> ret = 0x0 s = <optimized out> starter_bus = <optimized out> local_error = 0x0 __func__ = "g_dbus_address_get_for_bus_sync" #6 get_session_address_platform_specific (error=0x7ffe43bc6948) at ../gio/gdbusaddress.c:1240 ret = <optimized out> ret = 0x0 s = <optimized out> starter_bus = <optimized out> local_error = 0x0 __func__ = "g_dbus_address_get_for_bus_sync" #7 g_dbus_address_get_for_bus_sync (bus_type=bus_type@entry=G_BUS_TYPE_SESSION, cancellable=cancellable@entry=0x0, error=error@entry=0x0) at ../gio/gdbusaddress.c:1334 ret = 0x0 s = <optimized out> starter_bus = <optimized out> local_error = 0x0 __func__ = "g_dbus_address_get_for_bus_sync" #8 0x00007fadf6dda506 in get_uninitialized_connection (bus_type=bus_type@entry=G_BUS_TYPE_SESSION, cancellable=cancellable@entry=0x0, error=error@entry=0x0) at ../gio/gdbusconnection.c:7225 address = <optimized out> singleton = 0x7fadf6ea9e38 <the_session_bus> ret = 0x0 __func__ = "get_uninitialized_connection" #9 0x00007fadf6de00ae in g_bus_get_sync (bus_type=bus_type@entry=G_BUS_TYPE_SESSION, cancellable=cancellable@entry=0x0, error=error@entry=0x0) at ../gio/gdbusconnection.c:7320 connection = <optimized out> __func__ = "g_bus_get_sync" #10 0x00007fadf6db265e in g_application_impl_register (application=application@entry=0x559f59f21890 [GApplication], appid=0x559f59f21770 "org.opensc.notify", flags=G_APPLICATION_NON_UNIQUE, exported_actions=0x559f59f1bcd0, remote_actions=remote_actions@entry=0x559f59f21838, cancellable=cancellable@entry=0x0, error=0x0) at ../gio/gapplicationimpl-dbus.c:601 actions = <optimized out> impl = <optimized out> __func__ = "g_application_impl_register" #11 0x00007fadf6daf54c in g_application_register (error=0x0, cancellable=0x0, application=0x559f59f21890 [GApplication]) at ../gio/gapplication.c:2187 __func__ = "g_application_register" __func__ = "g_application_register" #12 g_application_register (application=0x559f59f21890 [GApplication], cancellable=0x0, error=0x0) at ../gio/gapplication.c:2176 __func__ = "g_application_register" #13 0x00007fadf70aa6fd in () at /usr/lib64/opensc-pkcs11.so #14 0x0000000000000002 in () #15 0x00007fadf90f626a in call_init.part () at /lib64/ld-linux-x86-64.so.2 #16 0x00007fadf90f6371 in _dl_init () at /lib64/ld-linux-x86-64.so.2 #17 0x00007fadf8a073e5 in _dl_vdso_vsym () at /lib64/libc.so.6 #18 0x0000000000000000 in () Filing against rng-tools, but CCing SELinux policy maintainers too.
*** This bug has been marked as a duplicate of bug 1787686 ***