Summary: | semodule crashes (cannot read /dev/random) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Matthew Thode ( prometheanfire ) <prometheanfire> |
Component: | Hardened | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | prometheanfire, selinux |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | ptrace of semodule (just the fun bits) |
Description
Matthew Thode ( prometheanfire )
2011-08-15 17:48:48 UTC
Created attachment 283457 [details]
ptrace of semodule (just the fun bits)
Thanks. Indeed, the semodule application wants to get some information from the user. Since you're using an LDAP-managed authentication/authorization system, the libnss contacts the OpenLDAP. However, you use LDAPS (secure) instead of LDAP, and the current SELinux policy for sysnet_use_ldap() didn't allow that. I'll add dev_read_rand() dev_read_urand() to that interface in base r2. I tested it from your overlay. It worked :D In hardened-dev overlay In portage tree (~arch) |