Comment 8 for bug 1014361

I dug some more. This is just getting better, look:

root@Delta:~# lsof /dev/urandom
lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/gebruiker/.gvfs
      Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
smbd 2714 root 4r CHR 1,9 0t0 268 /dev/urandom
cupsd 2768 root 7r CHR 1,9 0t0 268 /dev/urandom
smbd 2797 root 4r CHR 1,9 0t0 268 /dev/urandom
xfce4-ses 3045 gebruiker 13r CHR 1,9 0t0 268 /dev/urandom
xfce4-mai 3077 gebruiker 6r CHR 1,9 0t0 268 /dev/urandom
charon 21021 root 11r CHR 1,9 0t0 268 /dev/urandom
charon 21021 root 12r CHR 1,9 0t0 268 /dev/urandom
chromium- 22123 gebruiker 27r CHR 1,9 0t0 268 /dev/urandom
chromium- 22128 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
chromium- 22158 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
chromium- 22184 gebruiker 9r CHR 1,9 0t0 268 /dev/urandom
charon 22395 root 11r CHR 1,9 0t0 268 /dev/urandom
charon 22395 root 12r CHR 1,9 0t0 268 /dev/urandom

Charon is listed while having urandom opened! So I did a strace (including forks this time!) to see what charon is actually doing, it fails on this (I attached the full trace):

[pid 22519] open("/dev/urandom", O_RDONLY) = -1 EACCES (Permission denied)

Which crazy since:

root@Delta:~# ps -p 21021,22515,21020,22514 -o args,group,pgid,ppid,rgroup,ruser,tty,user,gid,rgid,ruid,uid
COMMAND GROUP PGID PPID RGROUP RUSER TT USER GID RGID RUID UID
/usr/lib/ipsec/starter root 21020 1 root root ? root 0 0 0 0
/usr/lib/ipsec/charon --use root 21021 21020 root root ? root 0 0 0 0
/usr/lib/ipsec/starter root 22514 1 root root ? root 0 0 0 0
/usr/lib/ipsec/charon --use root 22515 22514 root root ? root 0 0 0 0