Maintained by: NLnet Labs

[Unbound-users] Using the getrandom syscall introduced with kernel 3.17

Heiner Kallweit
Sat Feb 14 14:49:12 CET 2015


compat/getentropy_linux.c tries to read from /dev/urandom and if this
fails (e.g. because running chroot'ed) it falls back to some more
or less messy sysctl's. If this also fails (e.g. because the sysctl
syscall is disabled in the kernel) it has to bail out.

Not only unbound suffers from this problem under Linux, therefore
with kernel 3.17 a new syscall getrandom was introduced.
IMHO we should try this option at first.

Works fine here with the latest next kernel and unbound 1.5.1.
And it also avoids the "using deprecated sysctl .." warning.

--- getentropy_linux.c.orig     2015-02-14 07:46:09.678095830 +0100
+++ getentropy_linux.c  2015-02-14 10:26:55.353630895 +0100
@@ -93,6 +93,13 @@
                return -1;
        }

+#ifdef SYS_getrandom
+       /* try to use getrandom syscall introduced with kernel 3.17 */
+       ret = syscall(SYS_getrandom, buf, len, 0);
+       if (ret != -1)
+               return (ret);
+#endif /* SYS_getrandom */
+
        /*
         * Try to get entropy with /dev/urandom
         *