Heiner Kallweit
2015-02-14 13:49:12 UTC
compat/getentropy_linux.c tries to read from /dev/urandom and if this
fails (e.g. because running chroot'ed) it falls back to some more
or less messy sysctl's. If this also fails (e.g. because the sysctl
syscall is disabled in the kernel) it has to bail out.
Not only unbound suffers from this problem under Linux, therefore
with kernel 3.17 a new syscall getrandom was introduced.
IMHO we should try this option at first.
Works fine here with the latest next kernel and unbound 1.5.1.
And it also avoids the "using deprecated sysctl .." warning.
--- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100
+++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100
@@ -93,6 +93,13 @@
return -1;
}
+#ifdef SYS_getrandom
+ /* try to use getrandom syscall introduced with kernel 3.17 */
+ ret = syscall(SYS_getrandom, buf, len, 0);
+ if (ret != -1)
+ return (ret);
+#endif /* SYS_getrandom */
+
/*
* Try to get entropy with /dev/urandom
*
fails (e.g. because running chroot'ed) it falls back to some more
or less messy sysctl's. If this also fails (e.g. because the sysctl
syscall is disabled in the kernel) it has to bail out.
Not only unbound suffers from this problem under Linux, therefore
with kernel 3.17 a new syscall getrandom was introduced.
IMHO we should try this option at first.
Works fine here with the latest next kernel and unbound 1.5.1.
And it also avoids the "using deprecated sysctl .." warning.
--- getentropy_linux.c.orig 2015-02-14 07:46:09.678095830 +0100
+++ getentropy_linux.c 2015-02-14 10:26:55.353630895 +0100
@@ -93,6 +93,13 @@
return -1;
}
+#ifdef SYS_getrandom
+ /* try to use getrandom syscall introduced with kernel 3.17 */
+ ret = syscall(SYS_getrandom, buf, len, 0);
+ if (ret != -1)
+ return (ret);
+#endif /* SYS_getrandom */
+
/*
* Try to get entropy with /dev/urandom
*