On Sun, 22 Aug 2004 04:49, Steve G linux_4ever@yahoo.com wrote:
rngd copies data from the hardware random number source to /dev/random (the kernel random number source). Without it /dev/random gets populated by key-press intervals, network interrupt times, and other events which may not be sufficiently random or common.
Right. That's what bothers me.
It's not that bad. Most machines have enough interrupts and a small enough demand for random numbers that this isn't an issue.
I believe that hotplug is spawned by kernel threads and can start before init. The policy is loaded and SE Linux init is complete before init starts running with full functionality (IE before rc.sysinit is run).
Is that guaranteed or just happens to work out that way?
It is guaranteed in the current Fedora design that /sbin/init will not start operating in a normal manner until after the SE Linux policy is loaded. In the past (before Fedora had SE Linux) things were different, and there could be a need to change things again in the future (although it's very unlikely). For the moment you can count on the SE Linux policy being loaded immediately after the initrd is complete.
Aug 21 09:00:16 buildhost kernel: Adding 2096440k swap on /dev/sda5. Priority:-1 extents:1 Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc: denied { mounton } for pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:sysctl_t tclass=dir Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc: denied { mounton } for pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:sysctl_t tclass=dir
What script is calling this mount? It's a bug in policy but I'd like to get more info before making changes.
I am using the targeted policy 1.15.16-2 and initscripts 7.62. This was right after the add swap file in /etc/rc.sysinit:
The attached patch will fix this, Steve, please put it in the CVS.