On Tue, Dec 24, 2013 at 12:44:34PM -0800, Xin Li wrote: > Hi, > > I think we shouldn't save entropy inside jails, as the data is not going > to be used by rc script (pjd@126744). If there is no objections, I will > commit this changeset on January 1, 2014.
I agree we shouldn't do it. I have this line in my crontab that I wanted
to commit at some point:
1,31 0-5 * * * root [ `sysctl -n
security.jail.jailed` -eq 0 ] && adjkerntz -a
It prevents executing adjkerntz from within a jail, but allows to keep
the same crontab in and outside jails.
We could do the same for save-entropy. It would be even nicer to have
some flag so that even sysctl(8) is not executed.
> Index: libexec/save-entropy/save-entropy.sh
> ===================================================================
> --- libexec/save-entropy/save-entropy.sh (revision 259828)
> +++ libexec/save-entropy/save-entropy.sh (working copy)
> @@ -42,6 +42,10 @@ elif [ -r /etc/rc.conf ]; then
> . /etc/rc.conf 2>/dev/null
> fi
>
> +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
> + exit 0
> +fi
> +
> case ${entropy_dir} in
> [Nn][Oo])
> exit 0
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpbYpeFcxwJe.pgp
Description: PGP signature
