Bug 831653 - Gluster seeding urandom
Summary: Gluster seeding urandom
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
Assignee: GlusterFS Bugs list
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-13 14:13 UTC by Bryan Bickford
Modified: 2015-12-01 16:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-25 08:01:51 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Bryan Bickford 2012-06-13 14:13:33 UTC 
Description of problem:

In both Fedora 17 and RHS, gluster is creating a file in /var/lib/ called urandom_seed and then seeding urandom.These seem like dangerous operations that we do not wan't to allow in SELinux policy.  Can you help explain why these operations are being done and if they are not required remove them so we can increase system security?
Comment 1 Fedora Admin XMLRPC Client 2013-01-18 15:15:20 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Amar Tumballi 2013-04-02 13:37:29 UTC 
amar@supernova:~/work/glusterfs$ git grep urandom_seed
amar@supernova:~/work/glusterfs$

I see that there is no code in glusterfs which deals with urandom_seed.. is there any idea which package adds this file?
Comment 3 Niels de Vos 2014-09-25 08:01:51 UTC 
Indeed, at least current versions of glusterfs do not touch any file called urandom_seed.

Please re-open this bug if this is still an issue for you. When you do, including steps and maybe an strace, ltrace or audit.log of the process that touches urandom_seed as 'evidence'?
Note You need to log in before you can comment on or make changes to this bug.