Unbound 1.7.1 failing on some kvm servers
James Cloos
cloos at jhcloos.com
Thu May 24 21:02:11 UTC 2018
I have a number of kvm instances running debian where unbound 1.7.1
fails.
Many of these instances run whichever kernel was current when I first
leased them, and do not support newer kernels.
(Others look on the fs for a kernel to kexec, but not all do.)
Debian of course compiles unbound on a kernel which support
genrandom(2), but many of mine do not.
Unlike 1.6, 1.7 failes on such a machine, calling SIGKILL rather than
reading /dev/urandom.
It looks like getentropy_urandom() only needs CAN_REFERENCE_MAIN
defined, which getentropy_getrandom also needs, but still
getentropy_urandom() is ignored.
Deb's packaging makes no changes to that part of the code.
An strace(8) ends with:
sendto(9, "<29>May 24 20:17:10 unbound: [10"..., 70, MSG_NOSIGNAL, NULL, 0) = 70
getpid() = 10144
getpid() = 10144
getrandom(0x7fff9321c450, 40, 0) = -1 ENOSYS (Function not implemented)
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 10144
gettid() = 10144
tgkill(10144, 10144, SIGKILL) = ?
I've started work on an LD_PRELOAD lib to emulate getrandom(2) by
reading from urandom(5). Other than that, does anyone have any thoughts
on why this started breaking with 1.7.1?
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
More information about the Unbound-users
mailing list