I have a number of kvm instances running debian where unbound 1.7.1 fails. Many of these instances run whichever kernel was current when I first leased them, and do not support newer kernels.
(Others look on the fs for a kernel to kexec, but not all do.) Debian of course compiles unbound on a kernel which support genrandom(2), but many of mine do not. Unlike 1.6, 1.7 failes on such a machine, calling SIGKILL rather than reading /dev/urandom. It looks like getentropy_urandom() only needs CAN_REFERENCE_MAIN defined, which getentropy_getrandom also needs, but still getentropy_urandom() is ignored. Deb's packaging makes no changes to that part of the code. An strace(8) ends with: sendto(9, "<29>May 24 20:17:10 unbound: [10"..., 70, MSG_NOSIGNAL, NULL, 0) = 70 getpid() = 10144 getpid() = 10144 getrandom(0x7fff9321c450, 40, 0) = -1 ENOSYS (Function not implemented) rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0 getpid() = 10144 gettid() = 10144 tgkill(10144, 10144, SIGKILL) = ? I've started work on an LD_PRELOAD lib to emulate getrandom(2) by reading from urandom(5). Other than that, does anyone have any thoughts on why this started breaking with 1.7.1? -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6
