On 02/14/15 08:49, Heiner Kallweit wrote:
compat/getentropy_linux.c tries to read from /dev/urandom and if this fails (e.g. because running chroot'ed) it falls back to some more or less messy sysctl's. If this also fails (e.g. because the sysctl syscall is disabled in the kernel) it has to bail out.Not only unbound suffers from this problem under Linux, therefore with kernel 3.17 a new syscall getrandom was introduced. IMHO we should try this option at first. Works fine here with the latest next kernel and unbound 1.5.1. And it also avoids the "using deprecated sysctl .." warning. --- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100 +++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100 @@ -93,6 +93,13 @@ return -1; } +#ifdef SYS_getrandom + /* try to use getrandom syscall introduced with kernel 3.17 */ + ret = syscall(SYS_getrandom, buf, len, 0); + if (ret != -1) + return (ret); +#endif /* SYS_getrandom */ + /* * Try to get entropy with /dev/urandom *
The getentropy() code for Linux within the Unbound tree is old. The upstream code from the OpenBSD tree has already dealt with using the new system call 6 months ago. So Wouter just needs to re-sync with the code from the OpenBSD tree. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
