[Unbound-users] unbound & random & chroot

Michael Tokarev mjt at tls.msk.ru
Sun Mar 29 15:14:52 UTC 2009

Right now unbound (unlike nsd) runs just fine in chroot,
including managing some stuff (like pid/log files)
outside.  The only thing left is the random stuff:

Mar 29 11:54:40 gandalf unbound: [2470:0] notice: openssl has no entropy, seeding with time and pid

This can be solved by two ways:
  1) providing /dev/random inside chroot and
  2) initializing random number generator before chrooting.

Am I understand it correctly?  There MAY be a need to
read more random bytes during runtime, and even open-
read-close /dev/random again, but I don't know if
unbound currently does that.

Is it difficult to lessen this dependency on /dev/random a
bit -- either by doing all init stuff before chrooting or
by keeping /dev/random opened?



More information about the Unbound-users mailing list