On 02/14/15 08:49, Heiner Kallweit wrote: > compat/getentropy_linux.c tries to read from /dev/urandom and if this > fails (e.g. because running chroot'ed) it falls back to some more > or less messy sysctl's. If this also fails (e.g. because the sysctl > syscall is disabled in the kernel) it has to bail out. > > Not only unbound suffers from this problem under Linux, therefore > with kernel 3.17 a new syscall getrandom was introduced. > IMHO we should try this option at first. > > Works fine here with the latest next kernel and unbound 1.5.1. > And it also avoids the "using deprecated sysctl .." warning. > > --- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100 > +++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100 > @@ -93,6 +93,13 @@ > return -1; > } > > +#ifdef SYS_getrandom > + /* try to use getrandom syscall introduced with kernel 3.17 */ > + ret = syscall(SYS_getrandom, buf, len, 0); > + if (ret != -1) > + return (ret); > +#endif /* SYS_getrandom */ > + > /* > * Try to get entropy with /dev/urandom > * The getentropy() code for Linux within the Unbound tree is old. The upstream code from the OpenBSD tree has already dealt with using the new system call 6 months ago. So Wouter just needs to re-sync with the code from the OpenBSD tree. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.