Unbound 1.7.1 failing on some kvm servers

James Cloos cloos at jhcloos.com
Thu May 24 21:02:11 UTC 2018

I have a number of kvm instances running debian where unbound 1.7.1

Many of these instances run whichever kernel was current when I first
leased them, and do not support newer kernels.

(Others look on the fs for a kernel to kexec, but not all do.)

Debian of course compiles unbound on a kernel which support
genrandom(2), but many of mine do not.

Unlike 1.6, 1.7 failes on such a machine, calling SIGKILL rather than
reading /dev/urandom.

It looks like getentropy_urandom() only needs CAN_REFERENCE_MAIN
defined, which getentropy_getrandom also needs, but still
getentropy_urandom() is ignored.

Deb's packaging makes no changes to that part of the code.

An strace(8) ends with:

 sendto(9, "<29>May 24 20:17:10 unbound: [10"..., 70, MSG_NOSIGNAL, NULL, 0) = 70
 getpid()                                = 10144
 getpid()                                = 10144
 getrandom(0x7fff9321c450, 40, 0)        = -1 ENOSYS (Function not implemented)
 rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
 getpid()                                = 10144
 gettid()                                = 10144
 tgkill(10144, 10144, SIGKILL)           = ?

I've started work on an LD_PRELOAD lib to emulate getrandom(2) by
reading from urandom(5).  Other than that, does anyone have any thoughts
on why this started breaking with 1.7.1?

James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the Unbound-users mailing list